[AusNOG] Cisco Sysloging & Auditing

Nathan Le Nevez nathan at lenevez.net.au
Fri Aug 27 19:43:17 EST 2010


Some newer IOSs give you commands like this:

"security authentication failure rate 3 log"

and will generate syslog events such as

011690: Aug 27 19:40:51.381 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: npl] [Source: X.X.X.X] [localport: 22] at 19:40:51 AEST Fri Aug 27 2010

Nathan


From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg M
Sent: Friday, 27 August 2010 6:06 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Cisco Sysloging & Auditing

Hi All,

I am in the process of implementing radius auth & syslog (ing) across about 400 switches/routers in an organisation and have hit one snitch.

I've got radius auth + syslog happening fine, including cli commands, eg:

Aug 27 16:04:04 10.200.1.254 232: 000226: 3d14h: %HA_EM-6-LOG: CLIaccounting: write

However, I am stumped on getting aaa logging sent to Syslog. Basically, we want the syslog to tell us if someone logs in successfully/fails and logs out etc.

Thanks for any help, especially given it's a Friday arvo :)

Greg


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100827/952a8361/attachment.html>


More information about the AusNOG mailing list