Assistance Needed to Log All Commands on Cisco Nexus and Catalyst Swit

Manish Manwal · ‎01-28-2025

Hi Team,

I need help configuring Cisco Nexus and Catalyst switches to log every command executed by any user. For example, if someone runs a command to create a VLAN or configure an ACL, it should be logged.

Currently, I can only see logs for when a user logs in or saves the configuration. I would like to extend this to capture all commands executed in configuration or privileged mode.

Can anyone assist with setting this up?

Thank you for your help!

THANKS
MANISH MANWAL

marce1000 · ‎01-28-2025

- FYI : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15mt/config-mgmt-15-mt-book/cm-config-logger.pdf

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Devaa · ‎01-28-2025

As mentioned in the above doc, below cmds can help to log the config cmds in log.

configure terminal
 archive
  log config
   logging enable
   logging size 200
   hidekeys
   notify syslog

However, it just shows the config cmds, not the exec mode cmds (like show cmds / write mem). Syslog is not the best way for that.

Use AAA radius / tacacs to log all the user commands and refer at later point in time.

MHM Cisco World · ‎01-28-2025

SW run ios xe

configure terminal
 archive
  log config
   logging enable
   logging size 200
   hidekeys
   notify syslog

For Nexus you need to have tacacs' archive not work with nexus.

MHM