Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Username in EEM

Hi,

I have a simple EEM applet which triggers a syslog message whenever anyone enters enable mode (to be exactly it triggers a syslog message whenever anyone types ena on the cli, so if anyone knows a better way to do it, I would be glad to know how).

So right now I know that somebody entered enable mode, but I don't know who. Is there a variable for the actual username or any other way to get it 'syslogged' in the applet ?

Thanks for your help,

best regards,

Kurt

6 REPLIES
Cisco Employee

Re: Username in EEM

There is no EEM variable for username (only command and command count for a CLI event detector). However, you can enable "logging userinfo" (if supported in your IOS). That will tell you when someone enters enable mode:

Mar 20 09:25:47 EDT: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by marcus on vty4 (172.18.254.237)

New Member

Re: Username in EEM

Hmm, unfortunatly 'logging userinfo' does'nt seem to be supported in 12.2(18)SXF12 on the 6500 platform :-(

Any other way to get this information logged ?

TIA,

Kurt

Cisco Employee

Re: Username in EEM

You can try enabling "login on-success log". That will log to syslog every time one successfully logs in. It should log a message on enable.

New Member

Re: Username in EEM

Both of your hints work fine on our 7206 with IOS 12.3, but unfortunatly both are not available in 12.2(18)SXF12 on the 6500.

Anyway, thanks a lot for your help.

Best regards,

Kurt

Cisco Employee

Re: Username in EEM

We're looking to enhance EEM to provide these properties in the future, but that will take time. One sure way to do accounting as to who is becoming enabled is to use a AAA server.

Cisco Employee

Re: Username in EEM

I filed CSCso33352 requesting an enhancement to EEM so that username, vty, host, and privilege level variables could be passed to CLI policies.

191
Views
0
Helpful
6
Replies