cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
957
Views
0
Helpful
2
Replies

Audit all configuration changes

Wolfgang Maier
Level 1
Level 1

Greetings,

we are using radius and active directory to authenticate to the switches. All syslog messages are sent to a LMS 3.2 server.

How can i configure auditing so that command on the running config from every user is reported via syslog?

Thank you.

Regards,

C.

1 Accepted Solution

Accepted Solutions

Hi Christian,

This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

View solution in original post

2 Replies 2

Hi Christian,

This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

Hello Vasilis,

thank you for your reply. That was it.

Review Cisco Networking for a $25 gift card