https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370514#M357177 <P>Hello,</P><P></P><P>We use RANCID to monitor changes to all our Cisco gear. Once an hour RANCID does a diff on the last running-config. If it detects a change, it notifies me of the changes on the router/switch. This works great, but it does not record WHO made the changes.</P><P></P><P>So I am looking for a way to log to syslog any commands issued by a particular user. This can be done correct?</P><P></P><P>Thanks,</P><P></P><P>Pedro</P> Sun, 10 Mar 2019 23:58:27 GMT Pete89 2019-03-10T23:58:27Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370514#M357177 <P>Hello,</P><P></P><P>We use RANCID to monitor changes to all our Cisco gear. Once an hour RANCID does a diff on the last running-config. If it detects a change, it notifies me of the changes on the router/switch. This works great, but it does not record WHO made the changes.</P><P></P><P>So I am looking for a way to log to syslog any commands issued by a particular user. This can be done correct?</P><P></P><P>Thanks,</P><P></P><P>Pedro</P> Sun, 10 Mar 2019 23:58:27 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370514#M357177 Pete89 2019-03-10T23:58:27Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370515#M357188 <HTML><HEAD></HEAD><BODY><P>You can use AAA accounting for it.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 24 Feb 2010 18:58:21 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370515#M357188 Panos Kampanakis 2010-02-24T18:58:21Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370516#M357208 <HTML><HEAD></HEAD><BODY><P>What I am not sure of is if you can do aaa acounting to syslog and if you can do it on a per user basis.</P></BODY></HTML> Wed, 24 Feb 2010 19:00:26 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370516#M357208 Pete89 2010-02-24T19:00:26Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370517#M357220 <HTML><HEAD></HEAD><BODY><P>I doubt you can do accounting to syslog (send commands).</P><P></P><P>PK</P></BODY></HTML> Wed, 24 Feb 2010 19:15:56 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370517#M357220 Panos Kampanakis 2010-02-24T19:15:56Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370518#M357267 <HTML><HEAD></HEAD><BODY><P>If you are using IOS 12.4 or higher, you can use the following commands:</P><P></P><P>archive<BR /> log config<BR />&nbsp; hidekeys</P><P></P><P>It will send whatever changes and whoever changes the configs to syslog. </P><P></P><P>I myself prefer AAA accounting but the above method will work just as well.</P></BODY></HTML> Thu, 25 Feb 2010 23:41:22 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370518#M357267 cciesec2011 2010-02-25T23:41:22Z https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370519#M357324 <HTML><HEAD></HEAD><BODY><P>Thanks for answering my post!</P><P></P><P>IOS 12.4 or higher? Is that a typo? Isnt 12.2 the latest? I tried these commands on one of my switches and I still dont see anything in syslog.</P></BODY></HTML> Mon, 01 Mar 2010 14:18:16 GMT https://community.cisco.com/t5/network-access-control/logging-commands-to-syslog/m-p/1370519#M357324 Pete89 2010-03-01T14:18:16Z