I need to exclude a monitoring software user name from the "aaa accounting commands" config. However, I have not found a way to do this. Does anyone know how I might be able to exclude users on the IOS end and not the server end?
Why would you want to? Wouldn't it be better to see what commands the monitoring software is issuing? Also, this way you can be sure that no one has hijacked the user account and is using it for other purposes.
I understand that you probably don't want scads of identical entries in your logs. But, I think this is better than not knowing all the commands that are being issued to your routers.
However, their is a point where to many logs are just noise. We have over 400,000 logs from the account command level 15 configuration, only about 1000 are not from the monitoring software. Logs are a good thing. Drowning in them is not :). These logs are also duplicate. The monitoring software, scripts and other devices that make dynamic changes on the routers also keep their own logs of the changes they are making. As far as hijacked users, I don't want to turn off exec accounting, just command accounting for specific users. I will still see who has looged in but I will have to correlate logs to see what they did. Not really all that hard, but a step none the less.
I saw that you can audit all commands executed by one user in your configuration. I've tried to do this, but I can't get sucess. The only events I get are "start exec" and "stop exec". I want to see all commands.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :