Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
5
Helpful
2
Replies

logging issue

Go to solution
Ma'moun Mohammad shanableh
Level 1
Level 1

‎04-08-2012 04:24 AM - edited ‎03-07-2019 06:01 AM

Dear all,

good day, i have a customer who installed ArchSight logging server in his network.

the question is, can i send this server logs that contains the executed commands on the switch (same as accounting on the ACS), as there is a firewall wich sends the accounting logs to the server?

i have already enabled the logging on the switch as follows.

logging enable

logging trap informational

logging host x.x.x.x

but it is only showing the TCP openings and closings.

any idea.

thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎04-08-2012 05:43 AM

Hi Mohmmad,

This feature is configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

View solution in original post

2 Replies 2

Go to solution
Vasileios Bouloukos MSc, ITIL, CCIE
Level 3
Level 3

‎04-08-2012 05:43 AM

Hi Mohmmad,

This feature is configured under the archive configuration mode with the log config command and notify syslog to enable

the sending of notifications of configuration changes to your remote syslog.

The configuration could be the next

archive

log config

  logging enable 50

  notify syslog

  hidekeys

If you need to log all the commands and not only the config commands then the following configuration should be

executed on the router.

event manager applet CLIaccounting

event cli pattern ".*" sync no skip no

action 1.0 syslog priority informational msg "$_cli_msg"

set 2.0 _exit_status

Read the next link for more details

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

Hope that helps!

Vasilis

Go to solution
Ma'moun Mohammad shanableh
Level 1
Level 1
In response to Vasileios Bouloukos MSc, ITIL, CCIE

‎04-08-2012 06:29 AM

Dear Vasileios Bouloukos,

thank you very much for your reply, it worked finally.

cheers

0 Helpful
Customers Also Viewed These Support Documents