how to log login attempts on failover firewall

Unanswered Question
Feb 4th, 2009

We have a pair of firewalls set to log to a syslog server. The primary is the only one that actually is logging to the syslog server. I know that by enabling "logging standby" it will cause the standby firewall to log, but it also causes double syslogs as the secondary ends up sending the same stuff as the primary. this is not an alternative. All we want is to capture any login attempts to the primary. someone could be hacking at it and we'd never know because the syslogs don't send any info on it. Anyone have a way around this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Tue, 02/10/2009 - 06:13

Syslog does send login attempts in logs to the syslog server. Make sure that syslog is set to logging level informational.

mjsully Tue, 02/10/2009 - 10:06

yes, it sends from the active firewall, but it does not any attempts to the failover. I've tested this and am trying to find a way to make it work.

Actions

This Discussion