Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to audit in syslog this information

Hello everyone, I want to know everything about the remote session in my routers and switches so I want to know if there is a way to send to my syslog server the following information:

1- The end of session or logout with the username, (Currently I know the log-on info with archive command)

2- The amount of information transmited and received during the session.

3- Interface the user used to logon to the router or switch.

Thanks in advanced.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to audit in syslog this information

3 REPLIES

Re: how to audit in syslog this information

With a AAA server such as Cisco ACS, you can achieve 1 & 3. I'm not sure I understand #2, are you looking for the commands entered (which ACS can do) or the amount of data transfered over the TTY line? All of this data can be forwarded to your syslog server or viewed directly in ACS.

Hope that helps.

New Member

Re: how to audit in syslog this information

Thanks for your answer, cuould you please tell me the right IOS commands to get this info or any configuration cue in ACS to get that?

I have the ACS 4.1 and I have these IOS commands just for authentication:

aaa authentication login XXXX group radius

aaa authentication login XXXX local-case

aaa authentication enable default group radius enable

The fields in the ACS Passed Authentication reports are:

Date Time User-Name Message-Type Group-Name Caller-ID NAS-Port NAS-IP-Address Network Access Profile Name Shared RAC Downloadable ACL System-Posture-Token Application-Posture-Token Reason EAP Type EAP Type Name PEAP/EAP-FAST-Clear-Name Access Device Network Device Group

And if you see I do not received what I want juest the the log-on info.

on other hand I have the syslog server which received everthing I type and other information from this IOS commands.

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

logging trap notifications

logging source-interface Vlan117

logging 10.32.0.132

However these neither give what I'm looking for. With regards your question is the amount of data transfered over the TTY line.

Thank you.

Re: how to audit in syslog this information

385
Views
0
Helpful
3
Replies
CreatePlease login to create content