cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
22773
Views
5
Helpful
9
Replies

SSH and Telnet Logs

eng_ali_83
Level 1
Level 1

Hi,

I want to enable ssh/telnet logs when somebody login/logout to Rtr/SW , I have used the follwoing commands , but it is not working on all routers specially when someone logout from the session ,

Rtr(config)# logging host <syslogs ip address>

Rtr(config)# logging trap 6

Rtr(config)# logging on

Rtr(config)# login on-failure log

Rtr(config)# login on-failure trap

Rtr(config)# login on-success log

Rtr(config)# login on-success trap

 

-for router 2900 series the logout session working well and it gives me the following message at the syslogs server:

Wed Aug 23 13:03:36 2017;192.168.1.1; <190>217: *Aug 23 10:00:16.426: %SYS-6-LOGOUT: User admin has exited tty session 388(192.168.2.183)

 

unfortunately I dont know why it does not work on 2800 series for the same config , syslogs server receive nothing when somebody logout from telent/ssh session .

Line vty config as follow:

line vty 0 4

privileg level 15

login local

login

transport input telnet ssh

 

Thanks for your help


success

 

9 Replies 9

Mark Malone
VIP Alumni
VIP Alumni

Hi

As another option look at Keith Barkers post on EEM in this link for doing the same , i havent got any 28s anymore to test with but looking at your syntax it looks correct , maybe your hitting some odd bug on the 2800

 

https://learningnetwork.cisco.com/thread/12555

As far as I understood , log message should appear on the console (console loggin and terminal logging) after that I can use EEM , my problem was "Logout" message of Telnet/ssh does not appear at all at the console logs , if the Telnet/ssh got session timeout the following message succesfully appear on the console:
%SYS-6-TTY_EXPIRE_TIMER: (exec timer expired, tty 0 (0.0.0.0)), user

but nothing appear at all for "Logout" or when exit the Telnet/ssh session (I mean the following message )
%SYS-6-LOGOUT: User admin has exited tty session 388(192.168.2.183)

This issue related to Rtr 2800 series , 2900 working fine

Thank you for your help

personally i would try a different software code on one of the 28s and see if the issue is just related to the current code , it could be an odd bug your hitting, i dont see any other reason why it would work on 29s but not 28s

Yes already upgraded to the latest ios version with no difference

Hi

In order to register the logs for SSH, you must configure:

ip ssh logging event

 

Also I recommend use archive command:

 

archive
log config
logging enable
logging size 300
notify syslog contenttype plaintext
hidekeys

 

logging buffered <size>

 

It will help you to see all the users and changes made on your devices.

 

Hope it is useful

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

.

Hi

You can try enabling the following commands:

 router# terminal monitor

then

configure terminal

logging monitor (5 o 6)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Unfortunately still not working , only the following message appears when telnet timeout occurred:

"%SYS-6-TTY_EXPIRE_TIMER: (exec timer expired, tty 0 (0.0.0.0)), user"

I would strongly recommend disabling telnet.  Having said that, I know there are some business cases where disabling telnet causes operational issues, so moving on....

Have you tried this? 

Catalyst3850-IOS_XE_3.7.0E(config)# logging buffered 7

I'm not sure if your device has that syntax, but in any event that turns on "debug" level logging to syslog.  It's turns on a MASSIVE amount of logging (25MB per day on each Nexus 9372PX-E where I have it standard on all my units), so use it judiciously, but if that works then that should be able to at least get you started and you can perhaps enable logging filter, or use lower-level logging.

Review Cisco Networking for a $25 gift card