[c-nsp] Cisco logging commands

Mackinnon, Ian Ian.Mackinnon at atosorigin.com
Mon Dec 7 06:00:03 EST 2009


Ah OK I understand you now.

 

Try

http://blog.ioshints.info/2006/11/cli-command-logging-without-tacacs.html

 

Not used it myself.

 

Ian

 

From: Henry-Nicolas Tourneur [mailto:hntourneur at autempspourmoi.be] 
Sent: 07 December 2009 10:46
To: Mackinnon, Ian
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco logging commands

 

With that command, I only log commands used in configure mode (or that's why I got as a result, using the same config as you typed below), 
I also would like to log command used in enable mode.

Any idea ?

Le lundi 07 décembre 2009 à 10:31 +0000, Mackinnon, Ian a écrit : 

 
Archive commands?
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.
html
 
 
SUMMARY STEPS
 
1. enable
 
2. configure terminal
 
3. archive
 
4. log config
 
5. logging enable
 
6. logging size entries
 
7. hidekeys
 
8. notify syslog
 
9. end
 
Needs an IOS that supports it.
 
Ian
 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Henry-Nicolas Tourneur
> Sent: 07 December 2009 09:44
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco logging commands
> 
> Hi,
> 
> We are currently changing our servers and we are going to get rid of
> our
> old Tacacs+ server. The new AAA server is based on Radius
> (freeradius/debian).
> 
> The problem is that IOS can't log commands (enable and configure) into
> Radius.
> I found that functionality to work around that problem :
> 
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/rele
> ase/12.2_46_se/configuration/guide/swlog.html
> 
> But the problem is that it's only logging configure commands to
syslog,
> not enable, that's not enough for me.
> 
> So the question is : any idea about how to get IOS to log enable
> commands into syslog ? or how to use Radius accounting for commands ?
> What are the possibilities without Tacacs+ ?
> 
> TIA.
> 
> --
> Henry-Nicolas Tourneur
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
 
 
_______________________________________________________
 
Atos Origin and Atos Consulting are trading names used by the Atos Origin group.  The following trading entities are registered in England and Wales:  Atos Origin IT Services UK Limited (registered number 01245534) and Atos Consulting Limited (registered number 04312380).  The registered office for each is at 4 Triton Square, Regents Place, London, NW1 3HG.The VAT No. for each is: GB232327983
 
This e-mail and the documents attached are confidential and intended solely for the addressee, and may contain confidential or privileged information.  If you receive this e-mail in error, you are not authorised to copy, disclose, use or retain it.  Please notify the sender immediately and delete this email from your systems.   As emails may be intercepted, amended or lost, they are not secure.  Atos Origin therefore can accept no liability for any errors or their content.  Although Atos Origin endeavours to maintain a virus-free network, we do not warrant that this transmission is virus-free and can accept no liability for any damages resulting from any virus transmitted.   The risks are deemed to be accepted by everyone who communicates with Atos Origin by email. 
_______________________________________________________
 
 

 



More information about the cisco-nsp mailing list