https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872562#M84885 <HTML><HEAD></HEAD><BODY><P>Try this:</P><P></P><P>login block-for 1 attempts 3 within 1</P><P>login delay 1</P><P>login on-failure log</P><P></P><P>Here is a message of someone login unsuccessfully to a router:</P><P></P><P>Jan 24 17:59:16 10.109.114.101 13632: Jan 24 19:59:15: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: dkdkdk] [Source: 192.168.1.1] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 19:59:15 UTC Thu Jan 24 2008</P><P></P><P></P><P>Easy right?</P><P></P><P>CCIE Security</P></BODY></HTML> Thu, 24 Jan 2008 20:01:10 GMT cisco24x7 2008-01-24T20:01:10Z https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872560#M84883 <P>Hi,</P><P></P><P>in this forum I found that to log telnet access to routers (Successful/Unsuccessful - Authorized/Unauthorized) a possible configuration is:</P><P>access-list 10 permit 10.1.1.1</P><P>access-list 10 permit 10.51.21.34</P><P>access-list 10 permit 10.51.8.32</P><P></P><P>I find on cisco.com these syslog events related to telnet:</P><P></P><P>%TN-2-BADLOGIN : Bad login string pointer [hex]</P><P>%TN-3-BADSTATE : Illegal state [dec]</P><P>%TN-3-READLINE : Unknown return code [dec] from telnet_readline()</P><P>(<A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/12_3/sem2/system/messages/emgtdm.html#wp139576" target="_blank">http://www.cisco.com/en/US/docs/ios/12_3/sem2/system/messages/emgtdm.html#wp139576</A>)</P><P></P><P>"%TN-2-BADLOGIN : Bad login string pointer [hex]" is related to unauthorized telnet access to the router?</P><P></P><P>Can you suggest me some syslog messages generated when someone tries to access a router?</P><P></P><P>Thanks a lot</P> Sun, 10 Mar 2019 10:56:50 GMT https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872560#M84883 carrara_ictc 2019-03-10T10:56:50Z https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872561#M84884 <HTML><HEAD></HEAD><BODY><P>I have experienced "% telnet connections not permitted from this terminal " messages on the console. Issuing the command "transport output telnet ssh " under line vty 04 resolves this issues.</P><P></P></BODY></HTML> Thu, 24 Jan 2008 19:14:58 GMT https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872561#M84884 ivillegas 2008-01-24T19:14:58Z https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872562#M84885 <HTML><HEAD></HEAD><BODY><P>Try this:</P><P></P><P>login block-for 1 attempts 3 within 1</P><P>login delay 1</P><P>login on-failure log</P><P></P><P>Here is a message of someone login unsuccessfully to a router:</P><P></P><P>Jan 24 17:59:16 10.109.114.101 13632: Jan 24 19:59:15: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: dkdkdk] [Source: 192.168.1.1] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 19:59:15 UTC Thu Jan 24 2008</P><P></P><P></P><P>Easy right?</P><P></P><P>CCIE Security</P></BODY></HTML> Thu, 24 Jan 2008 20:01:10 GMT https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872562#M84885 cisco24x7 2008-01-24T20:01:10Z https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872563#M84886 <HTML><HEAD></HEAD><BODY><P>What about OLD IOS this is extended login feature in 12.4(3)?</P></BODY></HTML> Wed, 21 Apr 2010 07:08:49 GMT https://community.cisco.com/t5/network-security/telnet-access-and-syslog-messages/m-p/872563#M84886 fisko 2010-04-21T07:08:49Z