Access log for routers and switches

Unanswered Question
glen.grant Wed, 11/26/2008 - 05:07

If logging is turned on then just do a "show logg" and it will show you the logs for the switch or router. If a catos box do a "show logg buffer 1000" and that will show you the log.

Richard Burts Thu, 11/27/2008 - 13:58

Swee

The response from Glen is good information about viewing the log. But that does not necessarily help solve your requirement since normally the logs do not contain information about login activity. However Cisco has introduced an enhancement in recent versions of IOS which do help with this. It is now possible to generate entries in syslog when someone successfully logs in to the router (and also possible to log failed attempts if you want to). This link explains the new command:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_k1.html#wp1031689

HTH

Rick

Joseph W. Doherty Fri, 11/28/2008 - 04:31

Rick has addressed the question of someone logging on to the device, but I recall its also possible to log all activity while logged on. Doing this, I recall, uses AAA.

Much simpler, if you don't need line-by-line auditing activity, is usage of some management station that tracks config changes, and can present a before and after image (e.g. Cisco's NCM).

I also have a hazy recollection that some of the later IOSs might have a config archival feature that can be activated on the device, i.e. it saves so many generations of config files.

cisco24x7 Fri, 11/28/2008 - 08:14

The best way to do this is with AAA accounting

bar none.

If you do not have the budget to purchase

Cisco ACS, you can use Freeware TACACS+ and it

can do the job for you just fine. Freeware

TACACS+ is very easy to setup and configure.

I actually wrote the install script to do this

on Linux platform. Just untar the file and

hit ./install and you're all set.

Actions

This Discussion