03-09-2018 11:13 PM - edited 02-21-2020 10:48 AM
hi
i have a syslog server on my network and i monitor successful and unsuccessful logins
recently i had a login from a user but Syslog is showing this as log
Mar 10 00:00:16 10.1.8.5 441: Mar 9 20:36:23.344: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:USERNAME] [Source: ]^_`abcdefghijklmnopqrstuvwxyz{|}~\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8A\x8B\x8C\x8D\x8E\x8F\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9A\x9B\x9C\x9D\x9E\x9F\xA0\xA1\xA2\xA3\xA4\xA5\xA6\xA7\xA8\xA9\xAA\xAB\xAC\xAD\xAE\xAF\xB0\xB1\xB2\xB3\xB4\xB5\xB6\xB7\xB8\xB9\xBA\xBB\xBC\xBD\xBE\xBF\xC0\xC1\xC2\xC3\xC4\xC5\xC6\xC7\xC8\xC9\xCA\xCB\xCC\xCD\xCE\xCF\xD0\xD1\xD2\xD3\xD4\xD5\xD6\xD7\xD8\xD9\xDA\xDB\xDC\xDD\xDE\xDF\xE0\xE1\xE2\xE3\xE4\xE5\xE6\xE7\xE8\xE9\xEA\xEB\xEC\xED\xEE\xEF\xF0\xF1\xF2\xF3\xF4\xF5\xF6\xF7\xF8\xF9\xFA\xFB] [localport: 22] at 00:06:23
how can i know who logged in to this device?
Solved! Go to Solution.
03-10-2018 11:04 PM
03-10-2018 11:04 PM
03-10-2018 11:09 PM
- Try adding the below IOS-extract to the running configuration :
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
logging on
logging ip-of-syslog-server
login on-failure log every 1
login on-success log every 1
end
M.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: