web console config change logging

Is there possible to configure somehow syslog logging after user has been configured Cisco IOS device using Web console such as Cisco SDM? I mean on syslog message 'configured from...by...' that is generated after you quit configuration mode using telnet or console.

I wish to know whether my rookie admins (and which one) changed my router or switch config with the web console...Any idea? Unfortunatelly, I'm using RADIUS (MS IAS) instead of TACACS+ such as Cisco ACS (money problems, etc:) )

B.R. Igor

Reply to
Igor Mamuzic
Loading thread data ...

In article , Igor Mamuzic wrote: :Is there possible to configure somehow syslog logging after user has been :configured Cisco IOS device using Web console such as Cisco SDM? I mean on :syslog message 'configured from...by...' that is generated after you quit :configuration mode using telnet or console.

:I wish to know whether my rookie admins (and which one) changed my router or :switch config with the web console...Any idea?

Give them distinct accounts, with the privilege they need and different passwords. Then the account name of the one who logged in would be the one displayed.

Reply to
Walter Roberson

Walter, thanks for the answer, I thought to do so,but they need to have level 15 privileges. If I reduce them privilege level are they will be able to connect to the routers with SDM since SDM requires privilege level 15 account? Or I can change it somehow?

B.R. Igor

Reply to
Igor Mamuzic

In article , Igor Mamuzic wrote: :Walter, thanks for the answer, I thought to do so,but they need to have :level 15 privileges. :If I reduce them privilege level are they will be able to connect to the :routers with SDM since SDM requires privilege level 15 account? Or I can :change it somehow?

I haven't checked IOS, but in PIX "modeled after IOS", you can have multiple users with level 15 privileges. In PIX, you can also alter the privilege required for particular command using the "privilege" command. The documentation implies there is an IOS equivilent.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.