Hi,

Thank you Richard for the answer.

for the same router i found the following command in the config file (Cisco 2811, IOS 12.4(3i) ): 

logging buffered 51200 warnings

Is this command configured by default in the router? other question if the buffer size is fixed to 51200 in the config file  why in the "show log" output we found that the buffer size is set to 4096 bytes (refer to the previous post). Thanks.

Fida

This is surprising and quite puzzling. The output in your first post shows clearly that the logging buffer is operating at the debug level and has a buffer of 4096. The configuration command would set the buffer size quite a bit larger (which is probably good) and would have it operate at the warning level.

I am quite puzzled how that command would be in the config but not alter the behavior of the logging process. Perhaps there is something in the context of that configuration command that might help us understand it. Could you post the section of the config in which that command is found?

HTH

Rick

Hi,

Bellow the section in which the command is found:

boot-start-marker
boot system flash c2800nm-advsecurityk9-mz-151-1.T4.BIN
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
!
dot11 syslog
prompt "turt81 #"
ip source-route
!
!
ip cef

Fida

Thank you for the additional information. The config command here is different from what you described in your previous post. This configuration command does agree with the behavior of the router in which logging buffer does operate at the debug level (the default behavior) and has a buffer of size 4096.

HTH

Rick

Sorry, you are right.

One other thing, what's the command to use to track the cisco users activity in the router, I mean which IP address connected to the router, the successful logins...

Thanks.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Tracking what a user is doing on the router is a bit involved; i.e. it's not just a single command that logs to syslog.  I believe it requires configuration of AAA.

Fida

I believe that Joseph is describing using the Accounting function of AAA to send accounting records to the AAA server to report on user activity. And that is the more complete and sophisticated way to track user activity (it can show not only the logins with address but also other user activity).

There is a more simple solution which might provide what you are looking for. In fairly recent versions of IOS Cisco has introduced the ability to create log messages for login activity (you can log successful login and/or unsuccessful attempts to login), Check out these commands

login on-success log

login on-failure log

They do not provide nearly as much detail as the AAA accounting would, but perhaps they would give you enough to satisfy your requirement.

HTH

Rick

Fida

I am glad that my responses were helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify posts that have helpful information.

HTH

Rick