Are you saying that if I use those commands, I can then see the date/time of the changes when I do 'show archive log config all'?

Or would that only apply to the 'show logging'?

Ideally, I'd like to avoid using the 'show archive log'.  If possible, I'd love to see those details in the normal 'show logging' view. Currently, we can only see when ports go up and down, when an account logs in and basic things like that...and when the account makes a change, it only shows up sort of like 'SYS-5-CONFIG_I: Configured from console by forescout on vty0 (x.x.x.x)'  We get no details on the actual command that was entered. If there was a way to show the actual commands that were entered in the 'show logging' view, that's really all I need.

Example of what we see now in the show logging::
Sep 30 22:41:24.456: %SYS-5-CONFIG_I: Configured from console by forescout on vty0 (x.x.x.x)
Sep 30 22:41:25.325: %SYS-5-CONFIG_I: Configured from console by forescout on vty0 (x.x.x.x)
Sep 30 22:41:27.107: %LINK-5-CHANGED: Interface GigabitEthernet1/0/8, changed state to administratively down
Sep 30 22:41:28.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/8, changed state to down
Sep 30 22:41:30.927: %SYS-5-CONFIG_I: Configured from console by forescout on vty0 (x.x.x.x)
Sep 30 22:41:32.717: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/8, changed state to down
Sep 30 22:41:36.852: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/8, changed state to up
Sep 30 22:41:37.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/8, changed state to up

I believe in the show logging command but need to run the command and check

We do have the logs sent to a server to store these (I think it's in our SolarWinds product), but I personally haven't gone looking for those in SolarWinds but I suspect it'll just show the generic info that's in the 'show logging' view. Maybe it does show more, but I'd have to find out from others on my team. My idea was just to make it so I could quicky check the switch to see what's going on if I had all the details I needed there, rather than going somewhere else to look for it. It's just quicker/easier to find it on the switch if it's not a big project and just a simple issue of me wanting to see what's been changed very recently in the switch and only need to look at the switch to find what I need. If possible.

I agree it would be easier to just check it all in one place but I didnt see any other config related to the archive command when configuring it. I saw a forum entry from 2020 and it was asking/complaining about the same thing so I dont believe that feature has been implemented. 

As far as the generic info from logging I believe you are correct. I was alluding to more AAA logging. If I understand it the Accounting is the commands entered by an account if AAA is configured. You may be able to parse those logs/debugs either on the device or where AAA logging is sent, again if configured.

-David

That looks like what I need. I'll give it a try.  Thanks

OK, this worked and gets me the basics of what I want to see, but adding that command 'notify syslog' seems to have reset something with regarding to showing the date and time in the 'show logging' command. Here's an example of what it's showing now. How can I correct that? Notice how it shows '1y9w' instead of a date and time.  Before that change, the 'show logging' view would start each line with the date and time, for example: Oct 2 13:50:24.019:

Also, this won't interfere with anything we already had configured to send logs to our SolarWinds servers, will it? Just want to make sure I don't break that. 

1y9w: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin1 logged command:interface GigabitEthernet1/0/40
1y9w: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin1 logged command:shutdown
1y9w: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin1 logged command:no shutdown