Cisco login on-failure using syslog doesn't show username on failure?

Posted by Jim on Server Fault See other posts from Server Fault or by Jim
Published on 2012-11-08T20:27:45Z Indexed on 2012/11/10 23:02 UTC
Read the original article Hit count: 359

Filed under:
|
|

interesting issue I am running into. I am trying to get syslog rmeote logging working with a Cisco switch. i have it working and logging for both on-success and on-failure. However when it is a failed login attempt it does not show the user name that tried to log in in the logs?

Here is what the log looks like after a failed login:

 %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.0.
0.6] [localport: 23] [Reason: Login Authentication Failed]

Here is what I ahve in the sh run:

login block-for 60 attempts 3 within 60
login delay 1
login on-failure log
login on-success log

archive
 log config
  logging enable
  notify syslog contenttype plaintext

logging trap notifications
logging facility local4
logging 10.0.0.8


aaa new-model
aaa authentication login default local group tacacs+
aaa authorization config-commands
aaa authorization exec default local group tacacs+

© Server Fault or respective owner

Related posts about cisco

Related posts about logging