cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

841
Views
0
Helpful
1
Replies
Highlighted
Beginner

ACS 5.4 CLI logging

I need to be able to see login and logoff of the admin to the ACS 5.4 CLI.  I would like remote syslog message anytime someone uses ssh to the ACS server CLI. 

I currently have have remote logging enabled and have tried both 6-inform and 7-debug loglevels.

logging 192.x.x.x

logging loglevel 7

The only message I see on my syslog server that suggests a login of the "admin" user is the following.

Jun 13 21:30:54 acsservername debugd[13478]: [14209]: utils: cars_shellcfg.c[118] [admin]: Invoked carsGetConsoleConfig

And I see no message that the admin user logged off.

I've tried enabling "debug all" and I can see the logged in users via "show users" but I need some sort of log message so I can track and audit the log in attempts.  It would also be nice to  see password failure attempts which I don't see either.

Am I missing something?  Can the CLI of ACS 5.4 be configured to log this information? 

Thanks

Tony

1 REPLY 1
Highlighted
Enthusiast

What I think you're after is the ACS's "ACSManagementAudit.log" file which is stored in /opt/CSCOacs/logs/ and accessed via the "show ACS-logs" CLI command. This should show you all ACS GUI and CLI Admin Activities...



Sent from Cisco Technical Support iPad App

Content for Community-Ad