This seems to come back with the info in the log: login on-failure log sh log shows this: Feb 23 15:39:53.667: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: X.X.X.X] [localport: 23] [Reason: Login Authentication Failed] at 15:39:53 EST Wed Feb 23 2011
Thanks, Erik -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alan Buxey Sent: Wednesday, February 23, 2011 3:22 PM To: Greg Whynott Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] debug to see what IP is trying to log in via telnet Hi, > wouldn't the IP of the host it speaks of in the logs? or does it just say > "failed log in from somewhere out on the network"…? > > my logs have a src… > > %SEC-6-IPACCESSLOGP: list denied tcp 88.243.16.148(3900) -> 10.142.7.1(23), > 1 packet the device is on a legit bit of network so will be allowed by the current VTY/management plane ACLs ... AAA system sees query from the switch not from the originator of the login. its trivial i know that (which is the frustrating part! :-) ) however, scanning some login/security docs on cisoc.com tonight has been a nice refresher of some other things that need to be put onto a work schedule! :-) alan _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/