cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

104426
Views
10
Helpful
8
Replies
Highlighted
Beginner

How to log Success and Failed Login Attempt Details to Router into Syslog?

All,

How can I configure my Cisco 837 router to log to syslog all successful and failed login attempts to the router via any interface?  I'd like to get as much verbose information about the login attempts (success and failed) as possible including source ip address, userid attempted, etc.

Any comments and suggestions would be greatly appreciated!

James

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

archive
log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
logging on
logging 192.168.1.1
login block-for 60 attempts 3 within 60
login on-failure log every 1
login on-success log every 1

View solution in original post

8 REPLIES 8
Highlighted
Advisor

You will need to send logging to a syslog server with a level of informational.

Here's a link on configuring message logging. It's for a switch, but it should be the same for routers.

http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swlog.html

Hope it helps.

Highlighted

I'm receiving an error when trying to visit that link.  Can you copy/paste the instructions into your response?  Thanks!

James E

Highlighted

Sorry about that James, I didn't realize I was logged into CCO. Please try this link-

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_50_se/configuration/guide/swlog.html

Highlighted
Beginner

Any other specific links to routers?  I'd like little to squeeze as much information out of syslog as possible for successful and failed login attempts.

Thanks!

James

Highlighted

archive
log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
logging on
logging 192.168.1.1
login block-for 60 attempts 3 within 60
login on-failure log every 1
login on-success log every 1

View solution in original post

Highlighted

Also take a look at SNMP Authentication traps.

RTR(config)#snmp-server trap authentication ...

Highlighted

Is it possible to filter only syslog information relative to the list of this events:

User Authentication
IKE and IPSec
VPN Client
VPN Failover

If yes what will be the best process

Highlighted
Beginner

Are there any similar commands on Nexus? i want to log all attempts to establish a management connection for administrative access to nexus.Thanks