Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

7609s IOS 12.2: the syslog messages about telnet login

Dear folks,

I'm not able to find the syslog messages content about a telnet login over a 7609s with 12.2 IOS.

I found the ssh session:

SSH-5-SSH_CLOSE

SSH-5-SSH_SESSION

SSH-5-SSH_USERAUTH

But I didn'd found anything about telnet.

Anybodies know?

Thanks a regards

Leonardo

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: 7609s IOS 12.2: the syslog messages about telnet login

Hi Leonardo

If you want you would like to set in the syslog the telnet attempts.


Take a look on this configuration:

Router's IP : 192.168.0.1 255.255.255.0
PC IP : 192.168.0.2 255.255.255.0

CONFIGURE SYSLOG

Router(config)#config t
Router(config)#logging 192.168.0.2
Router(config)#logging buffered 10000 debugging
Router(config)#logging trap debugging


*****************************************************************
CREATE ACL

Router(config)#access-list 101 permit tcp any any eq telnet log

*****************************************************************
ASSOCIATE THE ACL WITH VTY 0 4

Router(config)#line vty 0 4
Router(config-line)#access-class 101 in
Router(config-line)#login local
Router(config)#exit

*****************************************************************
CONFIGURE CISCO IOS LOGIN ENHANCEMENTS

Router(config)#login block-for 100 attempts 2 within 100
Router(config)#login delay 10
Router(config)#login on-failure log
Router(config)#login on-success log
Router(config)#exit
Router#

****************************************************************
CONFIGURE VTY 0 4 FOR LOCAL USERS     

Router#config t
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#exit


*****************************************************************
CREATE THE LOCAL USERS

Router(config)#username cisco privilege 15 password 12345
Router(config)#exit
Router#wr

After this configuration you will be able to see the following syslog messages

When Telnet to 192.168.0.1

%SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.0.2(1045) -> 0.0.0.0(23), 1 packet

After typing your local username and password

%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.0.2 started - CLI initiated[OK]

For further information here is a link that explains the CISCO IOS LOGIN ENHANCEMENTS and it's requirements


Cisco IOS Login Enhancements
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6922_TSD_Products_Configuration_Guide_Chapter.html

If you use the Cisco IOS Login Enhancements you can get the follow messages for any attempt:

System Logging Messages for Successful and Failed Login Requests

The following logging message is generated upon a successful login request:

00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:Login Success [user:test] [Source:192.168.0.2] 
[localport:23] at 20:55:40 UTC Fri Feb 28 2003


The following logging message is generated upon a failed login request:

00:03:34:%SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:sdfs] [Source:192.168.0.2] 
[localport:23] [Reason:Invalid login] at 20:54:42 UTC Fri Feb 28 2003


Regards

Luis

1 REPLY
New Member

Re: 7609s IOS 12.2: the syslog messages about telnet login

Hi Leonardo

If you want you would like to set in the syslog the telnet attempts.


Take a look on this configuration:

Router's IP : 192.168.0.1 255.255.255.0
PC IP : 192.168.0.2 255.255.255.0

CONFIGURE SYSLOG

Router(config)#config t
Router(config)#logging 192.168.0.2
Router(config)#logging buffered 10000 debugging
Router(config)#logging trap debugging


*****************************************************************
CREATE ACL

Router(config)#access-list 101 permit tcp any any eq telnet log

*****************************************************************
ASSOCIATE THE ACL WITH VTY 0 4

Router(config)#line vty 0 4
Router(config-line)#access-class 101 in
Router(config-line)#login local
Router(config)#exit

*****************************************************************
CONFIGURE CISCO IOS LOGIN ENHANCEMENTS

Router(config)#login block-for 100 attempts 2 within 100
Router(config)#login delay 10
Router(config)#login on-failure log
Router(config)#login on-success log
Router(config)#exit
Router#

****************************************************************
CONFIGURE VTY 0 4 FOR LOCAL USERS     

Router#config t
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#exit


*****************************************************************
CREATE THE LOCAL USERS

Router(config)#username cisco privilege 15 password 12345
Router(config)#exit
Router#wr

After this configuration you will be able to see the following syslog messages

When Telnet to 192.168.0.1

%SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.0.2(1045) -> 0.0.0.0(23), 1 packet

After typing your local username and password

%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.0.2 started - CLI initiated[OK]

For further information here is a link that explains the CISCO IOS LOGIN ENHANCEMENTS and it's requirements


Cisco IOS Login Enhancements
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_login_enhance_ps6922_TSD_Products_Configuration_Guide_Chapter.html

If you use the Cisco IOS Login Enhancements you can get the follow messages for any attempt:

System Logging Messages for Successful and Failed Login Requests

The following logging message is generated upon a successful login request:

00:04:32:%SEC_LOGIN-5-LOGIN_SUCCESS:Login Success [user:test] [Source:192.168.0.2] 
[localport:23] at 20:55:40 UTC Fri Feb 28 2003


The following logging message is generated upon a failed login request:

00:03:34:%SEC_LOGIN-4-LOGIN_FAILED:Login failed [user:sdfs] [Source:192.168.0.2] 
[localport:23] [Reason:Invalid login] at 20:54:42 UTC Fri Feb 28 2003


Regards

Luis

1567
Views
0
Helpful
1
Replies
CreatePlease to create content