Howto log failed login attempts? [7:64146]
I would like to log all failed (and maybe even all successful) login attempts on a router to my syslog server, but I can't find a way to do this. Since I'm using a local user database, with login local on the VTY, I would like to see what user acconts are beeing tried at the logon prompt. Can anyone tell me if this is possible to do and also howto do it. Thanks /Johan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64146t=64146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Howto log failed login attempts? [7:64146]
Kiwi makes a good Syslog server. -dlb Johan Hjalmarsson wrote in message news:[EMAIL PROTECTED] I would like to log all failed (and maybe even all successful) login attempts on a router to my syslog server, but I can't find a way to do this. Since I'm using a local user database, with login local on the VTY, I would like to see what user acconts are beeing tried at the logon prompt. Can anyone tell me if this is possible to do and also howto do it. Thanks /Johan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64148t=64146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Howto log failed login attempts? [7:64146]
Hi, the solution to this is the Cisco Security Server ACS. If you authenticate the users via this AAA Server it will log the successful and failed attempts. One server will do it for all routers and switches on the network. AAA means authentication, authorisation and accounting. This means you can define WHO can do WHAT and log WHEN they did it. This can include all commands entered on a router console with date and time. You find more information in the Cisco BCRAN taining course and the Remote access books. The ACS server is also part of Wireless LAN and other security solutions and VoIP accounting. With kind regards Jens Neelsen --- Johan Hjalmarsson wrote: I would like to log all failed (and maybe even all successful) login attempts on a router to my syslog server, but I can't find a way to do this. Since I'm using a local user database, with login local on the VTY, I would like to see what user acconts are beeing tried at the logon prompt. Can anyone tell me if this is possible to do and also howto do it. Thanks /Johan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64150t=64146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Howto log failed login attempts? [7:64146]
I don't know if this is doable since you are doing it locally. My advice to you is that this is not a scalable solution. What really want is TACACS+ server. If you are cheap like myself, you can build your own tacacs+ server running on an Intel 486 machine with 32MB of RAM with the OS being linux or FreeBSD. The tacacs server source code is located at ftp://ftp-eng.cisco.com/pub/tacacs If you are unix illiterated, then you have to shell out money for Cisco ACS running on Winblows 2k Server platform (it sucks by the way). The tacacs+ server will let you do Authentication, Authorization and Accounting (logging successful and unsuccessful login attempts) and most important of all, it is scalable. Eric Johan Hjalmarsson wrote:I would like to log all failed (and maybe even all successful) login attempts on a router to my syslog server, but I can't find a way to do this. Since I'm using a local user database, with login local on the VTY, I would like to see what user acconts are beeing tried at the logon prompt. Can anyone tell me if this is possible to do and also howto do it. Thanks /Johan Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64168t=64146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]