Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Logging Console and VTY logins to Syslog

Does anyone know if it is possible to log a console or VTY login to a syslog server?

If it is possible, could you also let me know how i can configure it.

Kind regards,

Marco Hermans

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Logging Console and VTY logins to Syslog

Syslog is a general location or mechanism for logging informational messages or error messages. When a user loggs into a router it doesn't generate any kind of message unless you have some kind of debugging turned on.

Debugging messages can be logged to the syslog server, but having some debugging commands running on the router is not such a good idea because it loads the CPU.

The way to track user logins into the router is to enable Authentication Authorization and Accounting and collect the accounting information on a tacacs or radius server.

Some links that can help you configure AAA:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfacct.htm

2 REPLIES

Re: Logging Console and VTY logins to Syslog

Syslog is a general location or mechanism for logging informational messages or error messages. When a user loggs into a router it doesn't generate any kind of message unless you have some kind of debugging turned on.

Debugging messages can be logged to the syslog server, but having some debugging commands running on the router is not such a good idea because it loads the CPU.

The way to track user logins into the router is to enable Authentication Authorization and Accounting and collect the accounting information on a tacacs or radius server.

Some links that can help you configure AAA:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfaaa.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfathen.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/scfacct.htm

New Member

Re: Logging Console and VTY logins to Syslog

You can use a logged acl to permit/deny access to vty. Whenever a telnet attepmt is made to the switch, the acl is processed and a syslog message is generated.

access-list 199 permit tcp host x any eq telnet log

access-list 199 deny ip any any log-input

line vty 0 4

access-class 199 in

login authentication telnet

Not sure about syslog for console access.

Mike

1042
Views
0
Helpful
2
Replies