Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it possible to log CLI without tacacs?

I am curious to know if it is possible to log user command line actions on Cisco devices, without having a tacacs server.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Is it possible to log CLI without tacacs?

archive

log config

logging enable

notify syslog

hidekeys

5 REPLIES
Silver

Re: Is it possible to log CLI without tacacs?

yes, starting with IOS version either 12.3 or

12.3T, you can log user command via syslog.

I implemented this feature on my production

router with IOS 12.4(16) IP Advanced services

I will post the configuration for you tomorrow.

CCIE Security

Silver

Re: Is it possible to log CLI without tacacs?

archive

log config

logging enable

notify syslog

hidekeys

New Member

Re: Is it possible to log CLI without tacacs?

Fantastic! Thanks so much.

Edit. Does this functionality require advanced IP services, or will this work on IP services with crypto?

New Member

Re: Is it possible to log CLI without tacacs?

One last question pertaining to logging. Is there a way to limit the interfaces UP/DOWN informationals being syslogged? In Kiwi Syslog the interface informational messages show up as Level7.Notice for the protocol and Level7.Error for the link. Is there a way to just filter out the link/protocol informationals and allow all others?

Thanks in advance

Re: Is it possible to log CLI without tacacs?

For more detailed information on the archive command.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.html

166
Views
0
Helpful
5
Replies