Re: loggin AAA event in syslog

xine xine · ‎03-12-2010

Hi !

we currently deploy AAA concept on our network. We would like to know if the AAA process can log some elements onour AAA clients about the AAA process it self. Exemple AAA server was'nt reachable, AAA process was'nt started, attributes assing to a specific session, etc. not necessaly about what the user was doing locally on the switches (command executed in the CLI).

We have a wide range of AAA clients on our network starting with Catalyst 1900 to Catalyst 6509 with a lot of other plate-form between thoses like :

2924, 2950,2960, 3560, 3550, 4900, 2811, 2801, 1700, 1721, and others...

I know some command maybe availaible on some and willl not on others...

thanks a lot in advanced !

Ganesh Hariharan · ‎03-13-2010

Hi !
we
currently deploy AAA concept on our network.  We would like to know if
the AAA process can log some elements onour AAA clients about the AAA
process it self.  Exemple AAA server was'nt reachable, AAA process
was'nt started,  attributes assing to a specific session, etc. not
necessaly about what the user was doing locally on the switches
(command executed in the CLI).
We
have a wide range of AAA clients on our network starting with Catalyst
1900 to Catalyst 6509   with a lot of other plate-form between thoses
like :
2924, 2950,2960, 3560, 3550, 4900, 2811, 2801, 1700, 1721, and others...  
I know some command maybe availaible on some and willl not on others...
thanks a lot in advanced !

Hi,

There are eight different logging levels.

    * 0—emergencies
    * 1—alerts
    * 2—critical
    * 3—errors
    * 4—warnings
    * 5—notification
    * 6—informational
    * 7—debugging

The default level for console, monitor, and syslog is debugging.By default, the router logs anything at the level of debugging and greater. That means that logging occurs from level 7 (debugging) up to level 0 (emergencies). If you want to par down what the system logs, use something like the logging console notifications command.In addition, the router doesn't enable logging to the system buffer by default. That's why you must use the logging buffered command to enable it.

Hope to Help !!

Remember to rate the helpful post

Ganesh.H

xine xine · ‎03-15-2010

Hi !

I maybe missed explain myself, I would not modify loggin level on our AAA clients devices. Cuurently the loggin level is set to "informationnal"

What I would like to have is some information about AAA process in the syslog if it is possible..

here is a copy paste of a part of one of our switch

013600: Mar 15 01:04:41: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: USERNAME] [Source: IP ADDRESS] [localport: 22] at 01:04:41 EDT Mon Mar 15 2010
013601: Mar 15 01:04:41: %SSH-5-SSH2_USERAUTH: User 'USERNAME' authentication for SSH2 Session from IP ADDRESS (tty = 1) using crypto cipher '3des-cbc', hmac 'hmac-sha1' Succeeded
013602: Mar 15 01:04:46: %SEC-6-IPACCESSLOGS: list VTY_access permitted IP ADDRESS 4 packets
013603: Mar 15 01:04:51: %SSH-5-SSH2_SESSION: SSH2 Session request from IP ADDRESS (tty = 1) using crypto cipher '3des-cbc', hmac 'hmac-sha1' Succeeded
013604: Mar 15 01:04:51: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: USERNAME] [Source: .IP ADDRESS] [localport: 22] at 01:04:51 EDT Mon Mar 15 2010
013605: Mar 15 01:04:51: %SSH-5-SSH2_USERAUTH: User 'USERNAME' authentication for SSH2 Session from IP ADDRESS (tty = 1) using crypto cipher '3des-cbc', hmac 'hmac-sha1' Succeeded
013606: Mar 15 01:09:46: %SEC-6-IPACCESSLOGS: list VTY_access permitted IP ADDRESS 4 packets

In that log we can see SSH process as log some information in the log, also we had deploy VTY acess list on our line VTY, in the log we are able to see the user as sucessfully try to log from IP ADDRESS.

maybe this option is not available, but if it is maybe I have to add some command configuration to my AAA clients.