Hello Joe,

thanks for your answer.

i understand that ciscoworks dont get that kind of logs... but.. maybe ¿could it relay information that comes from switches and send to other device? (about log in / log out)

thanks again for your attention!!

Accounting information is what you're asking for. That is only sent to AAA servers - either TACACS or RADIUS (such as the ACS product from Cisco as Joe mentioned).

Although.... Joe, couldn't he use EEM to create a job on the device to package an accounting event into a syslog event? Probably way more than necessary for this scope of requirement and limited in platform/IOS support as well.

Generally, Ciscoworks can receive sylog messages and SNMP traps (information coming from device based on device action) and poll for SNMP event or MIB values.

Config changes do generate a syslog event so you could see that in CiscoWorks RME's syslog analyzer and even write a custom report to pull out that sort of event specifically.

Hello again,

i dont understand at all what your´re explaining.

maybe you speak in spanish?? pls

thanks!

Yes, you could configure the following on the device:

login on-failure log

login on-success log

Then, every time someone tries to login or does login, the device will send a syslog message which can be analyzed by RME.  You can then run an RME syslog report under RME > Reports > Report Generator > Syslog > Standard Report to see those messages.

let me see if i understand what you say.

i can configure the following in a cisco switch  (it´s for example):

login on-failure log

login on-success log

then... in ciscoworks i can review the log by RME in CiscoWorks.

im rigth?

Correct.