Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

logging issue

Dear all,

good day, i have a customer who installed ArchSight logging server in his network.

the question is, can i send this server logs that contains the executed commands on the switch (same as accounting on the ACS), as there is a firewall wich sends the accounting logs to the server?

i have already enabled the logging on the switch as follows.

logging enable

logging trap informational

logging host x.x.x.x

but it is only showing the TCP openings and closings.

any idea.

thanks in advance

  • LAN Switching and Routing
1 ACCEPTED SOLUTION

Accepted Solutions

logging issue

Hi Mohmmad,

This feature is configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

2 REPLIES

logging issue

Hi Mohmmad,

This feature is configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

logging issue

Dear Vasileios Bouloukos,

thank you very much for your reply, it worked finally.

cheers

298
Views
5
Helpful
2
Replies
This widget could not be displayed.