09-20-2007 02:06 AM
Hi forum,
How do I configure the syslog to send message when user logon to the router, either success or fail.
Thanks much,
paul
Solved! Go to Solution.
09-20-2007 05:34 AM
You'd need a certain version of IOS deployed. Details in this thread:
09-25-2007 07:01 AM
Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.
Also, according to this document
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm
"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."
09-20-2007 05:34 AM
You'd need a certain version of IOS deployed. Details in this thread:
09-20-2007 05:41 PM
Thank you very much yjdabear,
This solves my problem!
Thanks much,
PN
09-24-2007 04:14 PM
Hi Yjdabear,
I am able to log the success logon, but i cant log the failure logon, i use this command:
login on-failure log
login on-success log
but i only get this:
%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:
anything that I must look out for?
Thanks much,
PN
09-24-2007 08:13 PM
Are the failures showing up with "show login" or "show login failures"?
09-24-2007 08:27 PM
Hi yjdabear,
when I issue sh login failures, i get this result, actually i tried with failed attempts to test, therefore it cant be true:
sh login failures
*** No logged failed login attempts with the device.***
I am actually login to a remote syslog server.
Thanks much,
paul
09-25-2007 07:01 AM
Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.
Also, according to this document
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm
"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."
09-25-2007 05:05 PM
Hi Yjdabear,
You are indeed very helpful. yes you are right, it works now!
Thanks much,
Pnigel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide