Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1667
Views
15
Helpful
3
Replies

logging persistent and log file altering?

j.leinonen
Level 1
Level 1

‎01-28-2021 05:44 AM

Hi,

I'm trying to figure out that can I prevent log files altering in Cisco switch?

I'm using logging persistent to put syslog messages to flash:/syslogtest1/

 

What does actually that "protected " means? I just cannot find any detailed documentation about that?

Switch(config)#logging persistent ?
---Clip---

protected Eliminates manipulation on logging-persistent files.

 

I still can manipulate log file example with tclsh, so is it really "protected"?

Switch#tclsh
Switch(tcl)#puts [open "flash:/syslogtest1/log_20110330-012741" a+] {
+>test1
+>}
Switch(tcl)#tclquit

Switch#more flash:/syslogtest1/log_20110330-012741
---Clip---
Mar 30 01:40:20.882: %SYS-5-CONFIG_I: Configured from console by testuser on console
Mar 30 02:01:30.347: %SYS-5-CONFIG_I: Configured from console by testuser on console
test1
Switch#

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-28-2021 06:33 AM

I have never used it . but i agree with your comments.

 

here is the document :  ( the syntax not mentioned to use flash ? )

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#wp8708534740

 

This is good use case - will do some test and get back to you. (as long you have admin rights you can able to edit or decrypt).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000
Hall of Fame
Hall of Fame

‎01-28-2021 06:36 AM

 

 - -Ref : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html

                Following an example in that document I think it more relates to protect file-space , rather then file-protection.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

j.leinonen
Level 1
Level 1

‎01-30-2021 06:48 AM

Thanks for the replies.

I missed to check  command from that documentation, that helps to understand "protected" better.

I assume that if you have privilege EXEC level you can delete and alter log files, so in Cyber security vise you cannot block that from privilege user, unless TACAS+ is in use where you give permissions to different commands.

 

Br.

Jari

0 Helpful
Customers Also Viewed These Support Documents