[c-nsp] Check command history on CISCO
Maarten Carels
lists at carels.info
Wed Sep 22 05:07:34 EDT 2010
On 22 Sep 2010, at 10:45 , vijay gore wrote:
> On Wed, Sep 22, 2010 at 1:59 PM, Maarten Carels <lists at carels.net> wrote:
>
>> On 22 Sep 2010, at 10:20 , vijay gore wrote:
>>
>>> HI,
>>>
>>> I want to check which command's are executed on cisco router in last
>>> two days . how to do that .
>>
>> Rewind time 2 days.
>> Install TACACS+ server, activate accounting
>>
> kindly send me complete procedure ..
Which one?
Time rewind I don't know
Install TACACS+:
get some unix box (BSD, Linux, Solaris, whatever)
install tacacs+ (get it from http://www.shrubbery.net/tac_plus/)
configure tacacs server (edit it's config file, and be sure to make it log the accountinmg records). The shrubbery.net site has lots of examples and documentation.
config tacacs on your cisco with something like:
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
tacacs-server host <ip address of tacacs server>
tacacs-server key <same as in tacacs config>
ip tacacs source-interface lo0
This way you authenticate by means of tacacs (everyone uses a username/password, not a common password for everyone)
and your tacacs server logs all commands of levels 0, 1, 15 (0&1 are normal ones, 15 is enable mode).
Hope this helps
--maarten
More information about the cisco-nsp
mailing list