Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog question

Is it possible to somehow log the commands entered on a Cisco router 3825 to a syslog server. I've got syslog logging set up on the router, but even when I set the level to "Debugging", it doesn't show the commands entered. I can only see when someone exits out of "config terminal". We need to implement command auditing.

Thanks.

3 REPLIES
Green

Re: Syslog question

No, there really is no way to do real-time command logging.

Your best shot there is to either turn on capture from the terminal program, or set a management platform to watch for console messages (like exiting from config-t) and do a "diff" or similar on the configs to see what's been changed (if anything).

I supppose you could install an intermediate system; one that is set up to be the only system permitted (by ACL) to access the router(s) by telnet /SSH, then "T" or shim the system to capture the bidirectional traffic to the router (and into your logs)... basically a Telnet Proxy to the routers.

There's probably another couple ways to handle your situation ... this is all that comes to mind for me right now.

Good Luck

Scott

Red

Re: Syslog question

You will probably need to set up AAA (Authentication, Authorization and Accounting) and use ACS.

The ACS will log all the information you are looking for.

Hall of Fame Super Silver

Re: Syslog question

Nadim is right that the accounting function of aaa provides this functionality very well. At a customer site where I do a lot of work we use this on all our routers and it is very effective. I am not aware of any way to do this with syslog.

HTH

Rick

117
Views
0
Helpful
3
Replies
CreatePlease to create content