I have an EX4200 with JunOS v12.3, and I have SNMPv3 informs setup and working. When I first set this up, I remember getting informs/traps for both valid and invalid logons, as well as logoffs. I no longer receive these. I do get informs/traps for invalid SNMP community attempts. Did something change in recent revisions, or is there a configuration options for authentication type informs/traps under SNMPv3, other than the oid view, which I have setup to include everything (.1).
I am currently running JunOS v12.3r9.4. I have been working for a while with support on some SNMP issues, and do not remember exactly when the logon/logoff traps stopped. Since I was not actively trying to disable them, my guess is that they stopped during one of the upgrades I performed, probably to r9.4, although it may have been during the r8.7 upgrade. I first wanted to ensure that I remembered correctly that JunOS does trap for SSH and Telnet logons and logoffs?
jacobsc@pok-052-vct> show log messages|match snmp Nov 27 12:53:49 pok-052-vct snmpd: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from 184.108.40.206 to 220.127.116.11 (public) Nov 27 12:53:51 pok-052-vct snmpd: SNMPD_AUTH_FAILURE: nsa_log_community: unauthorized SNMP community from 18.104.22.168 to 22.214.171.124 (public)
I searched through the Juniper MIBs, but could not find any logon/logoff authentication traps. Does JunOS not report when a user logs on or off successfully or with a failure?