SYSLOG Question

Hi,

We configured TACACS on our switches and we now would like to send authentication related message to our syslog (eg: Authentication successfull, or unsuccessfull etc...).

Is there a way to have this send to the syslog? I tested by putting the logging trap to debug, but even in that case, i did not get anything about the authentication in the syslog.

Thank you for your help, Marc.

Reply to
Haitingus
Loading thread data ...

Hi

Try the following

Go into Config mode and type

Logging

You could then generate a few messages to be sent to the syslog server by shutting down and interface a few time and bringing it back up

Saving the config will also generate a message to be sent to the syslog server

HTH

Steve

Reply to
Steve Ray

Hi Steve,

Thank you, this is indeed done already. And i receive syslog message. But, what i would like now to achieve, is to receive message related to authentication into the syslog.

e.g: failed login attempt, successfull login attempt...

Reply to
Haitingus

Dosn't the TACACS record the information you want?

Reply to
M

~ We configured TACACS on our switches and we now would like to send ~ authentication related message to our syslog (eg: Authentication ~ successfull, or unsuccessfull etc...). ~ ~ Is there a way to have this send to the syslog? I tested by putting the ~ logging trap to debug, but even in that case, i did not get anything about ~ the authentication in the syslog. ~ ~ Thank you for your help, ~ Marc.

Marc,

You can send aaa accounting records to your tacacs server but not, at present, in general, to a syslog server.

(Back in '98, I filed:

CSCdk43220 syslog method desired for AAA accounting

... this might be addressed some time this decade, or the next ...)

Aaron

Reply to
Aaron Leonard

Do not look to the highest level of logging, debugging, from the device for this information. You will have to look toward your authentication system, TACACS+.

Cisco ACS server has passed and failed authentication attempts logged under the reports feature.

Reply to
Scott Perry

Hi,

I posted that question on the cisco forum and apparently, this feature was recently implemented, see the answer:

" It has been the traditional answer that you could not do this directly from IOS to syslog and if you wanted it you had to go through ACS to get notification of login failure (or success). In release 12.3(4)T and 12.4 Cisco introduced a new feature where you can send directly to syslog for login success or for login failure. You can use this command: login on-failure log [every login] and there is also a command to log successes.

For more information about this feature this link would be useful:

formatting link
"

BR Marc.

Reply to
Haitingus

Haitingus schrieb:

ip ssh logging events

Reply to
Patrick Cervicek

Thanks Marc,

I appreciate the pointer to this "Cisco IOS Login Enhancements" feature - this was actually done quite a while ago (12.3(4)T was back in Oct. '03), but somehow I managed to avoid finding out about it till just now.

Cheers,

Aaron

Reply to
Aaron Leonard

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.