Is it possible to log CLI without tacacs?

Answered Question
Mar 16th, 2008

I am curious to know if it is possible to log user command line actions on Cisco devices, without having a tacacs server.

I have this problem too.
0 votes
Correct Answer by cisco24x7 about 8 years 10 months ago

archive

log config

logging enable

notify syslog

hidekeys

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco24x7 Sun, 03/16/2008 - 13:50

yes, starting with IOS version either 12.3 or

12.3T, you can log user command via syslog.

I implemented this feature on my production

router with IOS 12.4(16) IP Advanced services

I will post the configuration for you tomorrow.

CCIE Security

Correct Answer
cisco24x7 Sun, 03/16/2008 - 16:29

archive

log config

logging enable

notify syslog

hidekeys

Jason Fraioli Sun, 03/16/2008 - 17:49

Fantastic! Thanks so much.

Edit. Does this functionality require advanced IP services, or will this work on IP services with crypto?

Jason Fraioli Mon, 03/17/2008 - 05:57

One last question pertaining to logging. Is there a way to limit the interfaces UP/DOWN informationals being syslogged? In Kiwi Syslog the interface informational messages show up as Level7.Notice for the protocol and Level7.Error for the link. Is there a way to just filter out the link/protocol informationals and allow all others?

Thanks in advance

Actions

This Discussion