enable cli command logging howto

Hi All: Is there a way to log all the cli commands typed in from the console? Thanks tudalat

Reply to
tudalat wong
Loading thread data ...

The easiest way is to setup a TACACS server on a machine and have it authorize every command line sent through for your logins. You can log every command then with the aaa config section.

You may be able to do some sort of EMM function to do this, but you'll have to think about how to get the data off the router to something that logs then.

Its not a typical setup. Ie. my setup is to have RANCID run every so often and capture the config for archiving, which includes the last user's username who wrote out the config, which is totaly sufficient for audit purposes, config changes don't happen very often at all anyway.

Reply to
Doug McIntyre

| Hi All: | Is there a way to log all the cli commands typed in from the console? | Thanks

I've noticed that crash dump files often include every CLI command (and every configuration command) executed since the router last booted. That suggests that they are already being logged somewhere; it's just a matter of getting at the data. Maybe there is a way to generate a dump without actually crashing?

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani

This works too -

conf t

logging buffered 20000

event manager applet CLIaccounting event cli pattern ".*" sync no skip no action 1.0 syslog priority informational msg "$_cli_msg" set 2.0 _exit_status 1

Above config logs to the local logging buffer as displayed by sh log. Will also I would suppose log to a configured syslog server.

May be Feature Set dependant.

Works for sure on (C870-ADVIPSERVICESK9-M), Version 12.4(15)T7

I think there is another method of configuring logging to the logging buffer too but I forget what it is.

Reply to
bod43

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.