04-28-2004 06:39 AM - edited 03-02-2019 03:19 PM
Can anyone help me? I need a means of logging who logs on to the Router and at what time. Then I also need to log all changes made during each person's logon session (in form of configuration change).
Also, when a user connects to this my 3660 Router through PPP, I want to be able to have a log entry telling the username that logged on, the time he logged on and when he logged off and the systems on the network the user accessed during his session.
I want this log to go to a central Computer Server in a format that can be easily read by my Management / Audit Unit at any time.
What are the Software options that I can have for installation on my Server? How do I configure my Router to send logs just the way I want it?
I got a trial version of Winsyslog which I am currently trying out. But I dont think this meets my needs cos all I get as log are interface state changes from DOWN to UP and nothing more.
What suggestions can anyone give me please.
Thanks in advance.
04-28-2004 07:10 PM
Hi,
If you want a detailed logging and accounting. Use should use a RADIUS or TACACs based AAA server for
Authentication(Who are You), Authorization(What can you do), Accounting(What have you done). All these details can be monitored and logged using a AAA server. Cisco has TACACs Cisco Secure ACS software.
If you have a large number of routers, it is advisable to use an AAA server.
check this link
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html
it will tell you all about cisco secure
05-04-2004 01:06 PM
Most Cisco routers can not generate the kind of information you are asking about to syslog. I did test at one point with a Dial Access AS5350 which has a feature called Call Tracker which does send to syslog and includes most of the information you mentioned (but I found the Call Tracker output quite cryptic and not in a format that could be easily read by your Management/Audit unit).
The way to generate the information you are interested in is through the aaa accounting function. It does a very good job of identifying who logged in on what device at what time. It has options to record the commands that they issue. I have configured it to record the ID that was authenticated from ppp sessions. I am not sure that it would tell you all the remote systems that were accessed. The accounting records from various routers do go to a central server which processes the accounting records and produces various reports.
These functions are built into the IOS. You would need a server to receive and process the accounting records. The servers that I have had experience with in doing this were running tacacs (the Cisco ACS product includes this).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide