11-10-2009 01:01 PM - edited 03-04-2019 06:40 AM
Dear folks,
I'm not able to find the syslog messages content about a telnet login over a 7609s with 12.2 IOS.
I found the ssh session:
SSH-5-SSH_CLOSE
SSH-5-SSH_SESSION
SSH-5-SSH_USERAUTH
But I didn'd found anything about telnet.
Anybodies know?
Thanks a regards
Leonardo
Solved! Go to Solution.
12-02-2009 01:33 PM
Hi Leonardo
If you want you would like to set in the syslog the telnet attempts.
Take a look on this configuration:
Router's IP : 192.168.0.1 255.255.255.0
PC IP : 192.168.0.2 255.255.255.0
CONFIGURE SYSLOG
Router(config)#config t
Router(config)#logging 192.168.0.2
Router(config)#logging buffered 10000 debugging
Router(config)#logging trap debugging
*****************************************************************
CREATE ACL
Router(config)#access-list 101 permit tcp any any eq telnet log
*****************************************************************
ASSOCIATE THE ACL WITH VTY 0 4
Router(config)#line vty 0 4
Router(config-line)#access-class 101 in
Router(config-line)#login local
Router(config)#exit
*****************************************************************
CONFIGURE CISCO IOS LOGIN ENHANCEMENTS
Router(config)#login block-for 100 attempts 2 within 100
Router(config)#login delay 10
Router(config)#login on-failure log
Router(config)#login on-success log
Router(config)#exit
Router#
****************************************************************
CONFIGURE VTY 0 4 FOR LOCAL USERS
Router#config t
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#exit
*****************************************************************
CREATE THE LOCAL USERS
Router(config)#username cisco privilege 15 password 12345
Router(config)#exit
Router#wr
After this configuration you will be able to see the following syslog messages
When Telnet to 192.168.0.1
%SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.0.2(1045) -> 0.0.0.0(23), 1 packet
After typing your local username and password
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.0.2 started - CLI initiated[OK]
For further information here is a link that explains the CISCO IOS LOGIN ENHANCEMENTS and it's requirements
Cisco IOS Login Enhancements
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6922_TSD_Products_Configuration_Guide_Chapter.html
If you use the Cisco IOS Login Enhancements you can get the follow messages for any attempt:
System Logging Messages for Successful and Failed Login Requests
The following logging message is generated upon a successful login request:
00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:Login Success [user:test] [Source:192.168.0.2]
[localport:23] at 20:55:40 UTC Fri Feb 28 2003
The following logging message is generated upon a failed login request:
00:03:34:%SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:sdfs] [Source:192.168.0.2]
[localport:23] [Reason:Invalid login] at 20:54:42 UTC Fri Feb 28 2003
Regards
Luis
12-02-2009 01:33 PM
Hi Leonardo
If you want you would like to set in the syslog the telnet attempts.
Take a look on this configuration:
Router's IP : 192.168.0.1 255.255.255.0
PC IP : 192.168.0.2 255.255.255.0
CONFIGURE SYSLOG
Router(config)#config t
Router(config)#logging 192.168.0.2
Router(config)#logging buffered 10000 debugging
Router(config)#logging trap debugging
*****************************************************************
CREATE ACL
Router(config)#access-list 101 permit tcp any any eq telnet log
*****************************************************************
ASSOCIATE THE ACL WITH VTY 0 4
Router(config)#line vty 0 4
Router(config-line)#access-class 101 in
Router(config-line)#login local
Router(config)#exit
*****************************************************************
CONFIGURE CISCO IOS LOGIN ENHANCEMENTS
Router(config)#login block-for 100 attempts 2 within 100
Router(config)#login delay 10
Router(config)#login on-failure log
Router(config)#login on-success log
Router(config)#exit
Router#
****************************************************************
CONFIGURE VTY 0 4 FOR LOCAL USERS
Router#config t
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#exit
*****************************************************************
CREATE THE LOCAL USERS
Router(config)#username cisco privilege 15 password 12345
Router(config)#exit
Router#wr
After this configuration you will be able to see the following syslog messages
When Telnet to 192.168.0.1
%SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.0.2(1045) -> 0.0.0.0(23), 1 packet
After typing your local username and password
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.0.2 started - CLI initiated[OK]
For further information here is a link that explains the CISCO IOS LOGIN ENHANCEMENTS and it's requirements
Cisco IOS Login Enhancements
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6922_TSD_Products_Configuration_Guide_Chapter.html
If you use the Cisco IOS Login Enhancements you can get the follow messages for any attempt:
System Logging Messages for Successful and Failed Login Requests
The following logging message is generated upon a successful login request:
00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:Login Success [user:test] [Source:192.168.0.2]
[localport:23] at 20:55:40 UTC Fri Feb 28 2003
The following logging message is generated upon a failed login request:
00:03:34:%SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:sdfs] [Source:192.168.0.2]
[localport:23] [Reason:Invalid login] at 20:54:42 UTC Fri Feb 28 2003
Regards
Luis
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: