Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Logging login events

Reply
Thread Tools

Logging login events

 
 
scardinal@yahoo.com
Guest
Posts: n/a
 
      06-24-2005
I have a PIX 515 running 6.3(3) and sending events to a remote syslog
server. I am trying to setup a log monitor (SEC) on my syslog host and
would like to watch the PIX entries for login attempts and any time a
configuration is changed (using write memory). However, no matter what
level I set my logging trap to, I don't see any events for those cases
in my syslog stream. I saw some sample configs for SEC that watch for
those events, so that suggests that it should be do-able, but I just
can't find out how.

Any ideas?

Thanks in advance
Steve

 
Reply With Quote
 
 
 
 
cbruce@mvn.net
Guest
Posts: n/a
 
      06-24-2005
logging on
logging timestamp
logging trap debugging
logging history errors
logging queue 0
logging host inside 10.42.52.15
logging host inside 10.76.0.250

works for me, of course you have to have the syslog server setup to
receive,
but it sounds like you have that part

regards,
-charlie

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I have a PIX 515 running 6.3(3) and sending events to a remote syslog
> server. I am trying to setup a log monitor (SEC) on my syslog host and
> would like to watch the PIX entries for login attempts and any time a
> configuration is changed (using write memory). However, no matter what
> level I set my logging trap to, I don't see any events for those cases
> in my syslog stream. I saw some sample configs for SEC that watch for
> those events, so that suggests that it should be do-able, but I just
> can't find out how.
>
> Any ideas?
>
> Thanks in advance
> Steve


 
Reply With Quote
 
 
 
 
scardinal@yahoo.com
Guest
Posts: n/a
 
      06-27-2005
Thanks charlie,

Turns out that my issue was that I wasn't running my logging trap in
debug level. Unfortunately, I really don't want to run a production
system in debug just to get login details. Bummer - hopefully cisco
will recognize that login tracking is more important for things than
just debugging and change that in the future.

Cheers.
Steve

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      06-27-2005
In article <(E-Mail Removed). com>,
<(E-Mail Removed)> wrote:
:Turns out that my issue was that I wasn't running my logging trap in
:debug level. Unfortunately, I really don't want to run a production
:system in debug just to get login details. Bummer - hopefully cisco
:will recognize that login tracking is more important for things than
:just debugging and change that in the future.

Note the newish 'level' keyword:

http://www.cisco.com/univercd/cc/td/....htm#wp1028090
--
Beware of bugs in the above code; I have only proved it correct,
not tried it. -- Donald Knuth
 
Reply With Quote
 
Spencer Teran
Guest
Posts: n/a
 
      06-27-2005
Hi Steve,

You might want to look into setting up AAA on your PIX. Using RADIUS
(or TACACS if you're inclined) and AAA Authorization you can get login
attempts and even track each command entered. There are quite a few
freeware RADIUS suites available or you could try TAC+ (freeware TACACS).

TACACS vs. RADIUS:
http://www.cisco.com/en/US/tech/tk59...80094e99.shtml

Old but still good document on AAA and PIX:
http://www.cisco.com/en/US/products/...80094188.shtml

Cheers,
Spencer Teran

(E-Mail Removed) wrote:
> Thanks charlie,
>
> Turns out that my issue was that I wasn't running my logging trap in
> debug level. Unfortunately, I really don't want to run a production
> system in debug just to get login details. Bummer - hopefully cisco
> will recognize that login tracking is more important for things than
> just debugging and change that in the future.
>
> Cheers.
> Steve
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging to a file and closing it again properly (logging module) Christoph Haas Python 0 06-12-2006 09:58 PM
logging buffered vs. logging history Christian Roos Cisco 4 02-05-2006 10:55 PM
Events Events Events Please Help Chris ASP .Net Web Controls 0 08-30-2005 08:21 PM
java.util.logging, where to put logging.properties? janne Java 0 09-10-2004 10:18 AM
[java.util.logging] logging only to _one_ file Stefan Siegl Java 0 08-27-2003 12:29 PM



Advertisments