"ip ssh logging events" works well for ssh. Success -------- 000962: Mar 5 2008 21:09:14.376 NZDT: %SSH-5-SSH2_USERAUTH: User 'user' authentication for SSH2 Session from 192.168.111.10 (tty = 0) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded 000963: Mar 5 2008 21:11:06.755 NZDT: %SSH-5-SSH2_SESSION: SSH2 Session request from 192.168.111.10 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Succeeded
Failure ------ 000964: Mar 5 2008 21:11:18.498 NZDT: %SSH-5-SSH2_USERAUTH: User 'user' authentication for SSH2 Session from 192.168.111.10 (tty = 1) using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' Failed 000965: Mar 5 2008 21:11:18.498 NZDT: %SSH-5-SSH2_CLOSE: SSH2 Session from 192.168.111.10 (tty = 1) for user 'user' using crypto cipher 'aes256-cbc', hmac 'hmac-sha1' closed Ivan Aaron R wrote: > Sorry to be clear I am using local authentication only and I am referring to > remote access telnet / ssh sessions made to the device. Is there a way to > simply enable exec accounting for this? It looks like I need a radius / > tacacs server for this. Why cant I just log this to the local log when > someone connects to the device. Doesn't seem like a tall order :) > > Cheers, > > Aaron. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron R > Sent: Wednesday, March 05, 2008 4:39 PM > To: 'Hank Nussbacher'; cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Logging remote access logins > > Hi Guys, > > I am using a local username and password configured on my devices and yes I > know how to log with an ACL cheers for that tho. > > Thanks, > > Aaron. > > -----Original Message----- > From: Hank Nussbacher [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 05, 2008 4:15 PM > To: Aaron R; cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Logging remote access logins > > At 03:14 PM 05-03-08 +0900, Aaron R wrote: > >> Hey guys, >> >> >> >> Is there an easy way to log remote access login attempts on the cisco kit? >> > I > >> see there is a way to enable configuration change logs but I don't see an >> option to log accepted logins / failed logins etc. >> > > 1) Log which IPs logged in or were rejected: > line vty 0 4 > access-class 15 in > ! if IPv6 enabled - don't forget to have access-class on ipv6 as well > ipv6 access-class vty in > transport input telnet ssh > ! > access-list 15 permit xx.40.yy.69 log > access-list 15 permit xx.102.yy.47 log > access-list 15 deny any log > > 2) logging userinfo: > http://ioshints.blogspot.com/2006/11/log-user-privilege-level-changes.html > > -Hank > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/