Thank you for the answer, we indeed have all the logs in our ACS servers, but we currently receive all authentication failure in central syslog servers (from server, from firewall, ...), those syslog entries are monitored to identify and alert multiple authentication failures.
That type of alerting is, at my knowledge, not possible in the Cisco Secure ACS.
It has been the traditional answer that you could not do this directly from IOS to syslog and if you wanted it you had to go through ACS to get notification of login failure (or success). In release 12.3(4)T and 12.4 Cisco introduced a new feature where you can send directly to syslog for login success or for login failure. You can use this command:
login on-failure log [every login]
and there is also a command to log successes.
For more information about this feature this link would be useful:
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...