On Thu, 29 May 2003, Willem van der Walt<[EMAIL PROTECTED]> wrote: > Hi, > My bos wants a weekly list of user accesses to our dialup service, showing > at what time who was logged in for how long. > We hav a Cisco 2610 router with 16 integrated modems. > The phone lines is in a hunting group and linked to a single number that > the users dial to get in. > Using snmptrapd on rh 8, i now get some traps logged. > I also have set up the Cisco to log remotely to the syslog on the rh box. > I am getting the interface state changes for the async interfaces in both > the /var/messages file from syslog and thesnmptrapd.log which is where > snmptrapd is now logging the snmp stuff. > My problem is that i do not get the info of which Cisco user has dialed > in.
I log these types of events on my RADIUS server. But, for syslog IOS seems to honor the type.level conventions. So, if IOS is issuing login/logout as auth.notice or auth.info and your only logging *.err or *.warning then you might never actually write the login/out information to file. Try adding a "auth.* /var/log/auth" to your syslog.conf (and HUP or restart your syslogd). Also, it sounds like the SNMP traps are set to the classic Cisco example of: snmp-server enable traps snmp linkup linkdown You need to change this to: snmp-server enable traps snmp authentication linkup linkdown I also can't remember if snmptrapd logs everything or only events defined in your MIB file. You may need to make sure your MIB file is correct for logging Cisco authentication events. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
