cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
361
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to send logs to syslog when config changed and user login

Hi,

 

I want my switch to send a log to syslog server when

1. config changed

2. user login(success or fail)

 

After setting (as below), syslog server only receive interface up/down logs,

What setting am I missing?

 

===Devices===

Switch: 2960L

Syslog server: 10.0.1.22:51405(UDP)

 

===Setting===

logging on
logging host 10.0.1.22 transport udp port 51405
logging trap 7
logging userinfo
logging reload 7
login on-success log every 1
login on-failure log every 1
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys

Everyone's tags (2)
3 REPLIES 3
Highlighted
VIP Mentor

Re: How to send logs to syslog when config changed and user login

Hi
Try use archive instead link example below

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-3s/config-mgmt-xe-3s-book/cm-config-logger.html

How to Configure Configuration Change Notification and Logging
Configuring Configuration Change Notification and Logging
SUMMARY STEPS

1. enable

2. configure terminal

3. archive

4. log config

5. logging enable

6. logging size entries

7. hidekeys

8. notify syslog

9. end
Highlighted
Beginner

Re: How to send logs to syslog when config changed and user login

Hi Mark,

These commands are included in my setting.
1. Should I remove other settings?
2. Should I make sure my setting is same as your command?(notify syslog contenttype plaintext => notify syslog)
Highlighted
VIP Mentor

Re: How to send logs to syslog when config changed and user login

Hi
no keep them there correct , i don't even have all that and it works i just point to the syslog server , i do use archive though to backup to flash and servers, do you see the users in show loggs like below , that should then go to syslog , i have same settings on my switches/routers , theres 2960s in there too

Mar 27 08:16:45.951 UTC: %SSH-5-SSH2_USERAUTH: User 'mmalone' authentication for SSH2 Session from x.x.x.x (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded


in show logss does it show the same im set to informational

Trap logging: level informational, 4889643 message lines logged
Logging to x.x.x.x (Mgmt-vrf) (udp port 514, audit disabled,
link up),



CreatePlease to create content
Content for Community-Ad