[tac_plus] source IP is not in tacacs log for failed logins
Asif Iqbal
vadud3 at gmail.com
Tue Jul 22 20:17:03 UTC 2014
On Tue, Jul 22, 2014 at 4:13 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>
>
> On Tue, Jul 22, 2014 at 4:06 PM, heasley <heas at shrubbery.net> wrote:
>
>> Tue, Jul 22, 2014 at 03:55:40PM -0400, Asif Iqbal:
>> > Is there a way to get the source IP of a failed login in tacacs log?
>> >
>> > I see few different debug levels, and not sure which one, if at all,
>> would
>> > carry the source
>> > IP in the log for failed logins.
>>
>> the IP of the tacacs client is in the logs. if you mean of the devices'
>> client, it tends to only send that if its a PPP/SLIP client. you can
>> look for it in the AVPs sent by the tacacs client.
>>
>
> Right, the tacacs client IP is there and you are correct I was looking
> for the device IP. These tacacs clients/ network elements are cisco
> devices.
>
>
I am wondering why successful logins will have the device IPs in the log,
but not failed logins.
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> <http://t.signauxtrois.com/link?url=http%3A%2F%2Fpgp.mit.edu%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgK_p2rIIDA&k=aa904a68-1dfb-42c8-d195-8190bc3fe632>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140722/0203ca25/attachment.html>
More information about the tac_plus
mailing list