SNMP traps for switch login not getting sent to syslog server

dbuckley77 · ‎11-15-2019

Our network consists of primarily 3560G, 2960G and 2960X switches that we have configured to send snmp traps to a syslog server but not all of the switches are sending traps for user logins despite being configured the same. need assistance.

Below is what we have configured:

login on-failure log
login on-success log

logging trap notifications
logging host 10.100.x.xx

balaji.bandi · ‎11-16-2019

when you mentioned all are not sending - is this means some switches sending as expected?

Can you give us what model of switchable to send which one not sending the logs as expected?

can you post-show version of that be working and not working to look?

Hope Syslog server reachable to all the devices - this is a basic requirement (just checking to make sure it has reachability).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dbuckley77 · ‎11-18-2019

Most of the switches we're having issues with are 2960Gs.

config

balaji.bandi · ‎11-18-2019

try adding below command - see that works :

ip ssh logging events

if not could be a bug, if you get chance try different 15.X train.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎11-16-2019

Hello,

there are numerous bugs that could apply, such as the one below:

3750 running 122-35.SE2 will not log login failures
CSCsi16935
Description

Symptom:
3750 running 12.2(35)SE2 code will not log failed login attempts when "login
on-failure log" is configured. It will log successful attempts, just not
failed attempts.
The log one would expect to see is %SEC_LOGIN-4-LOGIN_FAILED

Condition:
- 3750 running 12.2(35)SE2
- Failed login attempt
- "login on-failure log" is configured

Workaround:

Configure "login block-for" in conjunction with "login on-failure".