topic ACS 5.4 CLI logging in Network Access Control https://community.cisco.com/t5/network-access-control/acs-5-4-cli-logging/m-p/2208277#M112381 <P>I need to be able to see login and logoff of the admin to the ACS 5.4 CLI.&nbsp; I would like remote syslog message anytime someone uses ssh to the ACS server CLI.&nbsp; </P><P></P><P>I currently have have remote logging enabled and have tried both 6-inform and 7-debug loglevels.</P><P></P><P>logging 192.x.x.x</P><P>logging loglevel 7</P><P></P><P>The only message I see on my syslog server that suggests a login of the "admin" user is the following.</P><P></P><P><SPAN style="font-family: 'comic sans ms', sans-serif;">Jun 13 21:30:54 acsservername debugd[13478]: [14209]: utils: cars_shellcfg.c[118] [admin]: Invoked carsGetConsoleConfig</SPAN></P><P></P><P>And I see no message that the admin user logged off.</P><P></P><P>I've tried enabling "debug all" and I can see the logged in users via "show users" but I need some sort of log message so I can track and audit the log in attempts.&nbsp; It would also be nice to&nbsp; see password failure attempts which I don't see either. </P><P></P><P>Am I missing something?&nbsp; Can the CLI of ACS 5.4 be configured to log this information?&nbsp; </P><P></P><P>Thanks</P><P>Tony</P> Mon, 11 Mar 2019 03:32:32 GMT webstert 2019-03-11T03:32:32Z ACS 5.4 CLI logging https://community.cisco.com/t5/network-access-control/acs-5-4-cli-logging/m-p/2208277#M112381 <P>I need to be able to see login and logoff of the admin to the ACS 5.4 CLI.&nbsp; I would like remote syslog message anytime someone uses ssh to the ACS server CLI.&nbsp; </P><P></P><P>I currently have have remote logging enabled and have tried both 6-inform and 7-debug loglevels.</P><P></P><P>logging 192.x.x.x</P><P>logging loglevel 7</P><P></P><P>The only message I see on my syslog server that suggests a login of the "admin" user is the following.</P><P></P><P><SPAN style="font-family: 'comic sans ms', sans-serif;">Jun 13 21:30:54 acsservername debugd[13478]: [14209]: utils: cars_shellcfg.c[118] [admin]: Invoked carsGetConsoleConfig</SPAN></P><P></P><P>And I see no message that the admin user logged off.</P><P></P><P>I've tried enabling "debug all" and I can see the logged in users via "show users" but I need some sort of log message so I can track and audit the log in attempts.&nbsp; It would also be nice to&nbsp; see password failure attempts which I don't see either. </P><P></P><P>Am I missing something?&nbsp; Can the CLI of ACS 5.4 be configured to log this information?&nbsp; </P><P></P><P>Thanks</P><P>Tony</P> Mon, 11 Mar 2019 03:32:32 GMT https://community.cisco.com/t5/network-access-control/acs-5-4-cli-logging/m-p/2208277#M112381 webstert 2019-03-11T03:32:32Z Re: ACS 5.4 CLI logging https://community.cisco.com/t5/network-access-control/acs-5-4-cli-logging/m-p/2208278#M112419 <HTML><HEAD></HEAD><BODY><P>What I think you're after is the ACS's "ACSManagementAudit.log" file which is stored in /opt/CSCOacs/logs/ and accessed via the "show ACS-logs" CLI command. This should show you all ACS GUI and CLI Admin Activities...<BR /><BR /><BR /><BR />Sent from Cisco Technical Support iPad App</P></BODY></HTML> Fri, 14 Jun 2013 08:12:01 GMT https://community.cisco.com/t5/network-access-control/acs-5-4-cli-logging/m-p/2208278#M112419 Richard Atkin 2013-06-14T08:12:01Z