Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Authentication message send to syslog


We configured TACACS on our switches and we now would like to send authentication related message to our syslog (eg: Authentication successfull, or unsuccessfull etc...).

Is there a way to have this send to the syslog? I tested by putting the logging trap to debug, but even in that case, i did not get anything about the authentication in the syslog.

Thank you for your help,


New Member

Re: Authentication message send to syslog

Did somebody can help me plz?


New Member

Re: Authentication message send to syslog

We've had the failed attempts log file e-mailed to us from a local smtp mailer to keep tabs on the same thing. You could have passed attempts sent as well.

Cisco Employee

Re: Authentication message send to syslog

This is not possible for IOS devices, but you should have an audit trail on your TACACS+ server that lists when users logged in and out.

New Member

Re: Authentication message send to syslog

Thank you for the answer, we indeed have all the logs in our ACS servers, but we currently receive all authentication failure in central syslog servers (from server, from firewall, ...), those syslog entries are monitored to identify and alert multiple authentication failures.

That type of alerting is, at my knowledge, not possible in the Cisco Secure ACS.

That was the reason of my question.

Anyway, thank you for your answer.


Re: Authentication message send to syslog

Why yes it IS available via CiscoSecure ACS, you just need a current version to do so. I know that v4.1.1b23 has it as well as the latest and greatest version 4.1.3b12 patch 2.

Under System configuration, Logging Configuration, you have tha ability so send any of the log files to syslog servers on any specified port (very handy for syslogNG implementations)

Hall of Fame Super Silver

Re: Authentication message send to syslog

Marc and Andy

It has been the traditional answer that you could not do this directly from IOS to syslog and if you wanted it you had to go through ACS to get notification of login failure (or success). In release 12.3(4)T and 12.4 Cisco introduced a new feature where you can send directly to syslog for login success or for login failure. You can use this command:

login on-failure log [every login]

and there is also a command to log successes.

For more information about this feature this link would be useful:



CreatePlease to create content