Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
2
Replies

Audit all configuration changes

Go to solution
Wolfgang Maier
Level 1
Level 1

‎04-17-2012 08:51 AM

Greetings,

we are using radius and active directory to authenticate to the switches. All syslog messages are sent to a LMS 3.2 server.

How can i configure auditing so that command on the running config from every user is reported via syslog?

Thank you.

Regards,

C.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎04-17-2012 03:01 PM

Hi Christian,

This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎04-17-2012 03:01 PM

Hi Christian,

This feature could be configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

0 Helpful

Go to solution
Wolfgang Maier
Level 1
Level 1
In response to Vasileios Bouloukos MSc, ITIL, CCIE

‎04-19-2012 01:46 AM

Hello Vasilis,

thank you for your reply. That was it.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card