04-21-2010 12:06 AM
Hello!
How can i log failed telnet acccess on router (old IOS no enhanced login)
I try
logging trap debugging (informational also)
logging MARS IP
snmp-server enable traps tty syslog
snmp-server host IPOF MARS
and I add router in MARS
but I just get some SNMP messages like serial link down....
REGARDS
04-23-2010 12:19 PM
Fisko,
The command you're looking for to log telnet or ssh logins would be one of the following depending on your needs:
login on-failure log
login on-success log
That would cover successful or failed logins regardless of whether it was telnet, ssh, or console. So it wouldn't log failed connection attempts to the telnet or ssh port. To do that you would create an access list to deny telnet or ssh traffic and add "log" to the end of the ACL statement to log those also.
Then you need to have your router send syslog messages to MARS.
logging x.x.x.x
logging trap
All of these commands were examples from one of my routers that is running AAA. I'm almost positive that you don't need to have AAA enabled in order to use the "login on-failure" or "login on-success" features, but if you're running recent code and it still isn't working try turning on AAA.
04-27-2010 03:53 AM
Well as I said in first post...I have old IOS 12.3 not 12.4 that have those enhanced logging functionality...
THANKS FOR THE RESPONSE!
04-27-2010 06:54 PM
One solution would be to use an ACLs on the VTY with logging. This will at least get the source IP addresses of all attempted telnet connections. You can do this by:
1) Create a standard ACL. Add applicable permit or deny statements based on which traffic you want to all. To catch failed telnet attempts, add the "log" option to the end of the deny statements. Example:
ip access-list standard TELNET-ACL
permit 192.168.0.3
permit 192.168.100.0 0.0.0.255
deny any log
2) Apply the ACL to the VTY interfaces. Something like this (acl named TELNET-ACL):
line vty 0 15
access-class TELNET-ACL in
transport input telnet
That will create logs that will be sent to MARS, plus it's a good security practice that should be used when possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide