Showing results for 
Search instead for 
Did you mean: 

user logon events

Level 1
Level 1

Hello, on our 2960 and 3560 switches we would like to log 'user logon' events i.e. who logs on and when.

What is the best way to do this without incurring too much load on the device e.g. I was thinking of sys-logging 'informational', but then we would generate too many unnecessary events.

Is there any way just to log user logon events ?

Thanks kindly for any information.

6 Replies 6

Milos Megis
Level 3
Level 3

Hi, with command "logging userinfo" you can track changes of privilege level.

I don´t know command to track user log on.

Level 1
Level 1

Hello, we have about 100 different Cisco switches. Would it be a good idea to set up TACACS/RADIUS authentication for log on to these switches ? Then we would have records of user logon events which is what we are trying to achieve.

What do you do for backup i.e. if the TACACS/RADIUS server is unreachable, we would need a backup method of switch logon.

Thanks for any info.

If you have so many devices then RADIUS/TACACS will be better solution.
But I don´t know to help you with this.

However if you configure tacacs authentication (AAA), you can specify that in case when tacacs server will be unreachable, then switch should use local database (command: username xyz privilege 15 secret xxx).
If tacacs server is available then login from local database will not be accepted by switch.

Rolf Fischer
Level 9
Level 9


a very simple solution would be to enable the global configuration commands

login on-failure log
login on-success log

The syslog severity levels are


There is also an option to send SNMP traps to your NMS:

login on-failure trap
login on-success trap


Thank you

Hi Guys. How to do this for Cisco SG350X which does not run IOS? Thanks!