We currently have a netsight alarm for invalid login attempts to our XOS devices
Selected Trap "ExtremeNetworks extremeInvalidLoginAttempt .188.8.131.52.4.1.1916.0.9 Notice"
This works great. Is there a way to send an alert for Successful login?
1. Click Tools > Alarm/Event > Alarm Manager...
2. To create a new alarm click New Alarm Button.
3. Provide a name and click OK button.
4. Click By Custom Criteria radio button.
5. Click Edit Criteria button.
6. Place a check in Match on Log Manager.
7. Click Match Selected.
8. Place a check in Syslog.
9. Place a check in Match on Information Text.
10. Click on Edit List... button.
11. Add in text phrase to search for.
12. Click on Add to List button.
13. Click on appropriate radio button for Contains or Does not Contain.
14. Click the OK button.
15. Click the OK button.
Thank you. How does the syslog from step 8 fit in to this? We don't have netsight currently setup as a syslog server. Would we need to do that in order to get this to work? For the information text I put in "login passed for user XXXX through ssh" I also put the syslog check information in as well but not getting alerts. Is it because perhaps we don't have the syslog piece setup?
To enable it use the command #enable syslog
That generates the following syslog message in EMC which you could use to trigger the alarm...
"02/15/2017 22:15:21 AAA: Login passed for user admin through telnet (172.25.25.202)"