What I have got set up are my Cisco switches send SNMP traps to my intermapper server. I did that so I could see who is logging in or trying to log in. That part is working. What I need to do is create a probe, then I can set up notifications and so on.
The SNMP trap looks like this
SNMPv2-SMI::enterprises.9.9.41.2 (1) { "SEC_LOGIN", "5", "LOGIN_FAILED", "Login failed [user: admin] [Source: 10.1.1.45] [localport: 22] [Reason: Login Authentication Failed] at 22:39:45 MDT Tue Jul 16 2013", "902084201" }
What I am trying to accomplish is the availability to notify me when someone logs into the switches. Since I am the only one who logs into them it would be nice to see if someone try to log in or actually logs in.
Best Answer
If all you need is login notification and if you don't care about SNMP vs Syslog, you can use IOS built-in syslog for authentication failures and success. It also can block IP addresses with failed logins.
This is the message for success
This is the message for a telnet failure