[tac_plus] source IP is not in tacacs log for failed logins

Asif Iqbal vadud3 at gmail.com
Tue Jul 22 20:13:20 UTC 2014


On Tue, Jul 22, 2014 at 4:06 PM, heasley <heas at shrubbery.net> wrote:

> Tue, Jul 22, 2014 at 03:55:40PM -0400, Asif Iqbal:
> > Is there a way to get the source IP of a failed login in tacacs log?
> >
> > I see few different debug levels, and not sure which one, if at all,
> would
> > carry the source
> > IP in the log for failed logins.
>
> the IP of the tacacs client is in the logs.  if you mean of the devices'
> client, it tends to only send that if its a PPP/SLIP client.  you can
> look for it in the AVPs sent by the tacacs client.
>

Right, the tacacs client IP is there and you are correct I was looking
for the device IP. These tacacs clients/ network elements are cisco
devices.



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140722/45bb94f0/attachment.html>


More information about the tac_plus mailing list