Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1963
Views
5
Helpful
3
Replies

activity user log

m.bersimis
Level 1
Level 1

‎09-13-2006 11:38 PM - edited ‎03-09-2019 04:11 PM

HI!

I need to know if there is a way when a user logs in a router or a switch and make a change that change must be logged in some way and all configuration changes must be seen somewhere. I know i can see in the show log that a user changed the configuration but i don't know what he did? i also managed to achieve to log when a configuration changed done by this command

service timestamps log datetime msec localtime show-timezone

but this only says who user changed something.

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎09-14-2006 12:20 AM

Hi,

You may need to enable aaa feature in your routers or switches. But you have to have Cisco ACS server to capture all those commands which is viewable in the report page.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=AAA&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddc31e6

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

Pls rate all helpful post.

Rgds,

AK

0 Helpful

m.bersimis
Level 1
Level 1
In response to a.kiprawih

‎09-14-2006 12:39 AM

With the use of RADIUS server isn't possible to audit user actions? only with the use of the ACS server program?

Because we have already purchased the radius server for aaa accounting and aaa authorization

0 Helpful

a.kiprawih
Level 7
Level 7
In response to m.bersimis

‎09-18-2006 05:07 PM

If you want to authenticate, audit and authorize what commands a user/admin user can or allowed to execute, use TACACS instead of RADIUS.

RADIUS cannot do detail audit, it's limited to the info when the session started, ended, time and so on. No details on commands.

One of the obvious difference between RADIUS and TACACS is, RADIUS is used to authenticate incoming access from the client/normal user via whatever devices, e.g VPN server or remote access server. This service allows users/clients to access services behind the VPN server device (passing through). It is just merely to authenticate and validate users, not to verify/check what commands has been executed.

TACACS (or TACACS+), is a management protocol for a device, e.g cisco routers and switches, to authenticate, audit and authorize what command an admin user can or allowed to execute when doing configuration or administration tasks on the devices. So, if your intention is to do full AAA, then use TACACS+ instead of RADIUS.

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml

Pls rate all useful post(s).

Rgds,

AK

Customers Also Viewed These Support Documents