10-18-2007 11:39 PM - edited 03-03-2019 07:14 PM
Hi, We are using Cisco 877's and 1841's for VPN's. How can I send valid and invalid login telnet attempts to my syslog server?
Currently I have not auditing. They are using 12.4 IOS.
10-22-2007 09:20 AM
Andy
I have sent config changes using the aaa accounting for level 15 commands. This will send all level 15 commands including the config commands to the aaa accounting function. I have used this and it works pretty well. Until recently that was the only way that I knew to track config changes. Cisco introduced a new feature in 12.3(4)T that does give the ability to log config changes in syslog. This link has information about this new feature:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f73.html
HTH
Rick
10-23-2007 04:38 AM
Hi, it's working very well on my other routers accept one router where I have privilege level 10, the chaps in the US have 15:
line con 0
password xxx
login
line aux 0
line vty 0 4
privilege level 15
password xxx
login local
transport input telnet
line vty 5 15
privilege level 15
password xxx
login local
transport input telnet
line vty 16 807
password xxx
login
I've added:
archive
log config
logging enable
logging size 200
notify syslog
hidekeys
and
login on-failure log
login on-success log
logging trap notifications
logging source-interface FastEthernet0/0
logging 192.168.211.119
I get nothing in the syslog server
10-23-2007 05:59 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide