09-21-2007 02:36 PM - edited 03-05-2019 06:38 PM
I have configured logging for a customer but am obviously doing something incorrectly.
I need for the logs to show authentication attempts, and currently when I do a "sho log" I dont see any.
the following is configured on the box:
logging buffered 32768
logging trap debugging
logging 192.168.10.40
Thanks
09-22-2007 01:46 AM
Hi
I think for this u need to set up AAA.
Thanks
Mahmood
09-24-2007 04:40 AM
Thanks Mahmood
I do indeed have AAA set up on the box.
09-22-2007 03:51 AM
When you do a "show log", does it show anything at all, such as the size of the logging buffer?
What type of device and image are you working with?
09-22-2007 11:15 AM
Kevin
There are now two approaches about logging authentication efforts: the traditional approach is to use the capability of AAA to an authentication server and the authentication (both successful attempts and failed attempts) can be seen on the server. In recent releases of IOS Cisco has added the ability to generate similar information through syslog. It appears that you are using the second approach. Can you confirm which approach you are using?
If you are using the second (syslog) approach can you post what you have put into the configuration to generate these logs? Can you also give us the version and feature set of the image that you are running? (would want to verify that the new feature is supported in the code that you are running)
HTH
Rick
09-24-2007 04:51 AM
sure thing. Version and feature set(s) are:
bhigw2#sho ver
Cisco IOS Software, 3800 Software (C3825-ADVIPSERVICESK9-M), Version 12.4(11)XW2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 02-Jul-07 23:43 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
bhigw2 uptime is 1 week, 4 days, 18 hours, 8 minutes
System returned to ROM by power-on
System restarted at 13:14:46 Eastern Wed Sep 12 2007
System image file is "flash:c3825-advipservicesk9-mz.124-11.XW2.bin"
I have a logfile server running Syslog-NG at 192.168.10.40 (VLAN 10 is our Mgmt VLAN). Here is some output about logging:
bhigw2#sho run | inc log
service timestamps log datetime msec show-timezone
logging buffered 32768
aaa authentication login vtyaccess local
log config
logging trap debugging
logging 192.168.10.40
banner login ^C
login authentication vtyaccess
09-24-2007 04:48 AM
09-24-2007 06:22 AM
Kevin
Thanks for posting the additional information. From what you posted I do not believe that you have configured anything that would send login information to syslog. As I indicated in my previous post there are 2 alternatives about getting information about login activity (successes or failures). One approach is to get the information from the ACS server (which assumes that you are using AAA to control loging and that you are using an ACS server). The other approach which is quite new is to send the login activity message to syslog. To use this new feature you need to configure:
login on-success log [every login]
or
login on-failure log [every login]
This link will give more information if you want more detail about it.
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008043fc9c.html
Configure these commands and let us know how it works.
HTH
Rick
09-24-2007 03:44 PM
Kevin,
After reading Rick's posts, just realized I misread your orignal post. Thought you were not getting any logging.
If supported on your router/IOS, Rick's info appears the most suitable. Otherwise, AAA accounting may help you but its been a while since I've last used it. I do recall it will log to the AAA server, don't recall if they also syslog.
e.g.
aaa accounting network acct_tac1 stop-only group tacacs+ group radius
or
aaa accounting network default stop-only group radius
and
aaa accounting send stop-record authentication failure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide