I have a a 2620XM router configured as a dial-in router. There has been debate on how much this sytem is being used and I want to configure syslog capturing to see which users are logging in, at what time and for how long.
There are several aspects of your question that are not quite clear to me. When you say that you want syslog capturing I am not clear whether you will login to the router periodically and do the show log command to check the syslog? If this is the case then I believe that 4096 is probably too small a value. If it is not the case that you will check on the router itself, then configuration of the logging buffer size and changing the logging level from debugging to informational does not matter for this question.
Or will you be checking on a syslog server (assuming that 192.168.10.3 is running syslog server software and is properly configured for syslog)? It will be receiving informational level syslog messages.
It is also not clear what you are looking at in syslog to give you information about the user logins, at what time, and for how long. If you can give us information about this we may be able to give you better answers about whether your syslog configuration is appropriate.
syslog is more useful for troubleshooting network issues and to log any system error messages, like duplicate ips, interface up/down, power supply down etc... you need to use this correctly and only for some useful info, otherwise this will fill in a lot of memory on the server/router etc..
what you are referring to is the accounting information, which a syslog cannot give. syslog can give info on who has logged in and success/failure logins, but will not tell you when the user has logged out and is not a good tool for accounting. you need to have a good radius server like ACS which can do this !!!! try using the following commands:
logging trap debugging
login on-failure log
login on-success log
this can give you some basic info, but not a detailed accounting logs.. you can also try applying a access-list on the RAS port and do a log on it and see if you are getting any useful info :)
Hope this helps.. all the best.. rate replies if found useful..
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...