Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
2
Replies

How Can I Log Router Log Ons and Changes Made

tereubencisco
Level 1
Level 1

‎04-28-2004 06:39 AM - edited ‎03-02-2019 03:19 PM

Can anyone help me? I need a means of logging who logs on to the Router and at what time. Then I also need to log all changes made during each person's logon session (in form of configuration change).

Also, when a user connects to this my 3660 Router through PPP, I want to be able to have a log entry telling the username that logged on, the time he logged on and when he logged off and the systems on the network the user accessed during his session.

I want this log to go to a central Computer Server in a format that can be easily read by my Management / Audit Unit at any time.

What are the Software options that I can have for installation on my Server? How do I configure my Router to send logs just the way I want it?

I got a trial version of Winsyslog which I am currently trying out. But I dont think this meets my needs cos all I get as log are interface state changes from DOWN to UP and nothing more.

What suggestions can anyone give me please.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

r.docuyanan
Level 1
Level 1

‎04-28-2004 07:10 PM

Hi,

If you want a detailed logging and accounting. Use should use a RADIUS or TACACs based AAA server for

Authentication(Who are You), Authorization(What can you do), Accounting(What have you done). All these details can be monitored and logged using a AAA server. Cisco has TACACs Cisco Secure ACS software.

If you have a large number of routers, it is advisable to use an AAA server.

check this link

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

it will tell you all about cisco secure

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎05-04-2004 01:06 PM

Most Cisco routers can not generate the kind of information you are asking about to syslog. I did test at one point with a Dial Access AS5350 which has a feature called Call Tracker which does send to syslog and includes most of the information you mentioned (but I found the Call Tracker output quite cryptic and not in a format that could be easily read by your Management/Audit unit).

The way to generate the information you are interested in is through the aaa accounting function. It does a very good job of identifying who logged in on what device at what time. It has options to record the commands that they issue. I have configured it to record the ID that was authenticated from ppp sessions. I am not sure that it would tell you all the remote systems that were accessed. The accounting records from various routers do go to a central server which processes the accounting records and produces various reports.

These functions are built into the IOS. You would need a server to receive and process the accounting records. The servers that I have had experience with in doing this were running tacacs (the Cisco ACS product includes this).

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card