Log telnet logins to a syslog server? - Page 2

whiteford · ‎10-18-2007

Hi, We are using Cisco 877's and 1841's for VPN's. How can I send valid and invalid login telnet attempts to my syslog server?

Currently I have not auditing. They are using 12.4 IOS.

Richard Burts · ‎10-22-2007

Andy

I have sent config changes using the aaa accounting for level 15 commands. This will send all level 15 commands including the config commands to the aaa accounting function. I have used this and it works pretty well. Until recently that was the only way that I knew to track config changes. Cisco introduced a new feature in 12.3(4)T that does give the ability to log config changes in syslog. This link has information about this new feature:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f73.html

HTH

Rick

HTH

Rick

whiteford · ‎10-23-2007

Hi, it's working very well on my other routers accept one router where I have privilege level 10, the chaps in the US have 15:

line con 0

password xxx

login

line aux 0

line vty 0 4

privilege level 15

password xxx

login local

transport input telnet

line vty 5 15

privilege level 15

password xxx

login local

transport input telnet

line vty 16 807

password xxx

login

I've added:

archive

log config

logging enable

logging size 200

notify syslog

hidekeys

and

login on-failure log

login on-success log

logging trap notifications

logging source-interface FastEthernet0/0

logging 192.168.211.119

I get nothing in the syslog server

whiteford · ‎10-23-2007

His is the config:

thing is I have just noticed it was working yesterday, well the login successes was, now it doesn't. I've not changed a thing.