[AusNOG] Cisco Sysloging & Auditing
Brad Henshaw
brad.henshaw at qcn.com.au
Mon Aug 30 10:21:24 EST 2010
Depending on IOS version there's also:
login on-failure log
login on-success log
Regards,
Brad
________________________________
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Nathan Le Nevez
Sent: Friday, 27 August 2010 7:43 PM
To: Greg M; ausnog at ausnog.net
Subject: Re: [AusNOG] Cisco Sysloging & Auditing
Some newer IOSs give you commands like this:
"security authentication failure rate 3 log"
and will generate syslog events such as
011690: Aug 27 19:40:51.381 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login
Success [user: npl] [Source: X.X.X.X] [localport: 22] at 19:40:51 AEST
Fri Aug 27 2010
Nathan
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg M
Sent: Friday, 27 August 2010 6:06 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Cisco Sysloging & Auditing
Hi All,
I am in the process of implementing radius auth & syslog (ing) across
about 400 switches/routers in an organisation and have hit one snitch.
I've got radius auth + syslog happening fine, including cli commands,
eg:
Aug 27 16:04:04 10.200.1.254 232: 000226: 3d14h: %HA_EM-6-LOG:
CLIaccounting: write
However, I am stumped on getting aaa logging sent to Syslog. Basically,
we want the syslog to tell us if someone logs in successfully/fails and
logs out etc.
Thanks for any help, especially given it's a Friday arvo J
Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100830/36e47c86/attachment.html>
More information about the AusNOG
mailing list