Aug 08

Here is how I have my Cisco 3750 switches configured to log , success and failures to my syslog server. I use Splunk currently to capture and report this data.

1. Access your Cisco switch via command line.
2. Type enable (enter)
3. Type Password (enter)
4. Type config t (enter)
5. Your now in config mode, first setup your syslog server. Example – Type logging 192.168.1.10 (substitute your syslog or splunk server) (enter)
6. Type login on-failure log (enter)
7. Type login on-success log (enter)
8. Type logging trap informational (enter)
9. CTRL-C (brings you back to host#
10. Type wr mem (enter) – This writes the config to memory (saves config)

Log out of your switch, and then ssh back in to generate some log data to your syslog. You should see something like this generated:

8/8/12 9:53:51.000 PM
Aug 8 21:53:51 switch.internal.lan 23: 000046: Aug 9 02:53:49: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: cisco] [Source: 192.168.52.1] [localport: 22] at 02:53:49 UTC Thu Aug 9 2012
host=switch.internal.lan Options| sourcetype=syslog Options| source=udp:514

written by admin \\ tags: , , , , , , , , , , , , , ,