Tracking users on switch

[Rabz]

trying to find out who may have logged onto switch and made changes. went to ld 22 did ahst, confirmed someone went in via a port no id shown. ld 37 shows port is enabled but destination not labelled. not on ldd 22 adan either. Any ideas

 

[johnpoole]

that's a blind entry point. i would either remove or disu the tty until i found out the user. are you using named login? that might help.. a possible catch is at the command prompt >mon x on the tty number, you'll see key strokes on that port as they happen.. even with a des label, you would just know the intended usage.. seb local etc.. go to ld 117 and do a sel prt 500, a little better then a history file, but not everything your looking for

john poole
bellsouth business
columbia,sc

 

[pbxn]

Do you have generic log ins into your switch? If so that is youor first problem. In my opinion you should never have a logi of blank and then a cheesy password. There is no way to assign accountabily, or figure out if some hacker was just playing around in your switch. You should have individual login's for each person that a login, and seperate passwords for them as well.
If you are concerned until you change the logins, just go into ld 37 dis the tty and then try to log in remotely and at the terminal to see where this is at.