We are looking for more information on the SCH configuration for the device which has AAA enabled.
a. Howdoes the SCH user configured in AAA plays a role in sending the logs. Can we have the detail explanation
b. How are the credentials handled by the device when pulling out the logs, as credentials if not masked can cause compliance issues. Plus level of access (Level 0 , 7 , 15) needed has to be confirmed.
c.Is there any document which talks about the end to end process/flow from the Cisco backend to the SCH enabled device.
Let me address your last question first, because this is a common misconception. There is no process or flow from the Cisco backend to the SCH enabled device. The flow is always from the device to Cisco. Enabling Call Home on a supported device does not give Cisco or anyone else access to that device.
Instead, Call Home, which is part of the OS, detects the fault, executes predetermined show commands and pushes that data to Smart Call Home.
We'll try to get more detail about the exact mechanism, but this is simply two local components of the operating system exchanging information. The account is only required when the customer has introduced external authentication. The password for that account is not required.