Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Syslog configuration on a 6009 (Running IOS)

I am running the latest 12.1 IOS on my 6009 and I was wondering if I can configure syslog to tell me when someone logs in or out of the switch? Would I need to change anything with the logging facility (don't think I need to)?

Right now I have the following set for logging...

Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes

0 overruns)

Console logging: disabled

Monitor logging: level emergencies, 0 messages logged

Buffer logging: disabled

Exception Logging: size (4096 bytes)

Trap logging: level debugging, 6601 message lines logged

Logging to x.x.x.x, 6601 message lines logged

8 REPLIES

Re: Syslog configuration on a 6009 (Running IOS)

Typically you would want to use TACACS to log access to your devices. There is a command to log successful, and unsuccessful connection attempts to your switch. Unfortunately your IOS is not current enough to support the commands. You also might try setting your logging buffer to informational, and it should log when users log into the switch. I do recommend using TACACS.

login on-failure log

login on-success log

Hope this helps

Mark

New Member

Re: Syslog configuration on a 6009 (Running IOS)

I have tried this on my 3750 and the command is there. I am not seeing anything in syslog though. Here are my settings:

login block-for 30 attempts 30 within 100

login delay 5

login on-failure log

login on-success log

...

no logging buffered

no logging console

no logging monitor

logging 1.2.3.4

I have messages going to syslog, but login messages are not appearing.

Re: Syslog configuration on a 6009 (Running IOS)

Try adding the "logging trap notifications" command.

Mark

New Member

Re: Syslog configuration on a 6009 (Running IOS)

I tried that command and it didn't work. Do I need AAA turned on to properly use this or will the standard logins work? I think AAA is ringing a bell, but not 100%.

Re: Syslog configuration on a 6009 (Running IOS)

You shouldn't have to use AAA, as long as you are using a local account with a username and password.

New Member

Re: Syslog configuration on a 6009 (Running IOS)

I just use the normal password and enable secret. I do not currently use usernames.

Re: Syslog configuration on a 6009 (Running IOS)

You will want to configure a username and password for it to log access to the switch.

Purple

Re: Syslog configuration on a 6009 (Running IOS)

Right now you have buffer logging disabled so you won't be able to look at anything locally on the box the way it is . As the other person said what you are requested is normally handled thru an authentication server whether tacacs or radius. You need to turn buffer logging on the box and don't use the defaults they are much too small , I would make it at least 3-4 times the default of 4096 at the very least.

193
Views
0
Helpful
8
Replies
CreatePlease to create content