I am trying to log all commands executed on the Cisco Router. And it is working fine. However it wont show who executed the commands. It just shows command was executed
*Nov 15 00:38:56.356: %HA_EM-6-LOG: cli-match: configure terminal Command Executed
*Nov 15 00:39:08.060: %HA_EM-6-LOG: cli-match: do-exec sh ip int brief Command Executed
*Nov 15 00:39:08.066: %HA_EM-6-LOG: cli-match: show ip interface brief Command Executed
*Nov 15 00:39:12.940: %HA_EM-6-LOG: cli-match: do-exec sh logg Command Executed
*Nov 15 00:39:12.945: %HA_EM-6-LOG: cli-match: show logging Command Executed
I know i can setup using config archive logging for the config change. but my requirement is for show command as well. We use radius for authentication and it is not doing command authorisation and accounting..
If any one know what I can append in so that it can show who executed the command.
Solved! Go to Solution.
Thanks Joseph for swift response. It is working as expected. Is there any repository were we can get full list of variable which are builtin for EEM.
show event manager detector DETECTOR detail
In this case:
show event manager detector cli detail
Also, look at https://supportforums.cisco.com/document/102581/eem-built-action-variables for those variables available from actions.
EEM on the ASA is very limited. You can only automate CLI at this time. The EEM subsystem on the ASA is not the same as on IOS. It simply uses the same name.
Yes, I figured that EEM on ASA is very limited because although this is the per first time I'm facing a problem like that. I've seen various example on Google search all for router and switch and very few for ASA.
I can't accomplish what I want in ASA, that is configure EEM for alert on syslog id 611101 that "user account accepted" after log in.
Well, you should be able to match the syslog message, but all you will be able to do is run some CLI commands. See http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-eem.html for more info.
The CLI command I'm trying to run is "copy runnning-config tftp", but I don't know how to pass variable on the ASA. I know some Cisco IOS you can create environment variable for the EEM to use. The command I'm trying to run requires user input such as: the source file, destination tftp client and the destination file. How to pass that? Or maybe what command can I run to save the config to a remote server?
There doesn't appear to be any variable support in ASA EEM at the moment. But without variables, you can copy a file to TFTP server output file overwrite filename in your applet.