02-25-2019 10:13 PM
Can EEM be used to track user creation on a switch?
Solved! Go to Solution.
02-26-2019 02:04 AM
02-26-2019 12:58 AM
02-26-2019 01:31 AM
An example would be when the command below is entered to create a user:
gss1.example.com(config)# username user_1 password newpwd
I would like to have logging log that a user User 1 has been created.
02-26-2019 02:04 AM
02-26-2019 03:52 AM
Very good stuff. Thanks!
02-26-2019 02:29 AM
Hello,
on a side note, you could compare the running to the startup config and have EEM notify you with an email displaying the username that has been added. It kind of builds on what Mark posted. If you enable the archving:
1. enable
2. configure terminal
3. archive
4. log config
5. logging enable
6. logging size entries
7. hidekeys
8. notify syslog
9. end
Each tme a user is added, it will generate a syslog message similar to this:
*Feb 26 09:52:28.129: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:!config: USER TABLE MODIFIED
You could use that to run an EEM script. The show archive command will show the difference between the startup and the running config and notify you by email
event manager applet USER_ADD
event syslog occurs 1 pattern "USER TABLE MODIFIED"
action 1.0 cli command "enable"
action 2.0 cli command "show archive config differences nvram:startup-config system:running-config | include username"
action 3.0 mail to "user@company.com" from "user@company.com" server "x.x.x.x" subject "User added:" body "$_cli_result"
02-26-2019 03:55 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: