From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Fri Jun 04 2004 - 20:31:14 GMT-3
At 7:01 PM -0400 6/4/04, Kenneth Wygand wrote:
>Ian,
>
>Yeah, I know I can do it with TACACS+ or RADIUS, but no solution
>with syslog though, huh?
Remember SYSLOG is essentially passive. It's just a message format
(with severity codes, timestamps, etc.) and a receiving server. The
server can have additional features like mirroring, switching files
when full, etc. But SYSLOG is receive-only.
RADIUS, TACACS, and other management systems are usually read/write
between the manager/object or client/server, and then write-only to
SYSLOG.
>
>Ken
>
> -----Original Message-----
> From: istong@ml1.checkmyemail.com on behalf of istong@stong.org
> Sent: Fri 6/4/2004 6:21 PM
> To: ccie2be; Kenneth Wygand; ccielab@groupstudy.com
> Cc:
> Subject: Re: Logging failed/successful authentication
>
>
>
> The ACL will tell you the IP address of the system that
> telnetted or ssh'd to the device but that's about it. If
> you want to log authentication success/failure one method
> would be to use aaa accounting along with a tacacs+ or
> radius host. That host would then log authentication
> success/failure messages.
>
>
> Ian
> www.ccie4u.com
>
> Rack Rentals and Lab Scenarios starting at only $20
>
>
>
> > Hey Ken,
> >
> > I think the way do to that is to create an acl with log on
> > the end of it. If the acl permits any, all attempts to
> > login will be sent to the syslog. I don't know, however,
> > if the info sent will include whether or not the attempt
> > was successful. If you need that info & this technique
> > doesn't work, I don't know how that would be done.
> >
> > HTH
> > ----- Original Message -----
> > From: "Kenneth Wygand" <KWygand@customonline.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Friday, June 04, 2004 5:29 PM
> > Subject: Logging failed/successful authentication
> >
> >
> > > With an IOS-based device, is it possible to log failed
> > > and successful authentication on access lines and spit
> > > it out to a syslog server? I'm currently sending all
> > > traps (up to debugging) to my syslog server but I don't
> > receive any authentication messages in my syslog, console
> > > or buffered logging...
> > >
> > >
> > >
> > > Thanks in advance and have a great weekend to all!
> > >
> > >
> > >
> > > Kenneth E. Wygand
> > > Systems Engineer, Project Services
> > >
> > > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design
> > > Specialist, MCP, CNA, Network+, A+
> > > Custom Computer Specialists, Inc.
> > >
> > > "I am not really smart. I just stick with problems
> > > longer." -Albert Einstein
> > >
> > >
> > >
> > > Custom Computer Specialists, Inc.
> > >
> > > "Celebrating 25 Years of Excellence"
> > >
> > > [GroupStudy removed an attachment of type image/gif
> > which had a name of image001.gif]
> > >
> > >
> > __________________________________________________________
> > > _____________ Please help support GroupStudy by
> > > purchasing your study materials from:
> > http://shop.groupstudy.com <http://shop.groupstudy.com/> >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > __________________________________________________________
> > _____________ Please help support GroupStudy by purchasing
> > your study materials from: http://shop.groupstudy.com
><http://shop.groupstudy.com/>
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> ______________________________________________
>
> Check Your Email From Any Where in the World!
>
> http://www.myemail.com <http://www.myemail.com/>
>
> Tell Your Friends about MyEmail.com!
> ______________________________________________
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:33 GMT-3