Re: Can you log successful telnet session to the router?

andysaykao · ‎08-28-2007

Hi There,

Is there a way to log successful logins/telnet to the router?

Say JoeBlow has access and telnets successfully to the router. I want to be able to do a "show log" on the router and see that JoeBlow logged in at this time and date. Is there a way to do this??? I also want to log when someone changes to enable mode.

I'm using IOS 12.3(22) on a Cisco 7206VXR.

Thanks in advance.

Andy

Joe Clarke · ‎08-28-2007

This is not doable without an external authentication server unless you are running 12.3(4)T or higher or 12.2(25)S or higher. On those versions of IOS, you can use the "login on-success" command to configure logging of successful login attempts to the device.

andysaykao · ‎08-29-2007

Thanks heaps.

We won't be upgrading IOS soon but it's nice to know.

andysaykao · ‎08-29-2007

Is there a way to have multiple routers log to one syslog server and have the log files separated so that messages sents from router1 gets logged to router1.log, router2 gets logged to router2.log, etc ???

Thanks.

mnlatif · ‎08-30-2007

You can have each router send logs with its own unique facility "logging facility local0" etc. Then at the traditional unix syslog server you can modify the syslog conf file to store messages from different facilities into different files.

However this solution is not scalable as you only have local0-local7 facilities available.

A much better and scalable solution is to use a different syslog server, which can look inside the message (beyond the facility level) and then place them into appropriate files.

syslog-ng (http://www.balabit.com/network-security/syslog-ng/) is excellent and free. Its also included with most linux distros.

You can use it to filter on almost any thing in the message (You can filter it based on the sending device) and then store messages into their specific files. The messages can even be stored directly into a mySQL database.

\\ Naman