Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
5
Helpful
4
Replies

Configuration tracking.

Go to solution
ahilton
Level 1
Level 1

‎05-04-2004 12:41 PM - edited ‎03-02-2019 03:27 PM

I know I can use CiscoWorks to capture entire configurations on a daily/weekly/monthly basis if I so desire. But what I want, is a tool to capture when someone logs in, and EVERY line of command that they run. I read in the Cisco Secure ACS server that it has this capability, but even after attempting to configure that function, I do not get those kinds of logs. Any help?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
steve.busby
Level 5
Level 5

‎05-04-2004 12:59 PM

Ensure you're using the "Accounting" features of AAA.

Something like this for IOS:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

and for CatOS:

set accounting exec enable stop-only tacacs+

set accounting commands enable all stop-only tacacs+

Unfortunately, you will have two different logs to look at in CSACS, one for when they log in/out and the other for what commands they ran.

CW2K/RME Configuration Management will capture the actual switch/router configs as you specify down to the hour.

View solution in original post

Go to solution
rmushtaq
Level 8
Level 8

‎05-04-2004 01:16 PM

CiscoSecure is not meant for config featch, it's meant for doing Authentication, Authorization, and Accounting only.

For doing it in CiscoWorks, the configuration archive automatically detects when a configuration change is made and retrieves the new version of the device configuration. The configuration archive can be updated with configuration changes in three ways:

The change probe process listens to configuration changes on the devices through

syslog messages. When a configuration change is detected, the archive retrieves the latest configuration. You schedule a manual retrieval of all configurations. You schedule the SNMP poller to detect configuration changes on the device.

You can modify how and when the configuration archive retrieves configurations b

y selecting one or all of the following:

Listen to Syslog Messages

Config Retrieval Schedule

SNMP Poller Schedule

See the CiscoWorks docs for more details.

you can also use the free ware tool for this, CiscoConf from: http://cosi-nms.sourceforge.net/alpha-progs.html

View solution in original post

0 Helpful
4 Replies 4

Go to solution
steve.busby
Level 5
Level 5

‎05-04-2004 12:59 PM

Ensure you're using the "Accounting" features of AAA.

Something like this for IOS:

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

and for CatOS:

set accounting exec enable stop-only tacacs+

set accounting commands enable all stop-only tacacs+

Unfortunately, you will have two different logs to look at in CSACS, one for when they log in/out and the other for what commands they ran.

CW2K/RME Configuration Management will capture the actual switch/router configs as you specify down to the hour.

Go to solution
rmushtaq
Level 8
Level 8

‎05-04-2004 01:16 PM

CiscoSecure is not meant for config featch, it's meant for doing Authentication, Authorization, and Accounting only.

For doing it in CiscoWorks, the configuration archive automatically detects when a configuration change is made and retrieves the new version of the device configuration. The configuration archive can be updated with configuration changes in three ways:

The change probe process listens to configuration changes on the devices through

syslog messages. When a configuration change is detected, the archive retrieves the latest configuration. You schedule a manual retrieval of all configurations. You schedule the SNMP poller to detect configuration changes on the device.

You can modify how and when the configuration archive retrieves configurations b

y selecting one or all of the following:

Listen to Syslog Messages

Config Retrieval Schedule

SNMP Poller Schedule

See the CiscoWorks docs for more details.

you can also use the free ware tool for this, CiscoConf from: http://cosi-nms.sourceforge.net/alpha-progs.html

0 Helpful

Go to solution
ahilton
Level 1
Level 1
In response to rmushtaq

‎05-05-2004 09:28 AM

So, it sounds like there isn't a way to see the commands that someone runs. And then a comparison has to be made between the "old" config and the "new" config. Hmmm..I know via Hyperterm or Putty SSH I can create a "log" that captures every command run and screen viewed, that may be something to investigate for tracking purposes as well for this audience that is very concerned with changes being made.

Thanks for the info!

0 Helpful

Go to solution
MARK BAKER
Level 4
Level 4
In response to ahilton

‎08-11-2004 06:10 AM

With the commands in the first reply, CSACS can log commands entered in privilege mode.

In CSACS, go to system configuration and click on logging. Ensure that TACACS+ Administration is checked. You cna also modify what is being logged by clicking the hyperlink.

Next, click reports & Activities then TACACS+ Administration. You should have a list of CSV files containing commands entered on the routers/switches.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card