03-11-2016 09:09 AM - edited 03-05-2019 03:32 AM
Hi all.
It was he setting a cisco switch 2960S, the ssh logging, the configuration I have is:
Additionally
In the log, shows me the following
11:49:52 2016/03/11 SNMPv2-SMI::enterprises.9.9.41.2.0.1 Normal "Status Events" x.x.x.x - ZBXTRAP x.x.x.x
clogHistFacility : SSH
clogHistSeverity : 6
clogHistMsgName : SSH2_SESSION
clogHistMsgText : SSH2 Session request from x.x.x.x (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
clogHistTimestamp : 61:14:30:02.43
clogHistFacility : SEC_LOGIN
clogHistSeverity : 6
clogHistMsgName : LOGIN_SUCCESS
clogHistMsgText : Login Success [user:xxxx] [Source: x.x.x.x] [localport: 22] at 14:30:12 UTC Sat May 1 1993
clogHistTimestamp : 61:14:30:12.85
11:50:03 2016/03/11 SNMPv2-SMI::enterprises.9.9.41.2.0.1 Normal "Status Events" x.x.x.x - ZBXTRAP 172.18.0.23
clogHistFacility : SSH
clogHistSeverity : 6
clogHistMsgName : SSH2_USERAUTH
clogHistMsgText : User 'xxx' authentication for SSH2 Session from x.x.x.x (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
clogHistTimestamp : 61:14:30:12.85
When I exit the terminal ssh, ssh does not show the SSH2_Close, to know when the user disconnected
I need to configure something else?
I hope you can help me..
Solved! Go to Solution.
03-14-2016 08:39 AM
Fantastic! Glad the upgrade solved the problem! Thank you for taking the time to post back and let us know that the issue was with that version of code (+5 from me).
Since your issue is resolved, you should mark the thread as "answered" :)
Thank you for rating helpful posts!
03-12-2016 08:37 AM
Hmm, your config looks good. I just tested this in my lab and I ams seeing the following log message:
Mar 12 16:15:29.245: %SSH-5-SSH2_CLOSE: SSH2 Session from x.x.x.x (tty = 0) for user 'removed' using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' closed
Here is my config
Perhaps you are hitting a bug?
NS-3560c-01# sh run | i logging
logging buffered informational
logging console warnings
ip ssh logging events
logging source-interface Vlan30
logging host x.x.x.x
Thank you for rating helpful posts!
03-14-2016 07:37 AM
Hi Neno.
First thank you for your help. I added the command "logging buffered informational" and "configure warnings" and the problem was the same.
As I have another 2960S, updated the IOS version 12.2 (55) SE7 and began to run correctly.
Apparently version 12.2 (55) SE5 has a bug with SSH, being you need to upgrade to a higher version.
03-14-2016 08:39 AM
Fantastic! Glad the upgrade solved the problem! Thank you for taking the time to post back and let us know that the issue was with that version of code (+5 from me).
Since your issue is resolved, you should mark the thread as "answered" :)
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide