Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA / Tacacs and Failed Attempts

I had started this conversation in the "General" area (I think incorrectly) so I'm going to post it in here as well (just in case - appologies to the moderators).

In our aaa implementation we use tacacs with the local db as backup. Well, I'm trying to harden security. I know IOS has this nice little command:

“login on-failure log every x”

This would be great so we could at least see the syslog message and have an idea if someone is trying to get into a piece of our equipment without having to try and watch the "Failed Attemps" report in ACS - but given we are using Tacacs, the only way this will throw a message is if ACS isn't available.

I'd like to know if there is a way for ACS to give us this information. Or, to get syslog messages to get thrown.

Thanks!

1 REPLY
Silver

Re: AAA / Tacacs and Failed Attempts

Hi

ACS 4.1 onwards has a syslog log target - so the failed attempts stuff can be sent in real time over syslog as well as saved to CSV.

The format is

...

For audit compliance may I suggest you take a look at extraxi aaa-reports. We can generate reports against log activity and ACS database policy. 60 day working trial available at www.extraxi.com

144
Views
0
Helpful
1
Replies
CreatePlease to create content