CiscoWorks Question

Unanswered Question
Jun 21st, 2010


have a question about CiscoWorks.

what to know if CW is capable to get login/logouts logs about Cisco switches.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Mon, 06/21/2010 - 14:41

CiscoWorks is not really designed for tracking this information.  What you want is CiscoSecure Access Control Server (ACS).  ACS is a AAA server which provides accounting logs for such things.

operaciones_redes Wed, 06/23/2010 - 10:08

Hello Joe,

thanks for your answer.

i understand that ciscoworks dont get that kind of logs... but.. maybe ¿could it relay information that comes from switches and send to other device? (about log in / log out)

thanks again for your attention!!

Marvin Rhoads Wed, 06/23/2010 - 11:39

Accounting information is what you're asking for. That is only sent to AAA servers - either TACACS or RADIUS (such as the ACS product from Cisco as Joe mentioned).

Although.... Joe, couldn't he use EEM to create a job on the device to package an accounting event into a syslog event? Probably way more than necessary for this scope of requirement and limited in platform/IOS support as well.

Generally, Ciscoworks can receive sylog messages and SNMP traps (information coming from device based on device action) and poll for SNMP event or MIB values.

Config changes do generate a syslog event so you could see that in CiscoWorks RME's syslog analyzer and even write a custom report to pull out that sort of event specifically.

operaciones_redes Wed, 06/23/2010 - 13:01

Hello again,

i dont understand at all what your´re explaining.

maybe you speak in spanish?? pls


Joe Clarke Wed, 06/23/2010 - 13:08

Yes, you could configure the following on the device:

login on-failure log

login on-success log

Then, every time someone tries to login or does login, the device will send a syslog message which can be analyzed by RME.  You can then run an RME syslog report under RME > Reports > Report Generator > Syslog > Standard Report to see those messages.

operaciones_redes Wed, 06/23/2010 - 13:32

let me see if i understand what you say.

i can configure the following in a cisco switch  (it´s for example):

login on-failure log

login on-success log

then... in ciscoworks i can review the log by RME in CiscoWorks.

im rigth?


This Discussion

Related Content