01-28-2025
04:56 AM
- last edited on
01-28-2025
07:08 AM
by
rupeshah
Hi Team,
I need help configuring Cisco Nexus and Catalyst switches to log every command executed by any user. For example, if someone runs a command to create a VLAN or configure an ACL, it should be logged.
Currently, I can only see logs for when a user logs in or saves the configuration. I would like to extend this to capture all commands executed in configuration or privileged mode.
Can anyone assist with setting this up?
Thank you for your help!
01-28-2025 07:16 AM
M.
01-28-2025 08:00 AM
As mentioned in the above doc, below cmds can help to log the config cmds in log.
configure terminal
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
However, it just shows the config cmds, not the exec mode cmds (like show cmds / write mem). Syslog is not the best way for that.
Use AAA radius / tacacs to log all the user commands and refer at later point in time.
01-28-2025 08:58 AM
SW run ios xe
configure terminal
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
For Nexus you need to have tacacs' archive not work with nexus.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide