Thanks! I knew about the accounting log, just didn't know about the rest. 

Glad, it helped! 

-Thanks

Vinod

Is there a way to send it to the AAA server (tacacs in my case) *and* to syslog?  AAA server groups only send a message to the first server that responds; I need it sent to both processes.  Plus, it appears that I can only define RADIUS and TACACS accounting servers, and I need to be able to configure a SysLog accounting server.

I have the same question. We use AAA info in our syslog for troubleshooting, but for the Nexus platform we have not found a way to send it to syslog in the same way we do with the archive-command in IOS.

Cheers!

Dear
I have the same need.
I need to send the configuration change logs to a syslog server.
Does anyone know if it is possible and how to do? (Could pass me the reference documentation).

Thanks!

Have you guys found a solution on how to forward these AAA accounting logs to syslog? We are also looking for a way to do that.

It works fine with the "archive" command for all our Catalyst switches but unfortunately not for our new Nexus devices. Thats too bad.

With FreeRadius and AAA accounting enabled on the Nexus, then the accouting info is saved at, one folder per device...

/var/log/radius/radacct/<mgmt-ip>

The best way would be if that information could be sent to the normal syslog process that is running on the same server. Or if not possible we would need a way to forward that information into syslog.

Any ideas or possible solutions?

Any help is much appreciated :-)

No updates yet, unfortunately.  I've had thoughts about using EEM to do something interesting.  If I post something to SysLog via EEM, something (VSH I think) gets logged in the accounting logs, so I can't do it based on an update to the accounting log because it would be an infinite loop.

I haven't spent more than one evening plugging away at this one though, so I don't have a definitive answer.  Would be awesome though!  ASA and IOS/IOSXE both do it, it's a shame NXOS doesn't.

Same issue, no solution found yet.

Oh wow, thats the simplest way to configure command logging in Nexus-switches!

Works for N9k (Nexus 9000) as well.

This also works when you want the Log ACL to be written to a common logfile
Example:
ip access-list EXAMPLE
   statistics per-entry
   10 permit tcp X.X.X.X / 24 any log
   20 permit tcp X.X.X.X / 32 any log
   30 deny ip any any log

If something will match u could see it in the temporary information
show log ip access-list cache
show log ip access-list status

If you want send it to logfile, do:

switch (config) # logging level acllog 6
switch (config) # acllog match-log-level 6
switch (config) # logging logfile [name] 6
logging server X.X.X.X 6

Tnx  for the solution,

I've got only one question, Is there a reason why you make use of an extra logfile?

Is that so only your "level"6 messages go in there?

regards

I think if you know the exact name of your current logfile, and specify it, then the log will be written to the current file.
These were my productive switches and I did not want to do many experiments. with a "level5 I did not work.