Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
1
Replies

AAA / Tacacs and Failed Attempts

soldnermichael
Level 1
Level 1

‎03-17-2009 07:19 PM - edited ‎03-10-2019 04:23 PM

I had started this conversation in the "General" area (I think incorrectly) so I'm going to post it in here as well (just in case - appologies to the moderators).

In our aaa implementation we use tacacs with the local db as backup. Well, I'm trying to harden security. I know IOS has this nice little command:

“login on-failure log every x”

This would be great so we could at least see the syslog message and have an idea if someone is trying to get into a piece of our equipment without having to try and watch the "Failed Attemps" report in ACS - but given we are using Tacacs, the only way this will throw a message is if ACS isn't available.

I'd like to know if there is a way for ACS to give us this information. Or, to get syslog messages to get thrown.

Thanks!

Labels:
0 Helpful
1 Reply 1

darpotter
Level 5
Level 5

‎03-18-2009 04:22 AM

Hi

ACS 4.1 onwards has a syslog log target - so the failed attempts stuff can be sent in real time over syslog as well as saved to CSV.

The format is

...

For audit compliance may I suggest you take a look at extraxi aaa-reports. We can generate reports against log activity and ACS database policy. 60 day working trial available at www.extraxi.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents