Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
0
Helpful
7
Replies

sending syslog message on logon

Go to solution
paulnigel
Level 1
Level 1

‎09-20-2007 02:06 AM

Hi forum,

How do I configure the syslog to send message when user logon to the router, either success or fail.

Thanks much,

paul

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
yjdabear
VIP Alumni
VIP Alumni
In response to paulnigel

‎09-25-2007 07:01 AM

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

View solution in original post

0 Helpful
7 Replies 7

Go to solution
paulnigel
Level 1
Level 1
In response to yjdabear

‎09-20-2007 05:41 PM

Thank you very much yjdabear,

This solves my problem!

Thanks much,

PN

0 Helpful

Go to solution
paulnigel
Level 1
Level 1
In response to paulnigel

‎09-24-2007 04:14 PM

Hi Yjdabear,

I am able to log the success logon, but i cant log the failure logon, i use this command:

login on-failure log

login on-success log

but i only get this:

%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:

anything that I must look out for?

Thanks much,

PN

0 Helpful

Go to solution
yjdabear
VIP Alumni
VIP Alumni
In response to paulnigel

‎09-24-2007 08:13 PM

Are the failures showing up with "show login" or "show login failures"?

0 Helpful

Go to solution
paulnigel
Level 1
Level 1
In response to yjdabear

‎09-24-2007 08:27 PM

Hi yjdabear,

when I issue sh login failures, i get this result, actually i tried with failed attempts to test, therefore it cant be true:

sh login failures

*** No logged failed login attempts with the device.***

I am actually login to a remote syslog server.

Thanks much,

paul

0 Helpful

Go to solution
yjdabear
VIP Alumni
VIP Alumni
In response to paulnigel

‎09-25-2007 07:01 AM

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

0 Helpful

Go to solution
paulnigel
Level 1
Level 1
In response to yjdabear

‎09-25-2007 05:05 PM

Hi Yjdabear,

You are indeed very helpful. yes you are right, it works now!

Thanks much,

Pnigel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents