Logging on a router

Unanswered Question

Hello,

I have a problem when an admin logged in to a router it doesn't show when that person logged in. It only show when he do a change on a router and do wr memory. Here is config I have. Please help. Thanks

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

logging buffered 4096 debugging

logging console informational

logging monitor informational

logging facility local6

logging source-interface FastEthernet0/0

logging 10.17.84.7

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pmccubbin Fri, 02/02/2007 - 12:02

I've only seen what you are asking for when an authentication server such as a TACACS server was being used.

The config you have shown the forum will only display in the config when a change is made on the router and/or when a config is saved to memory.

Hope this helps.

daviddtran Sun, 02/04/2007 - 11:16

you need AAA accounting for this. Here is how:

aaa new-model

aaa authentication login notac none

aaa authentication login VTY group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec notac none

aaa authorization exec VTY group tacacs+ if-authenticated none

aaa authorization commands 0 VTY group tacacs+ if-authenticated none

aaa authorization commands 1 VTY group tacacs+ if-authenticated none

aaa authorization commands 15 VTY group tacacs+ if-authenticated none

aaa authorization network VTY group tacacs+ if-authenticated none

aaa accounting exec TAC start-stop group tacacs+

aaa accounting exec VTY start-stop group tacacs+

aaa accounting commands 0 TAC start-stop group tacacs+

aaa accounting commands 0 VTY start-stop group tacacs+

aaa accounting commands 1 TAC start-stop group tacacs+

aaa accounting commands 1 VTY start-stop group tacacs+

aaa accounting commands 10 TAC start-stop group tacacs+

aaa accounting commands 15 TAC start-stop group tacacs+

aaa accounting commands 15 VTY start-stop group tacacs+

aaa accounting network VTY start-stop group tacacs+

aaa accounting connection TAC start-stop group tacacs+

aaa session-id common

line vty 0 15

authorization commands 0 VTY

authorization commands 1 VTY

authorization commands 15 VTY

authorization exec VTY

accounting commands 0 VTY

accounting commands 1 VTY

accounting commands 15 VTY

accounting exec VTY

login authentication VTY

You can see everything what the user is doing via tacacs accounting log

med_ddevlin Sun, 02/18/2007 - 19:41

I'm not sure which version IOS you are running but 12.3(4) and up have config change logging and notification built-in already. You would just have to enable that feature.

To enable this just enter:

Config Mode

logging enable

archive

log config

hidekeys (hides passwords)

notify syslog

With this you can base alerts off what is sent to the syslog server.

Actions

This Discussion