Log changes mad to config on switch?

Unanswered Question
Nov 22nd, 2008
User Badges:

Hi,


I have many Cisco Catalyst switches and I have managed to log when a user logs into the switches to our syslog server, however I now need to log any changes made on the configs, is this possble?


This is what I have added so far:


logging buffered 8192 notifications


login on-failure log

login on-success log


archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys


logging trap notifications

logging source-interface Vlan1

logging 192.168.1.19


Am I missing something?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
glen.grant Sat, 11/22/2008 - 04:09
User Badges:
  • Purple, 4500 points or more

You would probably have to use AAA accounting and the use of a tacacs or radius server to accomplish this. Do a search on configuring AAA accounting.

Giuseppe Larosa Mon, 11/24/2008 - 06:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Andy,

I think you need to move to AAA for doing this


we use the following commands with ACS tacacs+


aaa new-model

aaa authentication login ACS group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa accounting update newinfo

aaa accounting exec ACS start-stop group tacacs+

aaa accounting commands 1 ACS start-stop group tacacs+

aaa accounting commands 15 ACS start-stop group tacacs+

!

aaa session-id common


the accounting commands are the ones that allow to record any command entered by every one.

In the log there is a line for each command with the timestamp, user, command, ip address of device


This is useful in understanding the reasons of crashes or some major faults.


Hope to help

Giuseppe

Actions

This Discussion