change in privilege level for the command show logging

Unanswered Question
Apr 14th, 2009

I have recently discovered a change in behavior in IOS. The command show logging has traditionally been available at user level. Now it has become a privilege level 15 command.

I thought that this was strange and opened a case with Cisco TAC about it. I was told that this is a new "feature" that was implemented for bugid CSCsl61281. Unfortunately this bugid is viewable by Cisco internally but not viewable by the public.

The TAC engineer tells me that this change is integrated into these releases:

This was integrated into the following releases:

12.4(24.05.01)PIX11

12.4(21.14.09)PIC01

12.4(19.03)T

12.2(52.23)SIN

12.2(33)SXI01

12.2(32.08.11)SX229

12.2(32.08.11)SR174

I do not think that this is a good change. If you do not think that this is a good change I suggest that you contact your Cisco support team and express your opinion about this change.

Otherwise as you go to new versions of IOS be aware of the potential impact on your network monitoring processes and procedures that show logging will require level 15 privilege access.

HTH

Rick

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
nairsudhish Tue, 06/01/2010 - 00:27

Hi Rick,

Can you suggest me references to know more about privilege level commands?

How to enable different commands for different levels of privileges?

Thanks.

-Sudhish

Isuru Manikkage Tue, 06/23/2015 - 20:42

Hi Rick,

I have this problem too. I need to allow my country administrators (RO Admins) to be able to view the log using "show logging" command but I am unable to allow it

I have added that command in ACS as allowed command sets for my RO Admins. but no luck. Any advise?

 

Regards,

Isuru

Richard Burts Wed, 06/24/2015 - 11:29

Isuru

 

I am assuming that the admins that you refer to are at privilege level 1. Is that correct? I would think that something like

privilege exec level 1 show logging

should allow them to use the command.

 

HTH

 

Rick

Isuru Manikkage Wed, 06/24/2015 - 18:53

Hi Rick,

The RO Admins I mentioned are with level 5 privilege.. I had the entry "privilege exec level 6 show logging" in my devices. I have changed it to "privilege exec level 5 show logging" in the devices and "sh logging" is working for the RO Admins now.

Thank you very much for your clear answer.

Regards,

Isuru

Richard Burts Wed, 06/24/2015 - 18:58

Isuru

 

I am glad that my suggestion pointed you to a solution. Thanks for posting back to the forum to confirm that it did work. And thank you for the rating.

 

HTH

 

Rick

Actions

This Discussion