[AusNOG] Cisco Sysloging & Auditing

Brad Henshaw brad.henshaw at qcn.com.au
Mon Aug 30 10:21:24 EST 2010


Depending on IOS version there's also:
 
login on-failure log
login on-success log
 
Regards,
Brad

________________________________

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Nathan Le Nevez
Sent: Friday, 27 August 2010 7:43 PM
To: Greg M; ausnog at ausnog.net
Subject: Re: [AusNOG] Cisco Sysloging & Auditing



Some newer IOSs give you commands like this:

 

"security authentication failure rate 3 log"

 

and will generate syslog events such as



011690: Aug 27 19:40:51.381 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login
Success [user: npl] [Source: X.X.X.X] [localport: 22] at 19:40:51 AEST
Fri Aug 27 2010

 

Nathan

 

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Greg M
Sent: Friday, 27 August 2010 6:06 PM
To: ausnog at ausnog.net
Subject: [AusNOG] Cisco Sysloging & Auditing

 

Hi All,

 

I am in the process of implementing radius auth & syslog (ing) across
about 400 switches/routers in an organisation and have hit one snitch.

 

I've got radius auth + syslog happening fine, including cli commands,
eg:

 

Aug 27 16:04:04 10.200.1.254 232: 000226: 3d14h: %HA_EM-6-LOG:
CLIaccounting: write

 

However, I am stumped on getting aaa logging sent to Syslog. Basically,
we want the syslog to tell us if someone logs in successfully/fails and
logs out etc.

 

Thanks for any help, especially given it's a Friday arvo J

 

Greg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100830/36e47c86/attachment.html>


More information about the AusNOG mailing list