09-27-2020 06:14 AM
Hiiii
I have set up a syslog server to my 3850 switch and everything works fine and I get the configuration changes command'log on my syslog server but i'm looking forward to know if there is a way to log and archive the commands that enters on privileged EXEC mode like global config?!?!?!
Thanks
09-27-2020 08:25 AM
Don't believe such can be sent to syslog, but I may be mistaken.
I do know, such logging can be done using AAA and TACACS (possibly RADIUS too).
09-27-2020 10:13 AM
Hello,
a workaround would be the below. Let's say you want to generate a syslog message whenever the 'show run' exec command is executed.
You create an EEM script that generates a syslog message whenever a specified CLI pattern ('show run' in this case) is being detected:
event manager applet SHOW-RUN
event cli pattern "show run" sync no skip no
action 1.0 syslog msg "show run has been executed"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide