cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1421
Views
0
Helpful
5
Replies

Logging Commands to Syslog

Pete89
Level 2
Level 2

Hello,

We use RANCID to monitor changes to all our Cisco gear. Once an hour RANCID does a diff on the last running-config. If it detects a change, it notifies me of the changes on the router/switch. This works great, but it does not record WHO made the changes.

So I am looking for a way to log to syslog any commands issued by a particular user. This can be done correct?

Thanks,

Pedro

5 Replies 5

Panos Kampanakis
Cisco Employee
Cisco Employee

You can use AAA accounting for it.

I hope it helps.

PK

What I am not sure of is if you can do aaa acounting to syslog and if you can do it on a per user basis.

I doubt you can do accounting to syslog (send commands).

PK

If you are using IOS 12.4 or higher, you can use the following commands:

archive
log config
  hidekeys

It will send whatever changes and whoever changes the configs to syslog.

I myself prefer AAA accounting but the above method will work just as well.

Thanks for answering my post!

IOS 12.4 or higher? Is that a typo? Isnt 12.2 the latest? I tried these commands on one of my switches and I still dont see anything in syslog.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: