02-14-2008 03:38 PM - edited 03-09-2019 08:06 PM
I'm trying to setup MARS so it can alert me when failed attemps to our cisco switches 3750. Is it possible to do it? I have configured my switches with the commands required to log, but I don't see any logs for this failed attemps.
Any idea how can I complete this task?
02-15-2008 04:17 AM
What exactly do you mean by "failed attempts"? Is it failed NAC authentication or failed telnet/SSH access you're looking for?
An example of telnet access logging alerts would be to setup the switches to syslog debug to the MARS and then create a rule on the MARS to look for these messages.
/Fredrik
02-15-2008 08:09 AM
I'm trying to log any telnet/ssh failed access made to our switches.
Let me see if I understood. I need to turn on AAA authentication and then create a rule on MARS?
02-15-2008 10:52 AM
I have a write-up on my blog about how you can achieve this. You can find it at:
http://cs-mars.blogspot.com/2006/09/cs-mars-rule-ios-login-auditing.html
LMK if this helps.
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide