Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1031
Views
0
Helpful
4
Replies

SNMP traps for switch login not getting sent to syslog server

dbuckley77
Level 1
Level 1

‎11-15-2019 11:55 AM

Our network consists of primarily 3560G, 2960G and 2960X switches that we have configured to send snmp traps to a syslog server but not all of the switches are sending traps for user logins despite being configured the same.  need assistance.

 

Below is what we have configured:

 

login on-failure log
login on-success log

 

logging trap notifications
logging host 10.100.x.xx

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎11-16-2019 03:40 AM

when you mentioned all are not sending -  is this means some switches sending as expected?

 

Can you give us what model of switchable to send which one not sending the logs as expected?

 

can you post-show version of that be working and not working to look?

 

Hope Syslog server reachable to all the devices - this is a basic requirement (just checking to make sure it has reachability).

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dbuckley77
Level 1
Level 1
In response to balaji.bandi

‎11-18-2019 11:09 AM - edited ‎11-04-2020 11:11 AM

Most of the switches we're having issues with are 2960Gs.  

 

I posted a config from one of them below.  I think it's an IOS issue.  On the switch below we're running 15.0(2)SE8  and cannot send the login messages to the syslog server which I verified is reachable.  On another 2960G we have 12.2(44)SE6  and it's working.

 

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
!
username XXXXXX privilege 10 password 7 XXXXXXXXXXXXXXX
username XXXXXXX password 7 XXXXXXXXXXXXXXXXX
aaa new-model
!
!
aaa authentication login default group radius local
aaa authentication login CONSOLE local
aaa authorization exec default if-authenticated
!
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
system mtu routing 1500
!
!
ip domain-name XXXXXXXXXX
ip name-server 10.100.5.11
ip name-server 10.100.6.4
login on-failure log
login on-success log
!
!
crypto pki trustpoint TP-self-signed-2963449728
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2963449728
revocation-check none
rsakeypair TP-self-signed-2963449728
!
!
crypto pki certificate chain TP-self-signed-2963449728
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393633 34343937 3238301E 170D3933 30333031 30303031
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363334
34393732 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C0AD D8D2DFBA 99E0F20B E0EBD83A 92B8B1E7 F97A53EE 1C3B63AE 34D5AAA6
D3C01F7D 7B77D1D6 EC804498 782B4154 71C94341 FF8ED66C 4D3F30A2 84FEE737
12D162BC A08B5DD9 82DE4FA9 A185B5A8 5F0257D2 60FDB4D3 8A1C11E4 E179E3C8
8336726B 207372A4 A37C7C59 110A2DBD 073CB103 410D4109 8F41749A 47DA455C
7E6B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 1743482D 49542D32 39363047 2E6E6173 6875612E 63697479
301F0603 551D2304 18301680 1428B402 A405DB25 E6813BDE D41F3738 8047CA73
AF301D06 03551D0E 04160414 28B402A4 05DB25E6 813BDED4 1F373880 47CA73AF
300D0609 2A864886 F70D0101 04050003 81810028 5B56680D CD2E0C12 4C111633
9FDF21C1 B334598C F46E9F96 29534042 28B8883B 43830A86 17A8FFA9 069D25D3
45CDBBB6 61E08F7D 152A0AE7 7D1737B1 F64483E3 83A0E4EF F25FCA50 A6AEEFAE
F9FEBE21 69264414 352EBB21 F9CCEB2D DB3D02A0 9C3149E7 B2C17B2F 7757890D
D74C85F1 F1E6EC53 C191F4E1 C4CBF318 1F08BD
quit
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 7 priority 61440
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
ip scp server enable
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 32
switchport trunk native vlan 30
switchport trunk allowed vlan 25,30,860
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport access vlan 7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport access vlan 22
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport access vlan 32
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport access vlan 95
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport access vlan 109
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
switchport access vlan 110
switchport mode access
speed 100
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
description XXXXXXXXXXXXXXXX
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.100.2.61 255.255.255.0
!
ip default-gateway 10.100.XXX.XXX
no ip http server
ip http access-class 5
ip http authentication local
ip http secure-server
logging trap notifications
logging host 10.100.6.56
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X
access-list 5 permit 10.100.X.X 0.0.0.255
access-list 5 permit 10.100.X.X 0.0.0.63
snmp-server community XXXXXXXXXXXXX RO
radius-server host 10.100.X.X auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 3
radius-server key 7 xxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
line con 0
login authentication CONSOLE
line vty 0 4
session-timeout 3500
access-class 5 in
privilege level 15
transport input ssh
line vty 5 15
!
ntp server 10.100.X.X
end

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to dbuckley77

‎11-18-2019 02:30 PM

try adding below command - see that works :

 

ip ssh logging events

 

if not could be a bug, if you get chance try different 15.X  train.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎11-16-2019 03:53 AM

Hello,

 

there are numerous bugs that could apply, such as the one below:

 

3750 running 122-35.SE2 will not log login failures
CSCsi16935
Description

Symptom:
3750 running 12.2(35)SE2 code will not log failed login attempts when "login
on-failure log" is configured. It will log successful attempts, just not
failed attempts.
The log one would expect to see is %SEC_LOGIN-4-LOGIN_FAILED


Condition:
- 3750 running 12.2(35)SE2
- Failed login attempt
- "login on-failure log" is configured

Workaround:

Configure "login block-for" in conjunction with "login on-failure".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card