Header Only - DO NOT REMOVE - Extreme Networks

Netsight alert for successful login


Userlevel 2
Hello,

We currently have a netsight alarm for invalid login attempts to our XOS devices

Selected Trap "ExtremeNetworks extremeInvalidLoginAttempt .1.3.6.1.4.1.1916.0.9 Notice"

This works great. Is there a way to send an alert for Successful login?

Thank you

3 replies

Userlevel 5
Sarah, I do not see a specific trap other than the one mentioned (extremeInvalidLoginAttempt). You may be able to base the alarm on a specific syslog message. This would be created using the following steps:

1. Click Tools > Alarm/Event > Alarm Manager...
2. To create a new alarm click New Alarm Button.
3. Provide a name and click OK button.
4. Click By Custom Criteria radio button.
5. Click Edit Criteria button.
6. Place a check in Match on Log Manager.
7. Click Match Selected.
8. Place a check in Syslog.
9. Place a check in Match on Information Text.
10. Click on Edit List... button.
11. Add in text phrase to search for.
12. Click on Add to List button.
13. Click on appropriate radio button for Contains or Does not Contain.
14. Click the OK button.
15. Click the OK button.
Userlevel 2
Thank you. How does the syslog from step 8 fit in to this? We don't have netsight currently setup as a syslog server. Would we need to do that in order to get this to work? For the information text I put in "login passed for user XXXX through ssh" I also put the syslog check information in as well but not getting alerts. Is it because perhaps we don't have the syslog piece setup?
Userlevel 7
To setup syslog on the XOS below a example - in my case I've used VR-mgmt (mgmt port) as the source, if you use VR-default you must change that commands.

To enable it use the command #enable syslog



That generates the following syslog message in EMC which you could use to trigger the alarm...

"02/15/2017 22:15:21 AAA[2241]: Login passed for user admin through telnet (172.25.25.202)"

Reply