Re: Logging telnet access to a switch

gordons · ‎08-26-2003

Not sure which forum this should be in, so I'll start here.

I am trying to log (to a syslog server) when someone telnets into one of our Cisco switches (4006,3500,2950). I do not have a RADIUS or TACACS+ server, unfortunately.

The only way I've seen thus far is to set trap logging to informational, but that captures a LOT more than I need, especially when it is set that way on abouit 25 switches.

I suspect we just need to spend the cash on a TACACS+ server, but I thought I'd check here in case anyone has a suggestion.

Thanks.

Report Inappropriate Content · ‎09-01-2003

The level of messages logged can be controlled by giving different severity level.

When you select a severity level, the device logs all syslog messages of that level and above. For example, if you select critical, the switch logs error messages for critical, alerts, and emergencies.

The default severity level to log is errors.

In all cases, the severity level defines the amount of detail to be logged

The follwing are the severity levels and the description:

1)emergencies :The switch is at risk of failing.

2)alerts: A condition exists that should be immediately corrected.

3)critical: A critical condition exists, such as a hard device error.

4)errors: Error messages.

5)warnings: Warning messages.

6)notifications: Conditions that are not errors but could require special handling.

7)informational: Informational messages.

8)debugging: Messages only used for debugging.

Try changing the level of your logging and see if it works

Here's the document for the same:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/7_4/config/logging.htm