cancel
Showing results for 
Search instead for 
Did you mean: 

Netsight alert for successful login

Netsight alert for successful login

Sarah_Seidl
New Contributor III
Hello,

We currently have a netsight alarm for invalid login attempts to our XOS devices

Selected Trap "ExtremeNetworks extremeInvalidLoginAttempt .1.3.6.1.4.1.1916.0.9 Notice"

This works great. Is there a way to send an alert for Successful login?

Thank you

3 REPLIES 3

Ronald_Dvorak
Honored Contributor
To setup syslog on the XOS below a example - in my case I've used VR-mgmt (mgmt port) as the source, if you use VR-default you must change that commands.

To enable it use the command #enable syslog

3da1f76de8e04e4c88a7189298c15b17_RackMultipart20170215-117931-10gp23e-XOS_syslog2_inline.png



That generates the following syslog message in EMC which you could use to trigger the alarm...

"02/15/2017 22:15:21 AAA[2241]: Login passed for user admin through telnet (172.25.25.202)"

Sarah_Seidl
New Contributor III
Thank you. How does the syslog from step 8 fit in to this? We don't have netsight currently setup as a syslog server. Would we need to do that in order to get this to work? For the information text I put in "login passed for user XXXX through ssh" I also put the syslog check information in as well but not getting alerts. Is it because perhaps we don't have the syslog piece setup?

Ty_Izzet
Extreme Employee
Sarah, I do not see a specific trap other than the one mentioned (extremeInvalidLoginAttempt). You may be able to base the alarm on a specific syslog message. This would be created using the following steps:

1. Click Tools > Alarm/Event > Alarm Manager...
2. To create a new alarm click New Alarm Button.
3. Provide a name and click OK button.
4. Click By Custom Criteria radio button.
5. Click Edit Criteria button.
6. Place a check in Match on Log Manager.
7. Click Match Selected.
8. Place a check in Syslog.
9. Place a check in Match on Information Text.
10. Click on Edit List... button.
11. Add in text phrase to search for.
12. Click on Add to List button.
13. Click on appropriate radio button for Contains or Does not Contain.
14. Click the OK button.
15. Click the OK button.

GTM-P2G8KFN