If you have trap-forwarding setup... then an "Authentication Failure"
trap should be sent if they fail to log-in. I can't remember if you
can setup authentication for someone trying to log in.
Once they have logged in... various "syslog" messages can be looked at.
On your system, I've built a "logfile-agent" that looks at logfiles
(the syslog in this case), and sends a trap out when a string is
encountered.
I'm not sure if there is a "someone just telneted into the system" message,
but there is one for configuration-change (SYS-5-CONFIG)... which I do use
because I want to know when the config has changed, and who did it.
A logfile-agent is handy... because there are lots of useful info in
the syslog (fan-failed, power-supply failures, etc).
Regards,
Gary Boyles, Intel
-----Original Message-----
From: Regina King [mailto:rking@DSS.STATE.LA.US]
Sent: Monday, February 14, 2000 7:46 AM
To: NV-L@UCSBVM.UCSB.EDU
Subject: Re.TELNET ALERT
Does anyone know of a way to send a notify message in Netview that someone
is telneting into a a Cisco router in the network?
|