cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

550
Views
0
Helpful
2
Replies
nikolay.volkov
Beginner

ACS 5.1 login snmp tracking

Hello sirs,

Could you please answer a little question.

Is it possible to track failed login attempts to ACS instances  (both on CLI and web GUI) by snmp?

Unfortunately i haven't found such option in

Monitoring and Reports > Alarms > Thresholds >
2 REPLIES 2
nikolay.volkov
Beginner

I've figured out how to monitor failed attempts via syslog. However there is another trouble. We've many servers in a distributed deployment. Syslog set to global on all servers through our primary server (syslog writes to the syslog server and log collector). Log collector placed on the secondary server. Syslog server receives log messages about administrator logins  to the primary server, but it hasn't received any messages from another servers in deployment. I've changed settings on the primary server and it seem's that on secondary servers this setting was changed automatically (according to GUI). What can be source of problem? All related ports on fw's are open.

And there is another issue. Is that possible to monitor CLI login attempts through syslog?

I've found only this messages in catalog:

10006     INFO     Administrator Authentication and Authorization     AAC     Administrator authentication failed

33103     INFO     Internal Operations Diagnostics     CLI     User login to ACS configuration mode failed

51000     NOTICE     Administrative and Operational Audit     Administrator-Login     Administrator authentication failed

Sorry for my poor English.

So, syslog on secondary servers wasn't work because of stopped syslog process. Issue war resolved by rebooting the secondary server.

Hope that info will be helpfull for somebody.

I'm still intresting in login attempts monitoring on CLI, can anybody help?

Content for Community-Ad