Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logging on a router

Hello,

I have a problem when an admin logged in to a router it doesn't show when that person logged in. It only show when he do a change on a router and do wr memory. Here is config I have. Please help. Thanks

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

logging buffered 4096 debugging

logging console informational

logging monitor informational

logging facility local6

logging source-interface FastEthernet0/0

logging 10.17.84.7

5 REPLIES
Silver

Re: Logging on a router

I've only seen what you are asking for when an authentication server such as a TACACS server was being used.

The config you have shown the forum will only display in the config when a change is made on the router and/or when a config is saved to memory.

Hope this helps.

New Member

Re: Logging on a router

Can that be configure on a cisco router or it a seprate server on a nother machine? Thanks

Bronze

Re: Logging on a router

This is what you're looking for:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_4/gt_login.htm

This will log a syslog event anytime an admin user attempts login via vty or console. We use it on all of our devices and it works great. There is an example of this on my blog below and integrating it with CS-MARS.

HTH

-Mike

http://cs-mars.blogspot.com

New Member

Re: Logging on a router

you need AAA accounting for this. Here is how:

aaa new-model

aaa authentication login notac none

aaa authentication login VTY group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization exec notac none

aaa authorization exec VTY group tacacs+ if-authenticated none

aaa authorization commands 0 VTY group tacacs+ if-authenticated none

aaa authorization commands 1 VTY group tacacs+ if-authenticated none

aaa authorization commands 15 VTY group tacacs+ if-authenticated none

aaa authorization network VTY group tacacs+ if-authenticated none

aaa accounting exec TAC start-stop group tacacs+

aaa accounting exec VTY start-stop group tacacs+

aaa accounting commands 0 TAC start-stop group tacacs+

aaa accounting commands 0 VTY start-stop group tacacs+

aaa accounting commands 1 TAC start-stop group tacacs+

aaa accounting commands 1 VTY start-stop group tacacs+

aaa accounting commands 10 TAC start-stop group tacacs+

aaa accounting commands 15 TAC start-stop group tacacs+

aaa accounting commands 15 VTY start-stop group tacacs+

aaa accounting network VTY start-stop group tacacs+

aaa accounting connection TAC start-stop group tacacs+

aaa session-id common

line vty 0 15

authorization commands 0 VTY

authorization commands 1 VTY

authorization commands 15 VTY

authorization exec VTY

accounting commands 0 VTY

accounting commands 1 VTY

accounting commands 15 VTY

accounting exec VTY

login authentication VTY

You can see everything what the user is doing via tacacs accounting log

New Member

Re: Logging on a router

I'm not sure which version IOS you are running but 12.3(4) and up have config change logging and notification built-in already. You would just have to enable that feature.

To enable this just enter:

Config Mode

logging enable

archive

log config

hidekeys (hides passwords)

notify syslog

With this you can base alerts off what is sent to the syslog server.

117
Views
0
Helpful
5
Replies
CreatePlease to create content