Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2561
Views
0
Helpful
3
Replies

how to audit in syslog this information

Go to solution
mbonilla
Level 1
Level 1

‎05-20-2008 09:18 AM - edited ‎03-03-2019 10:01 PM

Hello everyone, I want to know everything about the remote session in my routers and switches so I want to know if there is a way to send to my syslog server the following information:

1- The end of session or logout with the username, (Currently I know the log-on info with archive command)

2- The amount of information transmited and received during the session.

3- Interface the user used to logon to the router or switch.

Thanks in advanced.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
3 Replies 3

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎05-20-2008 09:39 AM

With a AAA server such as Cisco ACS, you can achieve 1 & 3. I'm not sure I understand #2, are you looking for the commands entered (which ACS can do) or the amount of data transfered over the TTY line? All of this data can be forwarded to your syslog server or viewed directly in ACS.

Hope that helps.

0 Helpful

Go to solution
mbonilla
Level 1
Level 1
In response to Collin Clark

‎05-21-2008 02:28 PM

Thanks for your answer, cuould you please tell me the right IOS commands to get this info or any configuration cue in ACS to get that?

I have the ACS 4.1 and I have these IOS commands just for authentication:

aaa authentication login XXXX group radius

aaa authentication login XXXX local-case

aaa authentication enable default group radius enable

The fields in the ACS Passed Authentication reports are:

Date Time User-Name Message-Type Group-Name Caller-ID NAS-Port NAS-IP-Address Network Access Profile Name Shared RAC Downloadable ACL System-Posture-Token Application-Posture-Token Reason EAP Type EAP Type Name PEAP/EAP-FAST-Clear-Name Access Device Network Device Group

And if you see I do not received what I want juest the the log-on info.

on other hand I have the syslog server which received everthing I type and other information from this IOS commands.

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

logging trap notifications

logging source-interface Vlan117

logging 10.32.0.132

However these neither give what I'm looking for. With regards your question is the amount of data transfered over the TTY line.

Thank you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card