Logging Telnet Access

Problem

You want to log every Telnet session to the router.

Solution

To log every Telnet session to the router, use the followings set of commands:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 90 permit any log
Router1(config)#line vty 0 4
Router1(config-line)#access-class 90 in
Router1(config-line)#exit
Router1(config)#end
Router1#

 

Discussion

Keeping detailed log records of every Telnet session that your router accepts can be useful for security purposes. By configuring an access-class ACL to log every session, the router will capture which IP source addresses attempt to access the Telnet port. Note, however, that this method will capture both successful and unsuccessful Telnet attempts, which is an invaluable capability.

Of course, you can combine this functionality with the other access-classes that we discussed in Recipes 3.15 and 3.16. This recipe doesn't introduce any new features, but rather a different way to use the same commands.

To view all captured Telnet attempts onto the router, use the following EXEC command:

Router1# show logging | include list 90
Jun 27 14:44:45: %SEC-6-IPACCESSLOGS: list 90 permitted 172.25.1.1 1 packet
Router1#

The logged messages will always show permitted, whether the session authentication was successful or not.

See Also

Recipe 3.15; Recipe 3.16





Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net