×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Audit all configuration changes

Answered Question
Apr 17th, 2012
User Badges:

Greetings,


we are using radius and active directory to authenticate to the switches. All syslog messages are sent to a LMS 3.2 server.

How can i configure auditing so that command on the running config from every user is reported via syslog?

Thank you.


Regards,


C.

Correct Answer by Vasileios Boulo... about 5 years 4 months ago

Hi Christian,


This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys


If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.


event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status



Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html



Hope that helps!

Vasilis

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Vasileios Boulo... Tue, 04/17/2012 - 15:01
User Badges:
  • Silver, 250 points or more

Hi Christian,


This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys


If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.


event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status



Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html



Hope that helps!

Vasilis

Actions

This Discussion