cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6837
Views
0
Helpful
3
Replies

Syslog Server and Command History

Yasir Iqbal
Level 1
Level 1

Dear All,

We have Cisco Setup at our office. My question is if one of our team member log on the device and do some changes. How can we trace that login info and changes other than history command. Do syslog server give us logs about the commands he has given and through which username and password he has log on the device.

1 Accepted Solution

Accepted Solutions

yes it will very slightly though  just keep the logging size down a bit , if you notice mem or cpu issues lower it again

I used to have it running on a lot of routers until, we got a software that did the same thing and I never really noticed any issue with it in terms of using up cpu and ram , obviously though the more you store the more it uses but its only history buffer so should not effect prod traffic at all

show proc cpu sorted will show if its effecting cpu at all , if mem gets effected it will most likely pop up in show log , never seen it happen though from just using archiving you should be fine

View solution in original post

3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

Hi

You need to set it up first its not enabled by default

Archiving is what it is called when you can see what a user has done and changes they made

http://itknowledgeexchange.techtarget.com/cisco/tracking-configuration-changes-with-the-cisco-ios-built-in-using-the-archive-command/

For each configuration command that is executed, the following information will be logged:

• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command

Here is a sample of how you configure it:

Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)

Dear Mark,

Thank you very much for the answer. One more question. If we apply this on our core switch do archiving will increase the CPU utilization. I means these commands will have overhead on the CPU and RAM or it consume little processing power.

yes it will very slightly though  just keep the logging size down a bit , if you notice mem or cpu issues lower it again

I used to have it running on a lot of routers until, we got a software that did the same thing and I never really noticed any issue with it in terms of using up cpu and ram , obviously though the more you store the more it uses but its only history buffer so should not effect prod traffic at all

show proc cpu sorted will show if its effecting cpu at all , if mem gets effected it will most likely pop up in show log , never seen it happen though from just using archiving you should be fine

Review Cisco Networking for a $25 gift card