Is it possible to log CLI without tacacs?

Answered Question
Mar 16th, 2008
User Badges:

I am curious to know if it is possible to log user command line actions on Cisco devices, without having a tacacs server.

Correct Answer by cisco24x7 about 9 years 2 months ago

archive

log config

logging enable

notify syslog

hidekeys

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco24x7 Sun, 03/16/2008 - 13:50
User Badges:
  • Silver, 250 points or more

yes, starting with IOS version either 12.3 or

12.3T, you can log user command via syslog.


I implemented this feature on my production

router with IOS 12.4(16) IP Advanced services


I will post the configuration for you tomorrow.


CCIE Security

Correct Answer
cisco24x7 Sun, 03/16/2008 - 16:29
User Badges:
  • Silver, 250 points or more

archive

log config

logging enable

notify syslog

hidekeys

Jason Fraioli Sun, 03/16/2008 - 17:49
User Badges:

Fantastic! Thanks so much.


Edit. Does this functionality require advanced IP services, or will this work on IP services with crypto?

Jason Fraioli Mon, 03/17/2008 - 05:57
User Badges:

One last question pertaining to logging. Is there a way to limit the interfaces UP/DOWN informationals being syslogged? In Kiwi Syslog the interface informational messages show up as Level7.Notice for the protocol and Level7.Error for the link. Is there a way to just filter out the link/protocol informationals and allow all others?


Thanks in advance

Actions

This Discussion