AAA / Tacacs and Failed Attempts

Unanswered Question
Mar 17th, 2009
User Badges:

I had started this conversation in the "General" area (I think incorrectly) so I'm going to post it in here as well (just in case - appologies to the moderators).


In our aaa implementation we use tacacs with the local db as backup. Well, I'm trying to harden security. I know IOS has this nice little command:


“login on-failure log every x”


This would be great so we could at least see the syslog message and have an idea if someone is trying to get into a piece of our equipment without having to try and watch the "Failed Attemps" report in ACS - but given we are using Tacacs, the only way this will throw a message is if ACS isn't available.


I'd like to know if there is a way for ACS to give us this information. Or, to get syslog messages to get thrown.


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darpotter Wed, 03/18/2009 - 04:22
User Badges:
  • Silver, 250 points or more

Hi


ACS 4.1 onwards has a syslog log target - so the failed attempts stuff can be sent in real time over syslog as well as saved to CSV.


The format is ...


For audit compliance may I suggest you take a look at extraxi aaa-reports. We can generate reports against log activity and ACS database policy. 60 day working trial available at www.extraxi.com

Actions

This Discussion