cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11840
Views
15
Helpful
21
Replies

Syslog all commands

jkjackson
Level 1
Level 1

Is there a way in a 3560, 3750 switch and 3845, and 2811 router to tell it to send all config commands someone is typing on the router to a syslog server? Is this only available in TACACS+?

21 Replies 21

Edison Ortiz
Hall of Fame
Hall of Fame

You can do accounting and send the output to a RADIUS server as well

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c/part05/schacct.htm

Joseph

Edison is right that the traditional solution for this was AAA accounting. Cisco has introduced a new feature which gives you the ability to track config changes to syslog rather than using aaa accounting. This link provides information about this new capability:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080454f73.html

I have not yet tested it but it sounds exactly like what you want.

HTH

Rick

HTH

Rick

Rick,

Somehow that feature escaped and I've used it many times in different implementations. That's definitely the solution the OP is after. I'm rating your post accordingly.

Edison

I am glad that you are familiar with this. It sounds very good but I have not yet had occasion to use it.

Thanks for the rating.

HTH

Rick

HTH

Rick

I am trying to configure this, however it does not seem to be sending the messages to the syslog server. Can you post me the relevant part of a working config? Thanks,

Can you post your config and we go from there ?

Did you also configure a line like:

logging [syslog server IP]

?

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

no logging trap

logging (server IP)

enable logging trap

That worked, Great! But are there any way to log any command sent to the IOS and not just config changes?

Sorry, that's when you need AAA.

If you have a RADIUS server, you can configure accounting by pointing to that server. No need to purchase a TACACS+ server.

But where does it store the messages? I do have AAA configured via MS IAS, works great. I looked over the document you linked in the first reply and it didn't seem say where it logged the messages.

Let's see what you have configured thus far regarding AAA.

Please include the radius information as well.

Are you authenticating and receiving authorization via RADIUS ?

Yes, and offcourse it loggs a Windows Event log each time you log in. Is this the same way it will log the accounting events?

here is my AAA config

aaa new-model

!

!

aaa group server radius srv006

server xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646

!

aaa authentication login default group (groupname) local

aaa authentication login console line

aaa authorization exec default group (groupname) if-authenticated

aaa session-id common

radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646

radius-server deadtime 1

radius-server key (rad key)

radius-server vsa send authentication

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: