cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9413
Views
0
Helpful
8
Replies

How to send logs to syslog when config changed and user login

Kevin Bolton
Level 1
Level 1

Hi,

 

I want my switch to send a log to syslog server when

1. config changed

2. user login(success or fail)

 

After setting (as below), syslog server only receive interface up/down logs,

What setting am I missing?

 

===Devices===

Switch: 2960L

Syslog server: 10.0.1.22:51405(UDP)

 

===Setting===

logging on
logging host 10.0.1.22 transport udp port 51405
logging trap 7
logging userinfo
logging reload 7
login on-success log every 1
login on-failure log every 1
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys

8 Replies 8

Mark Malone
VIP Alumni
VIP Alumni
Hi
Try use archive instead link example below

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-3s/config-mgmt-xe-3s-book/cm-config-logger.html

How to Configure Configuration Change Notification and Logging
Configuring Configuration Change Notification and Logging
SUMMARY STEPS

1. enable

2. configure terminal

3. archive

4. log config

5. logging enable

6. logging size entries

7. hidekeys

8. notify syslog

9. end

Hi Mark,

These commands are included in my setting.
1. Should I remove other settings?
2. Should I make sure my setting is same as your command?(notify syslog contenttype plaintext => notify syslog)

Hi
no keep them there correct , i don't even have all that and it works i just point to the syslog server , i do use archive though to backup to flash and servers, do you see the users in show loggs like below , that should then go to syslog , i have same settings on my switches/routers , theres 2960s in there too

Mar 27 08:16:45.951 UTC: %SSH-5-SSH2_USERAUTH: User 'mmalone' authentication for SSH2 Session from x.x.x.x (tty = 1) using crypto cipher 'aes128-ctr', hmac 'hmac-sha1' Succeeded


in show logss does it show the same im set to informational

Trap logging: level informational, 4889643 message lines logged
Logging to x.x.x.x (Mgmt-vrf) (udp port 514, audit disabled,
link up),



Little late to the party. I was just having the same problem and adding the following fixed it for me

login on-success log every 1

login on-failure log every 1

Even later to the party...despite having the above configuration in place, I don't see a log message in my logging buffer or sent to syslog when the configuration is saved (write memory) on some devices.

 

I expect to see this: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

 

But see nothing...Any ideas of extensions to the above required on different releases of IOS perhaps?

Hello, I have configured and sent logs to external syslog (trap information). But the syslog only shows port up and down status. How is it possible that when configuration changes, that information is pushed to syslog?

Hello,

post your configuration, as well as the output of 'show logging'...

I config:

logging host x.x.x.x

logging traps information

!
archive
log config
logging enable
logging size 500
hidekeys
notify syslog
!

 

Review Cisco Networking for a $25 gift card