RE: Logging failed/successful authentication

From: Kenneth Wygand (KWygand@customonline.com)
Date: Fri Jun 04 2004 - 20:01:53 GMT-3

Ian,
 
Yeah, I know I can do it with TACACS+ or RADIUS, but no solution with syslog though, huh?
 
Ken

        -----Original Message-----
        From: istong@ml1.checkmyemail.com on behalf of istong@stong.org
        Sent: Fri 6/4/2004 6:21 PM
        To: ccie2be; Kenneth Wygand; ccielab@groupstudy.com
        Cc:
        Subject: Re: Logging failed/successful authentication
        
        

        The ACL will tell you the IP address of the system that
        telnetted or ssh'd to the device but that's about it. If
        you want to log authentication success/failure one method
        would be to use aaa accounting along with a tacacs+ or
        radius host. That host would then log authentication
        success/failure messages.

        Ian
        www.ccie4u.com

        Rack Rentals and Lab Scenarios starting at only $20

> Hey Ken,
>
> I think the way do to that is to create an acl with log on
> the end of it. If the acl permits any, all attempts to
> login will be sent to the syslog. I don't know, however,
> if the info sent will include whether or not the attempt
> was successful. If you need that info & this technique
> doesn't work, I don't know how that would be done.
>
> HTH
> ----- Original Message -----
> From: "Kenneth Wygand" <KWygand@customonline.com>
> To: <ccielab@groupstudy.com>
> Sent: Friday, June 04, 2004 5:29 PM
> Subject: Logging failed/successful authentication
>
>
> > With an IOS-based device, is it possible to log failed
> > and successful authentication on access lines and spit
> > it out to a syslog server? I'm currently sending all
> > traps (up to debugging) to my syslog server but I don't
> receive any authentication messages in my syslog, console
> > or buffered logging...
> >
> >
> >
> > Thanks in advance and have a great weekend to all!
> >
> >
> >
> > Kenneth E. Wygand
> > Systems Engineer, Project Services
> >
> > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design
> > Specialist, MCP, CNA, Network+, A+
> > Custom Computer Specialists, Inc.
> >
> > "I am not really smart. I just stick with problems
> > longer." -Albert Einstein
> >
> >
> >
> > Custom Computer Specialists, Inc.
> >
> > "Celebrating 25 Years of Excellence"
> >
> > [GroupStudy removed an attachment of type image/gif
> which had a name of image001.gif]
> >
> >
> __________________________________________________________
> > _____________ Please help support GroupStudy by
> > purchasing your study materials from:
> http://shop.groupstudy.com <http://shop.groupstudy.com/> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Please help support GroupStudy by purchasing
> your study materials from: http://shop.groupstudy.com <http://shop.groupstudy.com/>
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
        ______________________________________________

        Check Your Email From Any Where in the World!

        http://www.myemail.com <http://www.myemail.com/>

        Tell Your Friends about MyEmail.com!
        ______________________________________________

This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:33 GMT-3