how to audit in syslog this information

Answered Question
May 20th, 2008

Hello everyone, I want to know everything about the remote session in my routers and switches so I want to know if there is a way to send to my syslog server the following information:

1- The end of session or logout with the username, (Currently I know the log-on info with archive command)

2- The amount of information transmited and received during the session.

3- Interface the user used to logon to the router or switch.

Thanks in advanced.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Collin Clark Tue, 05/20/2008 - 09:39

With a AAA server such as Cisco ACS, you can achieve 1 & 3. I'm not sure I understand #2, are you looking for the commands entered (which ACS can do) or the amount of data transfered over the TTY line? All of this data can be forwarded to your syslog server or viewed directly in ACS.

Hope that helps.

mbonilla Wed, 05/21/2008 - 14:28

Thanks for your answer, cuould you please tell me the right IOS commands to get this info or any configuration cue in ACS to get that?

I have the ACS 4.1 and I have these IOS commands just for authentication:

aaa authentication login XXXX group radius

aaa authentication login XXXX local-case

aaa authentication enable default group radius enable

The fields in the ACS Passed Authentication reports are:

Date Time User-Name Message-Type Group-Name Caller-ID NAS-Port NAS-IP-Address Network Access Profile Name Shared RAC Downloadable ACL System-Posture-Token Application-Posture-Token Reason EAP Type EAP Type Name PEAP/EAP-FAST-Clear-Name Access Device Network Device Group

And if you see I do not received what I want juest the the log-on info.

on other hand I have the syslog server which received everthing I type and other information from this IOS commands.

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

logging trap notifications

logging source-interface Vlan117

logging 10.32.0.132

However these neither give what I'm looking for. With regards your question is the amount of data transfered over the TTY line.

Thank you.

Actions

This Discussion