Using access-list with the log-input command for logging telnet access will only report ip packets that match the access-list.
Assuming you want have "tighter" control and security in regards to telnet activity I suggest you use configure AAA and use Cisco Secure ACS as a reporting tool for Authenticaiton failures and Configuration activities. ACS can give passed authentication, failed authentication, authorization control and accounting information as to what was the config lines entered on to the router/switch. Use Tacacs+, since radius is better with PPP sessions.
What you can do with syslog; is to log the telnet session once a configuration change has been made. To do this, your logging trap level need to be set to "informational".
Router#(conf)logging buffered 8000 debugging
Router#(conf)logging trap 5
This configuration will be able to send a syslog message to your NMS the moment a telnet user makes a config change, since the severity matches level 5. It will look like this: Sep 1 15:09:54.698: %SYS-5-CONFIG_I: Configured from console by joesoap on vty0 (10.1.X.X)
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...