Show logging output, meaning of audit disabled

naqnazri1 · ‎11-10-2021

Hello Everyone,

Apologize if this is simple question but I've tried google but still not really understood.

I would like to understand this if anyone here can enlighten me. I've managed to send routers log messages to our dedicated Syslog Server. I got a question from auditor that "why is the audit is disabled?" (As I attached below with red color)

Can anyone explain to me what is the purpose of "audit disabled" Logging to 192.168.5.1 (udp port 514, audit disabled,

Appreciate your help guys!! my god bless!

Router#sh logging
Syslog logging: enabled (0 messages dropped, 11481 messages rate-limited, 0 flushes, 2 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level debugging, 44 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 597552 messages logged, xml disabled,
filtering disabled
Exception Logging: size (8192 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 242576 message lines logged
Logging to 192.168.5.1 (udp port 514, audit disabled,
link up),
242575 message lines logged,

balaji.bandi · ‎11-10-2021

that red on not going to stop your logging, can you post your logging config ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

naqnazri1 · ‎11-18-2021

Hi there,

Here my config as attached

Thank you and much appreciated

marce1000 · ‎11-10-2021

- This might be related to user (management) activity being logged or not , can be activated with (in config mode):

logging userinfo
login on-failure log
login on-success log
archive
log config
logging enable

logging size 1000
notify syslog contenttype plaintext
hidekeys
logging size 1000
notify syslog contenttype plaintext
hidekeys

Check if that makes a difference when added in the config and or with the show logging command.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

naqnazri1 · ‎11-18-2021

Hello there Marce

I've tried config you advised as it still showing the same result when "show logging"

Here I attached as below

Thank you Marce

Router#sh logg
Syslog logging: enabled (0 messages dropped, 6 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level debugging, 76 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 889 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 830 message lines logged
Logging to 192.168.5.1 (udp port 514, audit disabled,
link up),
829 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
GigabitEthernet0/1

Router#
Router#sh run | s logging
logging userinfo
logging buffered 51200
no logging console
logging enable
logging size 500
ip ssh logging events
logging source-interface GigabitEthernet0/1
logging host 191.168.5.1
logging synchronous
Router#
Router#sh run | s archive
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
hidekeys
Router#