Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4107
Views
5
Helpful
5
Replies

change in privilege level for the command show logging

Richard Burts
Hall of Fame
Hall of Fame

‎04-14-2009 09:14 AM

I have recently discovered a change in behavior in IOS. The command show logging has traditionally been available at user level. Now it has become a privilege level 15 command.

I thought that this was strange and opened a case with Cisco TAC about it. I was told that this is a new "feature" that was implemented for bugid CSCsl61281. Unfortunately this bugid is viewable by Cisco internally but not viewable by the public.

The TAC engineer tells me that this change is integrated into these releases:

This was integrated into the following releases:

12.4(24.05.01)PIX11

12.4(21.14.09)PIC01

12.4(19.03)T

12.2(52.23)SIN

12.2(33)SXI01

12.2(32.08.11)SX229

12.2(32.08.11)SR174

I do not think that this is a good change. If you do not think that this is a good change I suggest that you contact your Cisco support team and express your opinion about this change.

Otherwise as you go to new versions of IOS be aware of the potential impact on your network monitoring processes and procedures that show logging will require level 15 privilege access.

HTH

Rick

HTH

Rick
1 person had this problem
Labels:
0 Helpful
5 Replies 5

nairsudhish
Level 1
Level 1

‎06-01-2010 12:27 AM

Hi Rick,

Can you suggest me references to know more about privilege level commands?

How to enable different commands for different levels of privileges?

Thanks.

-Sudhish

0 Helpful

Isuru Manikkage
Level 1
Level 1

‎06-23-2015 08:42 PM

Hi Rick,

I have this problem too. I need to allow my country administrators (RO Admins) to be able to view the log using "show logging" command but I am unable to allow it

I have added that command in ACS as allowed command sets for my RO Admins. but no luck. Any advise?

 

Regards,

Isuru

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Isuru Manikkage

‎06-24-2015 11:29 AM

Isuru

 

I am assuming that the admins that you refer to are at privilege level 1. Is that correct? I would think that something like

privilege exec level 1 show logging

should allow them to use the command.

 

HTH

 

Rick

HTH

Rick

Isuru Manikkage
Level 1
Level 1
In response to Richard Burts

‎06-24-2015 06:53 PM

Hi Rick,

The RO Admins I mentioned are with level 5 privilege.. I had the entry "privilege exec level 6 show logging" in my devices. I have changed it to "privilege exec level 5 show logging" in the devices and "sh logging" is working for the RO Admins now.

Thank you very much for your clear answer.

Regards,

Isuru

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Isuru Manikkage

‎06-24-2015 06:58 PM

Isuru

 

I am glad that my suggestion pointed you to a solution. Thanks for posting back to the forum to confirm that it did work. And thank you for the rating.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card