Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sending syslog message on logon

Hi forum,

How do I configure the syslog to send message when user logon to the router, either success or fail.

Thanks much,

paul

2 ACCEPTED SOLUTIONS

Accepted Solutions
Blue
Blue

Re: sending syslog message on logon

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

7 REPLIES
Blue
New Member

Re: sending syslog message on logon

Thank you very much yjdabear,

This solves my problem!

Thanks much,

PN

New Member

Re: sending syslog message on logon

Hi Yjdabear,

I am able to log the success logon, but i cant log the failure logon, i use this command:

login on-failure log

login on-success log

but i only get this:

%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:

anything that I must look out for?

Thanks much,

PN

Blue

Re: sending syslog message on logon

Are the failures showing up with "show login" or "show login failures"?

New Member

Re: sending syslog message on logon

Hi yjdabear,

when I issue sh login failures, i get this result, actually i tried with failed attempts to test, therefore it cant be true:

sh login failures

*** No logged failed login attempts with the device.***

I am actually login to a remote syslog server.

Thanks much,

paul

Blue

Re: sending syslog message on logon

Do you have the pre-requisite "login block-for seconds attempts tries within seconds" configured, as specified in this section? I'm not sure how "log on-success ..." worked if the above were not configured.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html#wp1027195

Also, according to this document

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part30/h_login.htm

"Logging messages for failed login attempts are automatically enabled when the auto secure command is issued; they are not automatically enabled for successful login attempts via autosecure."

New Member

Re: sending syslog message on logon

Hi Yjdabear,

You are indeed very helpful. yes you are right, it works now!

Thanks much,

Pnigel

168
Views
0
Helpful
7
Replies