I don't believe you can use SYSLOG to track logins via AAA on an IOS router (however you can with a PIX/ASA). You'll need to setup aaa accounting to your radius server to track that:
aaa authentication ppp VTYAUTH group radius local aaa authorization network VTYPRIV group radius local aaa accounting network VTYACCT start-stop group radius interface Virtual-Template0 ip unnumbered Loopback0 no peer default ip address ppp authentication pap VTYAUTH ppp authorization VTYPRIV ppp accounting VTYACCT radius-server host X.X.X.X auth-port 1812/1645 acct-port 1813/1646 key cisco HTH, Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED] 317.244.8307 (V) 317.244.4600 (F) -----Original Message----- From: Neil Standley [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 4:32 PM To: NT System Admin Issues Subject: RE: Cisco help Oh right, sorry should've included that. 3660 router. Here's what we currently have. logging exception 8192 logging buffered 8192 debugging no logging console aaa new-model aaa authentication ppp USWest-dsl group radius local aaa authorization network default group radius local aaa accounting update periodic 5 aaa accounting commands 7 default start-stop group radius aaa accounting network default start-stop group radius logging history size 300 logging history debugging logging trap debugging logging source-interface Ethernet1/0 logging x.x.x.x Thanks! Neil -----Original Message----- From: Candee Vaglica [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:24 PM To: NT System Admin Issues Subject: Re: Cisco help So, you're logging from what? A PIX? A switch? If it's a PIX or ASA, you have to set the level of logging on the appliance itself. On Tue, Aug 26, 2008 at 4:19 PM, Neil Standley <[EMAIL PROTECTED]> wrote: > Hi All, > > > > I'm pretty green when it comes to Cisco but I need some help and I haven't > been able to get the answers I need from Google or my Cisco in a nutshell > book. I am trying to setup syslogging so that I get authentication info for > our dial up and DSL customers. Syslogging itself is working but all I see > is stuff like this. > > > > 25w3d: %SYS-5-CONFIG_I: Configured from console by admin on vty1 (x.x.x.x) > > 25w3d: %SYS-5-CONFIG_I: Configured from console by admin on vty1 (x.x.x.x) > > 25w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access115, > changed state to down > > 25w3d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access115, > changed state to up > > > > At some point in the past we've been able to see the auth logins and > failures via the vty console but somehow it stopped working. I can gladly > post the necessary parts of our config if that helps. > > > > > > Thanks in advance! > > > > > > Neil > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
