Forum Discussion

jcav404's avatar
4 years ago

Syslog for Authentication

Has anyone be able to setup a syslog for cisco devices that captures fail login attempts? 

5 Replies

  • Anonymous's avatar

    I haven't played around with it in a while. Do you have the text that shows up in the syslog? Could you post it (scrubbed if necessary)?  Should just be a matter of creating the eventsource with the right filter.

  • So it is getting the syslog but it is being filtered out I'm guessing due to it be informational.


    This my filter.

  • I will mention that to my CSM. 

    I might have a work around on the ASA I went to that syslog message and changed it from informational to alert however it is still being filtered.

  • Anonymous's avatar

    Ah, if you can change the severity, that should work. So, the filters in EventSources are opt in. Meaning that only messages that match the filters will generate alerts. Since none of your messages contain "Login denied" they are getting filtered out. Maybe i'm not seeing everything that's not in your screenshot.