11-15-2019 11:55 AM
Our network consists of primarily 3560G, 2960G and 2960X switches that we have configured to send snmp traps to a syslog server but not all of the switches are sending traps for user logins despite being configured the same. need assistance.
Below is what we have configured:
login on-failure log
login on-success log
logging trap notifications
logging host 10.100.x.xx
11-16-2019 03:40 AM
when you mentioned all are not sending - is this means some switches sending as expected?
Can you give us what model of switchable to send which one not sending the logs as expected?
can you post-show version of that be working and not working to look?
Hope Syslog server reachable to all the devices - this is a basic requirement (just checking to make sure it has reachability).
11-18-2019 11:09 AM - edited 12-09-2024 11:04 AM
Most of the switches we're having issues with are 2960Gs.
config
11-18-2019 02:30 PM
try adding below command - see that works :
ip ssh logging events
if not could be a bug, if you get chance try different 15.X train.
11-16-2019 03:53 AM
Hello,
there are numerous bugs that could apply, such as the one below:
3750 running 122-35.SE2 will not log login failures
CSCsi16935
Description
Symptom:
3750 running 12.2(35)SE2 code will not log failed login attempts when "login
on-failure log" is configured. It will log successful attempts, just not
failed attempts.
The log one would expect to see is %SEC_LOGIN-4-LOGIN_FAILED
Condition:
- 3750 running 12.2(35)SE2
- Failed login attempt
- "login on-failure log" is configured
Workaround:
Configure "login block-for" in conjunction with "login on-failure".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide