I am running the latest 12.1 IOS on my 6009 and I was wondering if I can configure syslog to tell me when someone logs in or out of the switch? Would I need to change anything with the logging facility (don't think I need to)?
Typically you would want to use TACACS to log access to your devices. There is a command to log successful, and unsuccessful connection attempts to your switch. Unfortunately your IOS is not current enough to support the commands. You also might try setting your logging buffer to informational, and it should log when users log into the switch. I do recommend using TACACS.
Right now you have buffer logging disabled so you won't be able to look at anything locally on the box the way it is . As the other person said what you are requested is normally handled thru an authentication server whether tacacs or radius. You need to turn buffer logging on the box and don't use the defaults they are much too small , I would make it at least 3-4 times the default of 4096 at the very least.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...