Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
2
Replies

Syslog

PooriGoudarzi35482
Level 1
Level 1

‎09-27-2020 06:14 AM

Hiiii

I have set up a syslog server to my 3850 switch and everything works fine and I get the configuration changes command'log on my syslog server but i'm looking forward to know if there is a way to log and archive the commands that enters on privileged EXEC mode like global config?!?!?!

 

Thanks

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-27-2020 08:25 AM

Don't believe such can be sent to syslog, but I may be mistaken.

I do know, such logging can be done using AAA and TACACS (possibly RADIUS too).

0 Helpful

Georg Pauwen
VIP
VIP

‎09-27-2020 10:13 AM

Hello,

 

a workaround would be the below. Let's say you want to generate a syslog message whenever the 'show run' exec command is executed.

 

You create an EEM script that generates a syslog message whenever a specified CLI pattern ('show run' in this case) is being detected:

 

event manager applet SHOW-RUN
event cli pattern "show run" sync no skip no
action 1.0 syslog msg "show run has been executed"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card