12-22-2010 03:49 PM - edited 03-06-2019 02:40 PM
Hi,
I would to log all telnet connections made to my L3 switches. I would like "show log" to capture all telnet connections made, similar to when configuration changes have been made. From time to time, an audit is needed.
Example:
*Dec 22 18:01:07.151 EST: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.0.210)
-Mn
Solved! Go to Solution.
12-27-2010 12:30 PM
Hi Mn -
Simply add a logging server (UDP port 514) to your running config:
myswitch(config)#logging 192.168.1.1
You will also find a wealth of logging settings:
myswitch(config)#logg ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurance
delimiter Append delimiter to syslog messages
discriminator Create or modify a message discriminator
esm Set ESM filter restrictions
exception Limit size of exception flush output
facility Facility parameter for syslog messages
file Set logging file parameters
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
queue-limit Set logger message queue size
rate-limit Set messages per second limit
reload Set reload logging level
source-interface Specify interface for source address in logging transactions
trap Set syslog server logging level
Once you capture the logging to your log server, you can write scripts that help you sort through all the information.
Here are a couple of exampes:
Dec 27 15:06:47.601: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Dec 27 15:28:02.569: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Hope that helps,
Brad
12-27-2010 12:43 PM
You can also use this:
login on-failure log
login on-success log
This will create logs like this:
Dec 27 15:42:29.200: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:
You can have it create a log message on a successful login or a failed login.
12-27-2010 12:30 PM
Hi Mn -
Simply add a logging server (UDP port 514) to your running config:
myswitch(config)#logging 192.168.1.1
You will also find a wealth of logging settings:
myswitch(config)#logg ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurance
delimiter Append delimiter to syslog messages
discriminator Create or modify a message discriminator
esm Set ESM filter restrictions
exception Limit size of exception flush output
facility Facility parameter for syslog messages
file Set logging file parameters
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
queue-limit Set logger message queue size
rate-limit Set messages per second limit
reload Set reload logging level
source-interface Specify interface for source address in logging transactions
trap Set syslog server logging level
Once you capture the logging to your log server, you can write scripts that help you sort through all the information.
Here are a couple of exampes:
Dec 27 15:06:47.601: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Dec 27 15:28:02.569: %SYS-5-CONFIG_I: Configured from console by brad on vty0 (192.168.1.100)
Hope that helps,
Brad
12-27-2010 12:43 PM
You can also use this:
login on-failure log
login on-success log
This will create logs like this:
Dec 27 15:42:29.200: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user:
You can have it create a log message on a successful login or a failed login.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide