Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3599
Views
0
Helpful
2
Replies

Logging vty connections

Go to solution
fibernet570
Level 1
Level 1

‎12-22-2010 03:49 PM - edited ‎03-06-2019 02:40 PM

Hi,

I would to log all telnet connections made to my L3 switches.  I would like "show log" to capture all telnet connections made, similar to when configuration changes have been made.  From time to time, an audit is needed.

Example:

*Dec 22 18:01:07.151 EST: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.0.210)

-Mn

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
FbradleyS_2
Level 1
Level 1

‎12-27-2010 12:30 PM

Hi Mn -

Simply add a logging server (UDP port 514) to your running config:

myswitch(config)#logging 192.168.1.1

You will also find a wealth of logging settings:

myswitch(config)#logg ?
  Hostname or A.B.C.D  IP address of the logging host
  buffered             Set buffered logging parameters
  buginf               Enable buginf logging for debugging
  cns-events           Set CNS Event logging level
  console              Set console logging parameters
  count                Count every log message and timestamp last occurance
  delimiter            Append delimiter to syslog messages
  discriminator        Create or modify a message discriminator
  esm                  Set ESM filter restrictions
  exception            Limit size of exception flush output
  facility             Facility parameter for syslog messages
  file                 Set logging file parameters
  filter               Specify logging filter
  history              Configure syslog history table
  host                 Set syslog server IP address and parameters
  message-counter      Configure log message to include certain counter value
  monitor              Set terminal line (monitor) logging parameters
  on                   Enable logging to all enabled destinations
  origin-id            Add origin ID to syslog messages
  queue-limit          Set logger message queue size
  rate-limit           Set messages per second limit
  reload               Set reload logging level
  source-interface     Specify interface for source address in logging transactions
  trap                 Set syslog server logging level

Once you capture the logging to your log server, you can write scripts that help you sort through all the information.

Here are a couple of exampes:

Dec 27 15:06:47.601: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Dec 27 15:28:02.569: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)

Hope that helps,

Brad

View solution in original post

0 Helpful

Go to solution
rtjensen4
Level 4
Level 4

‎12-27-2010 12:43 PM

You can also use this:

login on-failure log
login on-success log

This will create logs like this:

Dec 27 15:42:29.200: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:] [Source: 192.168.xxx.xxx] [localport: 22] at 15:42:29 est Mon Dec 27 2010

You can have it create a log message on a successful login or a failed login.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
FbradleyS_2
Level 1
Level 1

‎12-27-2010 12:30 PM

Hi Mn -

Simply add a logging server (UDP port 514) to your running config:

myswitch(config)#logging 192.168.1.1

You will also find a wealth of logging settings:

myswitch(config)#logg ?
  Hostname or A.B.C.D  IP address of the logging host
  buffered             Set buffered logging parameters
  buginf               Enable buginf logging for debugging
  cns-events           Set CNS Event logging level
  console              Set console logging parameters
  count                Count every log message and timestamp last occurance
  delimiter            Append delimiter to syslog messages
  discriminator        Create or modify a message discriminator
  esm                  Set ESM filter restrictions
  exception            Limit size of exception flush output
  facility             Facility parameter for syslog messages
  file                 Set logging file parameters
  filter               Specify logging filter
  history              Configure syslog history table
  host                 Set syslog server IP address and parameters
  message-counter      Configure log message to include certain counter value
  monitor              Set terminal line (monitor) logging parameters
  on                   Enable logging to all enabled destinations
  origin-id            Add origin ID to syslog messages
  queue-limit          Set logger message queue size
  rate-limit           Set messages per second limit
  reload               Set reload logging level
  source-interface     Specify interface for source address in logging transactions
  trap                 Set syslog server logging level

Once you capture the logging to your log server, you can write scripts that help you sort through all the information.

Here are a couple of exampes:

Dec 27 15:06:47.601: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Dec 27 15:28:02.569: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)

Hope that helps,

Brad

0 Helpful

Go to solution
rtjensen4
Level 4
Level 4

‎12-27-2010 12:43 PM

You can also use this:

login on-failure log
login on-success log

This will create logs like this:

Dec 27 15:42:29.200: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:] [Source: 192.168.xxx.xxx] [localport: 22] at 15:42:29 est Mon Dec 27 2010

You can have it create a log message on a successful login or a failed login.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card