02-28-2012 12:53 AM - edited 03-10-2019 06:51 PM
Hello sirs,
Could you please answer a little question.
Is it possible to track failed login attempts to ACS instances (both on CLI and web GUI) by snmp?
Unfortunately i haven't found such option in
Monitoring and Reports > | Alarms > | Thresholds > |
03-05-2012 01:24 AM
I've figured out how to monitor failed attempts via syslog. However there is another trouble. We've many servers in a distributed deployment. Syslog set to global on all servers through our primary server (syslog writes to the syslog server and log collector). Log collector placed on the secondary server. Syslog server receives log messages about administrator logins to the primary server, but it hasn't received any messages from another servers in deployment. I've changed settings on the primary server and it seem's that on secondary servers this setting was changed automatically (according to GUI). What can be source of problem? All related ports on fw's are open.
And there is another issue. Is that possible to monitor CLI login attempts through syslog?
I've found only this messages in catalog:
10006 INFO Administrator Authentication and Authorization AAC Administrator authentication failed
33103 INFO Internal Operations Diagnostics CLI User login to ACS configuration mode failed
51000 NOTICE Administrative and Operational Audit Administrator-Login Administrator authentication failed
Sorry for my poor English.
03-06-2012 09:11 PM
So, syslog on secondary servers wasn't work because of stopped syslog process. Issue war resolved by rebooting the secondary server.
Hope that info will be helpfull for somebody.
I'm still intresting in login attempts monitoring on CLI, can anybody help?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide