Hi, Thanks for the answer. I am beginning to suspect a bug in the Cisco software version we are running. It takes the snmp-server command to enable authentication but afterwards when one does a sh conf, it does not show it. As far as the syslog goes, i have added the line to log auth at priority * to a sepperate file. i have also changed the syslog level on the Cisco from notifications to informational. Apart from getting my linux logins in my new seperate logfile, there is no difference in what i am getting. I will now look for software upgrades on the router. thanks aggain for your detailled suggestion. regards, Willem
On Thu, 29 May 2003 [EMAIL PROTECTED] wrote: > On Thu, 29 May 2003, Willem van der Walt<[EMAIL PROTECTED]> wrote: > > > Hi, > > My bos wants a weekly list of user accesses to our dialup service, showing > > at what time who was logged in for how long. > > We hav a Cisco 2610 router with 16 integrated modems. > > The phone lines is in a hunting group and linked to a single number that > > the users dial to get in. > > Using snmptrapd on rh 8, i now get some traps logged. > > I also have set up the Cisco to log remotely to the syslog on the rh box. > > I am getting the interface state changes for the async interfaces in both > > the /var/messages file from syslog and thesnmptrapd.log which is where > > snmptrapd is now logging the snmp stuff. > > My problem is that i do not get the info of which Cisco user has dialed > > in. > > I log these types of events on my RADIUS server. But, for syslog IOS > seems to honor the type.level conventions. So, if IOS is issuing > login/logout as auth.notice or auth.info and your only logging *.err or > *.warning then you might never actually write the login/out information to > file. Try adding a "auth.* /var/log/auth" to your syslog.conf (and HUP > or restart your syslogd). > > Also, it sounds like the SNMP traps are set to the classic Cisco example > of: > snmp-server enable traps snmp linkup linkdown > > You need to change this to: > snmp-server enable traps snmp authentication linkup linkdown > > I also can't remember if snmptrapd logs everything or only events defined > in your MIB file. You may need to make sure your MIB file is correct for > logging Cisco authentication events. > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list