04-24-2009 08:45 AM - edited 03-10-2019 04:27 PM
Hi,
I have a 1841 router and I'm trying to see the user name when he fails to login to the router; I have the following configuration and when I do a show log; I see the failed attempts but do not see the user who failed:
login block-for 60 attempts 3 within 60
login on-failure log every 3
login on-success log
1340818: .Apr 24 16:37:17.322 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] at 16:37:17 UTC Fri Apr 24 2009
1340820: .Apr 24 16:37:25.325 UTC: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 5 secs, [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 16:37:25 UTC Fri Apr 24 2009
HO_1841#
Has anybody experienced the same? I'm running IOS version 12.4(10a)
Thanks for any help.
04-24-2009 09:13 AM
This is a known issue:
CSCsd58148 Bug Details
%SEC_LOGIN-4-LOGIN_FAILED does not show username in [user: ]
Symptom:
Username of the user who fails to login is not shown in the
%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:] message.
Conditions:
Cisco 2821 running 12.4(3a)
Workaround:
Use TACACS
Fixed-In
12.4(7.23)M
12.4(7.24)T
12.4(22.3.4)PIC1
12.4(24.5.2)PIC1
04-24-2009 09:24 AM
Really? thanks I'll upgrade the image on the router.
Thanks again.
08-19-2009 12:13 PM
I too am having the same issue, even after upgrading to 12.4(22)T. What I have found though is the user information is filled in on failed SSH attempts, but not for Telnet.
I'm curious how you made out with your situation.
08-19-2009 02:09 PM
Hi,
You are hitting the bug id CSCsd58148. This bug is solved in IOS version 12.4(24)T1.
I did the lab recreation on my lab please see logs below.
*Aug 19 22:08:28.531: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 192.168.250.24] [localport: 23] [Reason: Login Authentication Failed] at 22:08:28 UTC Wed Aug 19 2009
Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 19-Jun-09 15:13 by prod_rel_team
Please upgrade and if you still having the issue please let me know.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: