cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4793
Views
0
Helpful
4
Replies
u.naranjo
Beginner

1841 Login failures do not show user name

Hi,

I have a 1841 router and I'm trying to see the user name when he fails to login to the router; I have the following configuration and when I do a show log; I see the failed attempts but do not see the user who failed:

login block-for 60 attempts 3 within 60

login on-failure log every 3

login on-success log

1340818: .Apr 24 16:37:17.322 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] at 16:37:17 UTC Fri Apr 24 2009

1340820: .Apr 24 16:37:25.325 UTC: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 5 secs, [user: ] [Source: 63.201.212.138] [localport: 22] [Reason: Login Authentication Failed] [ACL: sl_def_acl] at 16:37:25 UTC Fri Apr 24 2009

HO_1841#

Has anybody experienced the same? I'm running IOS version 12.4(10a)

Thanks for any help.

4 REPLIES 4
ansalaza
Beginner

This is a known issue:

CSCsd58148 Bug Details

%SEC_LOGIN-4-LOGIN_FAILED does not show username in [user: ]

Symptom:

Username of the user who fails to login is not shown in the

%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user:] message.

Conditions:

Cisco 2821 running 12.4(3a)

Workaround:

Use TACACS

Fixed-In

12.4(7.23)M

12.4(7.24)T

12.4(22.3.4)PIC1

12.4(24.5.2)PIC1

Really? thanks I'll upgrade the image on the router.

Thanks again.

I too am having the same issue, even after upgrading to 12.4(22)T. What I have found though is the user information is filled in on failed SSH attempts, but not for Telnet.

I'm curious how you made out with your situation.

Hi,

You are hitting the bug id CSCsd58148. This bug is solved in IOS version 12.4(24)T1.

I did the lab recreation on my lab please see logs below.

*Aug 19 22:08:28.531: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: cisco] [Source: 192.168.250.24] [localport: 23] [Reason: Login Authentication Failed] at 22:08:28 UTC Wed Aug 19 2009

Cisco IOS Software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Fri 19-Jun-09 15:13 by prod_rel_team

Please upgrade and if you still having the issue please let me know.

Content for Community-Ad