[c-nsp] Logging remote access logins

[Aaron R]

Sorry to be clear I am using local authentication only and I am referring to
remote access telnet / ssh sessions made to the device. Is there a way to
simply enable exec accounting for this? It looks like I need a radius /
tacacs server for this. Why cant I just log this to the local log when
someone connects to the device. Doesn't seem like a tall order :)

Cheers,

Aaron.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aaron R
Sent: Wednesday, March 05, 2008 4:39 PM
To: 'Hank Nussbacher'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Logging remote access logins

Hi Guys,

I am using a local username and password configured on my devices and yes I
know how to log with an ACL cheers for that tho. 

Thanks,

Aaron.

-----Original Message-----
From: Hank Nussbacher [mailto:hank at efes.iucc.ac.il] 
Sent: Wednesday, March 05, 2008 4:15 PM
To: Aaron R; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Logging remote access logins

At 03:14 PM 05-03-08 +0900, Aaron R wrote:
>Hey guys,
>
>
>
>Is there an easy way to log remote access login attempts on the cisco kit?
I
>see there is a way to enable configuration change logs but I don't see an
>option to log accepted logins / failed logins etc.

1) Log which IPs logged in or were rejected:
line vty 0 4
access-class 15 in
! if IPv6 enabled - don't forget to have access-class on ipv6 as well
ipv6 access-class vty in
transport input telnet ssh
!
access-list 15 permit xx.40.yy.69 log
access-list 15 permit xx.102.yy.47 log
access-list 15 deny   any log

2) logging userinfo:
http://ioshints.blogspot.com/2006/11/log-user-privilege-level-changes.html

-Hank


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/