09-29-2023 01:51 AM
Hello together,
I've got some Catalyst 9200 (IOS XE 17.06.04) here that are configured to send syslog messages to an external syslog server.
So far, it works fine. The 9200 are sending their syslog messages to the server. For example, when a local user logs into a switch, a syslog event is generated and sent to the syslog server, same on logout.
But: I have a few scenarios that should generate syslog messages, and I'm not shure if it is possible with these switches:
When a new local user is created or deleted on the switch,
when a new local group is created,
when a user's privileges are changed
and some more.
I tested it, none of these cases produces a syslog message.
Changing the loglevel to debug didn't bring any improvement either (with command "logging snmp-trap debugging"; I'm not even shure it this affects syslog messages and snmp traps or only snmp traps; description says "set syslog level for snmp trap").
Numerous messages that are of no interest to me are logged via syslog, but I can't find how to log if a local user oder a local group is deleted or created.
Is it possible to configure syslog on the C9200 more individually so that user deletions, privilege changes, etc. are also logged via syslog?
Thanks
holmigeirr
Solved! Go to Solution.
09-29-2023 03:23 AM
I have simple config :
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
logging source-interface Loopback0
logging host x.x.x.x
try added user and deleted and works as below (is this what you looking ?)
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:notify syslog contenttype plaintext
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:username bbandi1 privilege 7 secret 9 *
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:!config: USER TABLE MODIFIED
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAA logged command:no username bbandi1
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
09-29-2023 03:23 AM
I have simple config :
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
logging source-interface Loopback0
logging host x.x.x.x
try added user and deleted and works as below (is this what you looking ?)
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:notify syslog contenttype plaintext
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:username bbandi1 privilege 7 secret 9 *
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAAA logged command:!config: USER TABLE MODIFIED
%PARSER-5-CFGLOG_LOGGEDCMD: User:AAA logged command:no username bbandi1
%SYS-5-CONFIG_I: Configured from console by AAAA on vty0 (x.x.x.x)
09-29-2023 04:02 AM - edited 09-29-2023 04:02 AM
Hello balaji.bandi,
I missed this line in the log-config:
notify syslog contenttype plaintext
It work's!
Thank you very much!
09-29-2023 04:15 AM
Glad that help you...cheers !
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide