Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1798
Views
0
Helpful
7
Replies

Unauthorized telnet access

Go to solution
faizanelahi
Level 1
Level 1

‎05-22-2016 12:53 AM

Hello,

Could anyone guide in writing eem script to allow users to access telnet session based on IP Address..

Or, to send email whenever some one telnets the device.

Regards,

Faizan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-22-2016 10:07 AM

If you want to limit telnet access by IP, use an access-list and access-class on the VTY lines.  EEM cannot help you there.

You can have EEM react to logon messages provided you have "login on-success log" configured.  That would be:

event manager applet telnet-login

 event syslog pattern "Login Success.*local port: 23"

 action 1.0 mail from user@company.com to user@company.com subject "Telnet Login" server 10.1.1.1 body "User just telneted to device"

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-22-2016 10:07 AM

If you want to limit telnet access by IP, use an access-list and access-class on the VTY lines.  EEM cannot help you there.

You can have EEM react to logon messages provided you have "login on-success log" configured.  That would be:

event manager applet telnet-login

 event syslog pattern "Login Success.*local port: 23"

 action 1.0 mail from user@company.com to user@company.com subject "Telnet Login" server 10.1.1.1 body "User just telneted to device"

0 Helpful

Go to solution
faizanelahi
Level 1
Level 1
In response to Joe Clarke

‎05-22-2016 09:52 PM

Thank you Joe..

That worked...

0 Helpful

Go to solution
faizanelahi
Level 1
Level 1
In response to Joe Clarke

‎05-24-2016 05:23 AM

Hi Joe,

I have another requirement, dont know will it possible or not.

As of now, whoever logins in to a device we are getting emails, up to that it is fine.

Now, i want to filter those login attempts...whenever management logins we dont want to get an email..when other persons logins it should notify us.

Is it possible ??

Regards,

Faizan. 

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to faizanelahi

‎05-24-2016 10:00 AM

Assuming it's the username, "management" you can do:

action 1.0 regexp "user: management" $_syslog_msg

action 1.1 if $_regexp_result eq 0

action 1.2  mail ...

action 1.3 end

0 Helpful

Go to solution
faizanelahi
Level 1
Level 1
In response to Joe Clarke

‎05-25-2016 12:02 AM

Thanks for your valuable suggestion joe.

Can we write something like this in one script....

Other than one user management, whoever logins send mail (Since to specify each and every name will be tough) 

is it possible with expressions ??

Regards,

Faizan.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to faizanelahi

‎05-27-2016 11:10 AM

I don't understand what you're asking here.  The snippet above will send email for every user other than "management" that logs in via telnet.

0 Helpful

Go to solution
faizanelahi
Level 1
Level 1
In response to Joe Clarke

‎05-27-2016 11:14 AM

Got it. Thanks a lot

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card