Monitor telnet from console.

Hello, I would like to monitor all the changes made on my router from telnet connexion on a console.

I tried the debug/loggind commands but I didn't find a way to log the command ligne.

does anyone got an idea ???

Thaks.

Thierry

Reply to
Thierry
Loading thread data ...

on a console.

You need, in addition to your "debug" or "logging" commands, the following: terminal monitor

Regards, Christoph Gartmann

Reply to
Christoph Gartmann

connexion on a console.

AFAIK you cannot do what I think you are trying to accomplish.

You could setup alocal login for each administrator and when they do a write mem it will show the userid who made change that will go to syslog and you could setup a syslogserver to capture that if you do not have it already setup

For local authentication

line vty 0 4 ! or whatever the highest VTY line number is on the box login local

username admin1 secret letmein username admin2 secret letmeout

logging buffer 10000 debug ! setup internal syslog buffer for quick checks of log

Reply to
Merv

Hi Christoph,

What I want to do is that is someone get a telnet connexion to my cisco and then do (for exemple): "conf t int eth0 ip address 192.168.3.2 255.255.255.0"

I want to log those lines somewhere....

on a console.

You need, in addition to your "debug" or "logging" commands, the following: terminal monitor

Regards, Christoph Gartmann

Reply to
Thierry

Pk thanks for your answer. Thierry

connexion on a console.

AFAIK you cannot do what I think you are trying to accomplish.

You could setup alocal login for each administrator and when they do a write mem it will show the userid who made change that will go to syslog and you could setup a syslogserver to capture that if you do not have it already setup

For local authentication

line vty 0 4 ! or whatever the highest VTY line number is on the box login local

username admin1 secret letmein username admin2 secret letmeout

logging buffer 10000 debug ! setup internal syslog buffer for quick checks of log

Reply to
Thierry

then do (for exemple):

IIRC I believe that this can be done with a TACACS server. I do not know any details however I recall seeing it done once.

Reply to
anybody43

I don't think Cisco logs individual configuration commands anywhere. There's a log message when they do "write mem" to save the configuration changes, but it doesn't list the individual changes.

I suggest you do your router configurations using config files that are downloaded to the routers, and use a version control system on the file server.

Reply to
Barry Margolin

~ In article , ~ Thierry wrote: ~ ~ > What I want to do is that is someone get a telnet connexion to my cisco and ~ > then do (for exemple): ~ > "conf t ~ > int eth0 ~ > ip address 192.168.3.2 255.255.255.0" ~ > ~ > I want to log those lines somewhere... ~ ~ I don't think Cisco logs individual configuration commands anywhere. ~ There's a log message when they do "write mem" to save the configuration ~ changes, but it doesn't list the individual changes.

EEM (Embededded Event Manager) can do this, I'm reasonably sure.

formatting link
I have't played with it, but it contains a "CLI Event Detector" which can detect when some CLI command is executed. At that point it can spring into action, where that action can include doing such things as: writing a syslog message, sending an email, or flagging down a passing motorist.

Cheers,

Aaron

Reply to
Aaron Leonard

Apparently Cisco has added a feature to log configuration changes

Configuration Change Notification and Logging

Releases of Cisco IOS software prior to 12.3(4)T/12.2(25)S lack the ability to track the origin of changes to the running configuration. The only way to determine if a Cisco IOS software configuration has been changed is to pull the running and startup configurations offline and do a line-by-line comparison. This comparison will identify all the changes that have occurred between the two configurations, but it will not specify the sequence in which the changes occurred or the person responsible for the changes.

The Configuration Change Notification and Logging (Configuration Logging) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing a configuration log. The configuration log will track each configuration command that is applied, who applied the command, the parser return code for that command, and the time that the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes.

This is something people have wanted for years !!!

Reply to
Merv

TACACS accounting logs every command entered by every user. We use to figure out who changed what when the fecal matter hits the rotating air disturbance device.

Scott

Reply to
thrill5

Thank you all for your answers...

Thierry

TACACS accounting logs every command entered by every user. We use to figure out who changed what when the fecal matter hits the rotating air disturbance device.

Scott

Reply to
Thierry

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.