SYSLOG Question

Discussion in 'Cisco' started by Haitingus, Jun 28, 2007.

  1. Haitingus

    Haitingus Guest

    Hi,

    We configured TACACS on our switches and we now would like to send
    authentication related message to our syslog (eg: Authentication
    successfull, or unsuccessfull etc...).

    Is there a way to have this send to the syslog? I tested by putting the
    logging trap to debug, but even in that case, i did not get anything about
    the authentication in the syslog.

    Thank you for your help,
    Marc.
    Haitingus, Jun 28, 2007
    #1
    1. Advertising

  2. Haitingus

    Steve Ray Guest

    Hi

    Try the following

    Go into Config mode and type

    Logging <IP ADDRESS OF SYSLOG SERVER>

    You could then generate a few messages to be sent to the syslog server by
    shutting down and interface a few time and bringing it back up

    Saving the config will also generate a message to be sent to the syslog
    server

    HTH

    Steve

    "Haitingus" <> wrote in message
    news:VtTgi.1894$%q4.7@amstwist00...
    >
    >
    > Hi,
    >
    > We configured TACACS on our switches and we now would like to send
    > authentication related message to our syslog (eg: Authentication
    > successfull, or unsuccessfull etc...).
    >
    > Is there a way to have this send to the syslog? I tested by putting the
    > logging trap to debug, but even in that case, i did not get anything about
    > the authentication in the syslog.
    >
    > Thank you for your help,
    > Marc.
    >
    >
    Steve Ray, Jun 28, 2007
    #2
    1. Advertising

  3. Haitingus

    Haitingus Guest

    Hi Steve,

    Thank you, this is indeed done already. And i receive syslog message.
    But, what i would like now to achieve, is to receive message related to
    authentication into the syslog.

    e.g: failed login attempt, successfull login attempt...

    Thanks,
    Marc.
    "Steve Ray" <> wrote in message
    news:Y0Ugi.17620$...
    > Hi
    >
    > Try the following
    >
    > Go into Config mode and type
    >
    > Logging <IP ADDRESS OF SYSLOG SERVER>
    >
    > You could then generate a few messages to be sent to the syslog server by
    > shutting down and interface a few time and bringing it back up
    >
    > Saving the config will also generate a message to be sent to the syslog
    > server
    >
    > HTH
    >
    > Steve
    >
    > "Haitingus" <> wrote in message
    > news:VtTgi.1894$%q4.7@amstwist00...
    >>
    >>
    >> Hi,
    >>
    >> We configured TACACS on our switches and we now would like to send
    >> authentication related message to our syslog (eg: Authentication
    >> successfull, or unsuccessfull etc...).
    >>
    >> Is there a way to have this send to the syslog? I tested by putting the
    >> logging trap to debug, but even in that case, i did not get anything
    >> about the authentication in the syslog.
    >>
    >> Thank you for your help,
    >> Marc.
    >>
    >>

    >
    >
    Haitingus, Jun 28, 2007
    #3
  4. Haitingus

    M Guest

    "Haitingus" <> wrote in message
    news:VtTgi.1894$%q4.7@amstwist00...
    >
    >
    > Hi,
    >
    > We configured TACACS on our switches and we now would like to send
    > authentication related message to our syslog (eg: Authentication
    > successfull, or unsuccessfull etc...).
    >
    > Is there a way to have this send to the syslog? I tested by putting the
    > logging trap to debug, but even in that case, i did not get anything about
    > the authentication in the syslog.
    >
    > Thank you for your help,
    > Marc.
    >
    >



    Dosn't the TACACS record the information you want?
    M, Jun 28, 2007
    #4
  5. ~ We configured TACACS on our switches and we now would like to send
    ~ authentication related message to our syslog (eg: Authentication
    ~ successfull, or unsuccessfull etc...).
    ~
    ~ Is there a way to have this send to the syslog? I tested by putting the
    ~ logging trap to debug, but even in that case, i did not get anything about
    ~ the authentication in the syslog.
    ~
    ~ Thank you for your help,
    ~ Marc.

    Marc,

    You can send aaa accounting records to your tacacs server but not, at present,
    in general, to a syslog server.

    (Back in '98, I filed:

    CSCdk43220 syslog method desired for AAA accounting

    .... this might be addressed some time this decade, or the next ...)

    Aaron
    Aaron Leonard, Jun 29, 2007
    #5
  6. Haitingus

    Scott Perry Guest

    Do not look to the highest level of logging, debugging, from the device for
    this information. You will have to look toward your authentication system,
    TACACS+.

    Cisco ACS server has passed and failed authentication attempts logged under
    the reports feature.

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "Haitingus" <> wrote in message
    news:VtTgi.1894$%q4.7@amstwist00...
    >
    >
    > Hi,
    >
    > We configured TACACS on our switches and we now would like to send
    > authentication related message to our syslog (eg: Authentication
    > successfull, or unsuccessfull etc...).
    >
    > Is there a way to have this send to the syslog? I tested by putting the
    > logging trap to debug, but even in that case, i did not get anything about
    > the authentication in the syslog.
    >
    > Thank you for your help,
    > Marc.
    >
    >
    Scott Perry, Jun 29, 2007
    #6
  7. Haitingus

    Haitingus Guest

    Hi,

    I posted that question on the cisco forum and apparently, this feature was
    recently implemented, see the answer:

    "
    It has been the traditional answer that you could not do this directly from
    IOS to syslog and if you wanted it you had to go through ACS to get
    notification of login failure (or success). In release 12.3(4)T and 12.4
    Cisco introduced a new feature where you can send directly to syslog for
    login success or for login failure. You can use this command:
    login on-failure log [every login]
    and there is also a command to log successes.

    For more information about this feature this link would be useful:
    http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html
    "

    BR
    Marc.


    "Aaron Leonard" <> wrote in message
    news:...
    >
    > ~ We configured TACACS on our switches and we now would like to send
    > ~ authentication related message to our syslog (eg: Authentication
    > ~ successfull, or unsuccessfull etc...).
    > ~
    > ~ Is there a way to have this send to the syslog? I tested by putting the
    > ~ logging trap to debug, but even in that case, i did not get anything
    > about
    > ~ the authentication in the syslog.
    > ~
    > ~ Thank you for your help,
    > ~ Marc.
    >
    > Marc,
    >
    > You can send aaa accounting records to your tacacs server but not, at
    > present,
    > in general, to a syslog server.
    >
    > (Back in '98, I filed:
    >
    > CSCdk43220 syslog method desired for AAA accounting
    >
    > ... this might be addressed some time this decade, or the next ...)
    >
    > Aaron
    Haitingus, Jun 30, 2007
    #7
  8. Haitingus schrieb:
    > Hi,
    >
    > We configured TACACS on our switches and we now would like to send
    > authentication related message to our syslog (eg: Authentication
    > successfull, or unsuccessfull etc...).
    >
    > Is there a way to have this send to the syslog? I tested by putting the
    > logging trap to debug, but even in that case, i did not get anything about
    > the authentication in the syslog.
    >


    ip ssh logging events
    Patrick Cervicek, Jul 1, 2007
    #8
  9. Thanks Marc,

    I appreciate the pointer to this "Cisco IOS Login Enhancements" feature - this was
    actually done quite a while ago (12.3(4)T was back in Oct. '03), but somehow I
    managed to avoid finding out about it till just now.

    Cheers,

    Aaron

    ---

    ~ Hi,
    ~
    ~ I posted that question on the cisco forum and apparently, this feature was
    ~ recently implemented, see the answer:
    ~
    ~ "
    ~ It has been the traditional answer that you could not do this directly from
    ~ IOS to syslog and if you wanted it you had to go through ACS to get
    ~ notification of login failure (or success). In release 12.3(4)T and 12.4
    ~ Cisco introduced a new feature where you can send directly to syslog for
    ~ login success or for login failure. You can use this command:
    ~ login on-failure log [every login]
    ~ and there is also a command to log successes.
    ~
    ~ For more information about this feature this link would be useful:
    ~ http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b93.html
    ~ "
    ~
    ~ BR
    ~ Marc.
    ~
    ~
    ~ "Aaron Leonard" <> wrote in message
    ~ news:...
    ~ >
    ~ > ~ We configured TACACS on our switches and we now would like to send
    ~ > ~ authentication related message to our syslog (eg: Authentication
    ~ > ~ successfull, or unsuccessfull etc...).
    ~ > ~
    ~ > ~ Is there a way to have this send to the syslog? I tested by putting the
    ~ > ~ logging trap to debug, but even in that case, i did not get anything
    ~ > about
    ~ > ~ the authentication in the syslog.
    ~ > ~
    ~ > ~ Thank you for your help,
    ~ > ~ Marc.
    ~ >
    ~ > Marc,
    ~ >
    ~ > You can send aaa accounting records to your tacacs server but not, at
    ~ > present,
    ~ > in general, to a syslog server.
    ~ >
    ~ > (Back in '98, I filed:
    ~ >
    ~ > CSCdk43220 syslog method desired for AAA accounting
    ~ >
    ~ > ... this might be addressed some time this decade, or the next ...)
    ~ >
    ~ > Aaron
    ~
    Aaron Leonard, Jul 2, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. CPJ
    Replies:
    1
    Views:
    698
    Walter Roberson
    Jul 16, 2003
  2. Illusion

    Syslog or SNMP traps?

    Illusion, Oct 31, 2003, in forum: Cisco
    Replies:
    3
    Views:
    15,328
    Pete Mainwaring
    Nov 4, 2003
  3. Anthony V. Ercolano

    CISCO 678 syslog

    Anthony V. Ercolano, Nov 7, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,128
    Nate Slater
    Nov 21, 2003
  4. Matt

    syslog question

    Matt, Apr 27, 2004, in forum: Cisco
    Replies:
    2
    Views:
    3,522
    Pete Mainwaring
    Apr 28, 2004
  5. Replies:
    3
    Views:
    3,696
    Scott Perry
    Oct 26, 2007
Loading...

Share This Page