Our company has installed a couples of Cisco 2960x stacked up with FlexStack plus. Our security team is concerned about the illegal administrative logon We need to identity those failed logon either through the vty console or SSH session.
We have done some research and will try to use the following login on-failure log every 1 and login on-success log every 1 to identify and monitor those unsuccessful and successful logon for review.
In order to achieve such requirement, we would like to know it is mandatory or a must to use the "logging <ip address>" to export the logging result to a remote syslog server ? We do Not have a remote syslog server on our infrastructure at the moment. Is it technically possible to use a local buffered logging repository on the Switch to store such login failure/success audit log records instead for the time being ?
Thank you so much for your kind advice in advance.