Cisco login on-failure using syslog doesn't show username on failure?
Posted
by
Jim
on Server Fault
See other posts from Server Fault
or by Jim
Published on 2012-11-08T20:27:45Z
Indexed on
2012/11/10
23:02 UTC
Read the original article
Hit count: 359
interesting issue I am running into. I am trying to get syslog rmeote logging working with a Cisco switch. i have it working and logging for both on-success and on-failure. However when it is a failed login attempt it does not show the user name that tried to log in in the logs?
Here is what the log looks like after a failed login:
%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.0.
0.6] [localport: 23] [Reason: Login Authentication Failed]
Here is what I ahve in the sh run:
login block-for 60 attempts 3 within 60
login delay 1
login on-failure log
login on-success log
archive
log config
logging enable
notify syslog contenttype plaintext
logging trap notifications
logging facility local4
logging 10.0.0.8
aaa new-model
aaa authentication login default local group tacacs+
aaa authorization config-commands
aaa authorization exec default local group tacacs+
© Server Fault or respective owner