Logging Commands to Syslog

Pete89 · ‎02-24-2010

Hello,

We use RANCID to monitor changes to all our Cisco gear. Once an hour RANCID does a diff on the last running-config. If it detects a change, it notifies me of the changes on the router/switch. This works great, but it does not record WHO made the changes.

So I am looking for a way to log to syslog any commands issued by a particular user. This can be done correct?

Thanks,

Pedro

Panos Kampanakis · ‎02-24-2010

You can use AAA accounting for it.

I hope it helps.

PK

Pete89 · ‎02-24-2010

What I am not sure of is if you can do aaa acounting to syslog and if you can do it on a per user basis.

Panos Kampanakis · ‎02-24-2010

I doubt you can do accounting to syslog (send commands).

PK

cciesec2011 · ‎02-25-2010

If you are using IOS 12.4 or higher, you can use the following commands:

archive
log config
hidekeys

It will send whatever changes and whoever changes the configs to syslog.

I myself prefer AAA accounting but the above method will work just as well.

Pete89 · ‎03-01-2010

Thanks for answering my post!

IOS 12.4 or higher? Is that a typo? Isnt 12.2 the latest? I tried these commands on one of my switches and I still dont see anything in syslog.