Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
3
Replies

MARS

lm20ele
Level 1
Level 1

‎02-14-2008 03:38 PM - edited ‎03-09-2019 08:06 PM

I'm trying to setup MARS so it can alert me when failed attemps to our cisco switches 3750. Is it possible to do it? I have configured my switches with the commands required to log, but I don't see any logs for this failed attemps.

Any idea how can I complete this task?

Labels:
0 Helpful
3 Replies 3

hoffa2000
Level 3
Level 3

‎02-15-2008 04:17 AM

What exactly do you mean by "failed attempts"? Is it failed NAC authentication or failed telnet/SSH access you're looking for?

An example of telnet access logging alerts would be to setup the switches to syslog debug to the MARS and then create a rule on the MARS to look for these messages.

/Fredrik

0 Helpful

lm20ele
Level 1
Level 1
In response to hoffa2000

‎02-15-2008 08:09 AM

I'm trying to log any telnet/ssh failed access made to our switches.

Let me see if I understood. I need to turn on AAA authentication and then create a rule on MARS?

0 Helpful

wiluszm
Level 1
Level 1
In response to lm20ele

‎02-15-2008 10:52 AM

I have a write-up on my blog about how you can achieve this. You can find it at:

http://cs-mars.blogspot.com/2006/09/cs-mars-rule-ios-login-auditing.html

LMK if this helps.

-Mike

http://cs-mars.blogspot.com

0 Helpful
Customers Also Viewed These Support Documents