08-03-2007 09:49 AM - edited 03-05-2019 05:41 PM
Is there a way in a 3560, 3750 switch and 3845, and 2811 router to tell it to send all config commands someone is typing on the router to a syslog server? Is this only available in TACACS+?
08-03-2007 10:04 AM
You can do accounting and send the output to a RADIUS server as well
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm
08-03-2007 11:12 AM
Joseph
Edison is right that the traditional solution for this was AAA accounting. Cisco has introduced a new feature which gives you the ability to track config changes to syslog rather than using aaa accounting. This link provides information about this new capability:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f73.html
I have not yet tested it but it sounds exactly like what you want.
HTH
Rick
08-03-2007 11:20 AM
Rick,
Somehow that feature escaped and I've used it many times in different implementations. That's definitely the solution the OP is after. I'm rating your post accordingly.
08-03-2007 11:31 AM
Edison
I am glad that you are familiar with this. It sounds very good but I have not yet had occasion to use it.
Thanks for the rating.
HTH
Rick
08-03-2007 11:34 AM
I am trying to configure this, however it does not seem to be sending the messages to the syslog server. Can you post me the relevant part of a working config? Thanks,
08-03-2007 11:45 AM
Can you post your config and we go from there ?
Did you also configure a line like:
logging [syslog server IP]
?
08-03-2007 11:48 AM
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
no logging trap
logging (server IP)
08-03-2007 11:50 AM
enable logging trap
08-03-2007 11:55 AM
That worked, Great! But are there any way to log any command sent to the IOS and not just config changes?
08-03-2007 12:06 PM
Sorry, that's when you need AAA.
If you have a RADIUS server, you can configure accounting by pointing to that server. No need to purchase a TACACS+ server.
08-03-2007 12:10 PM
But where does it store the messages? I do have AAA configured via MS IAS, works great. I looked over the document you linked in the first reply and it didn't seem say where it logged the messages.
08-03-2007 12:23 PM
Let's see what you have configured thus far regarding AAA.
Please include the radius information as well.
Are you authenticating and receiving authorization via RADIUS ?
08-03-2007 12:25 PM
Yes, and offcourse it loggs a Windows Event log each time you log in. Is this the same way it will log the accounting events?
08-03-2007 12:27 PM
here is my AAA config
aaa new-model
!
!
aaa group server radius srv006
server xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
!
aaa authentication login default group (groupname) local
aaa authentication login console line
aaa authorization exec default group (groupname) if-authenticated
aaa session-id common
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server deadtime 1
radius-server key (rad key)
radius-server vsa send authentication
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide