09-20-2007 02:06 AM
Hi forum,
How do I configure the syslog to send message when user logon to the router, either success or fail.
Thanks much,
paul
Solved! Go to Solution.
09-20-2007 05:34 AM
You'd need a certain version of IOS deployed. Details in this thread:
09-25-2007 07:01 AM
Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.
Also, according to this document
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm
"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."
09-20-2007 05:34 AM
You'd need a certain version of IOS deployed. Details in this thread:
09-20-2007 05:41 PM
Thank you very much yjdabear,
This solves my problem!
Thanks much,
PN
09-24-2007 04:14 PM
Hi Yjdabear,
I am able to log the success logon, but i cant log the failure logon, i use this command:
login on-failure log
login on-success log
but i only get this:
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:
anything that I must look out for?
Thanks much,
PN
09-24-2007 08:13 PM
Are the failures showing up with "show login" or "show login failures"?
09-24-2007 08:27 PM
Hi yjdabear,
when I issue sh login failures, i get this result, actually i tried with failed attempts to test, therefore it cant be true:
sh login failures
*** No logged failed login attempts with the device.***
I am actually login to a remote syslog server.
Thanks much,
paul
09-25-2007 07:01 AM
Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.
Also, according to this document
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm
"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."
09-25-2007 05:05 PM
Hi Yjdabear,
You are indeed very helpful. yes you are right, it works now!
Thanks much,
Pnigel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: