[AusNOG] Cisco Sysloging & Auditing
Nathan Le Nevez
nathan at lenevez.net.au
Fri Aug 27 19:43:17 EST 2010
Some newer IOSs give you commands like this:
"security authentication failure rate 3 log"
and will generate syslog events such as
011690: Aug 27 19:40:51.381 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: npl] [Source: X.X.X.X] [localport: 22] at 19:40:51 AEST Fri Aug 27 2010
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg M
Sent: Friday, 27 August 2010 6:06 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Cisco Sysloging & Auditing
I am in the process of implementing radius auth & syslog (ing) across about 400 switches/routers in an organisation and have hit one snitch.
I've got radius auth + syslog happening fine, including cli commands, eg:
Aug 27 16:04:04 10.200.1.254 232: 000226: 3d14h: %HA_EM-6-LOG: CLIaccounting: write
However, I am stumped on getting aaa logging sent to Syslog. Basically, we want the syslog to tell us if someone logs in successfully/fails and logs out etc.
Thanks for any help, especially given it's a Friday arvo :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AusNOG