[c-nsp] Logging remote access logins
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Mar 5 02:17:07 EST 2008
Aaron R <> wrote on Wednesday, March 05, 2008 7:15 AM:
> Is there an easy way to log remote access login attempts on the cisco
> kit? I see there is a way to enable configuration change logs but I
> don't see an option to log accepted logins / failed logins etc.
what type of login access are you referring to? Telnet/SSH exec logins,
or PPP/PAP/CHAP logins? How does your current AAA config look like?
If you're concerned about exec logins, you can use aaa accounting:
aaa accounting exec default start-stop group tacacs
aaa accounting send stop-record authentication failure
the 2nd command causes the box to log failed attempts as well. Not sure
if that is such a good idea, you can always use log capabilities on your
backend (i.e. Tacacs server) to find out.
For PPP users, use "aaa accounting network default ..."
oli
More information about the cisco-nsp
mailing list