Router login

Unanswered Question
Richard Burts Thu, 07/02/2009 - 07:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

K.G. Pramod

You can configure aaa accounting exec to send accounting records that will show who has logged in to your routers (and it will show from what IP address they have logged in). You can also configure aaa accounting commands 15 that will send accounting records that will show the privilege commands that are entered (including all config changes).



Joseph W. Doherty Thu, 07/02/2009 - 08:28
User Badges:
  • Super Bronze, 10000 points or more

As Richard notes, TACACS can log individual changes. However, I believe if the router has a valid external time source, and an authenicated user, it will record the user ID and time in the config file and will note the change in the syslog. This wouldn't indicate detailed changes, only when something was changed and by who (user ID) (and source IP?).

Another alternative, some external packages will track config changes. For instance, I've worked with Cisco's NCM. Such a package will provide not only who changed the config (requires authenicated logon?) but can show before and after configs with changes highlighted.

Leo Laohoo Thu, 07/02/2009 - 14:04
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

If you don't have a TACACS or RADIUS but you have a SYSLOG server, use the "archive" commands.


This Discussion