|
web console config change logging
Is there possible to configure somehow syslog logging after user has been
configured Cisco IOS device using Web console such as Cisco SDM? I mean on syslog message 'configured from...by...' that is generated after you quit configuration mode using telnet or console. I wish to know whether my rookie admins (and which one) changed my router or switch config with the web console...Any idea? Unfortunatelly, I'm using RADIUS (MS IAS) instead of TACACS+ such as Cisco ACS (money problems, etc:) ) B.R. Igor |
Re: web console config change logging
In article <dj6hbf$2ua$1@ss405.t-com.hr>, Igor Mamuzic <no@mail.xx> wrote:
:Is there possible to configure somehow syslog logging after user has been :configured Cisco IOS device using Web console such as Cisco SDM? I mean on :syslog message 'configured from...by...' that is generated after you quit :configuration mode using telnet or console. :I wish to know whether my rookie admins (and which one) changed my router or :switch config with the web console...Any idea? Give them distinct accounts, with the privilege they need and different passwords. Then the account name of the one who logged in would be the one displayed. -- I am spammed, therefore I am. |
Re: web console config change logging
Walter, thanks for the answer, I thought to do so,but they need to have
level 15 privileges. If I reduce them privilege level are they will be able to connect to the routers with SDM since SDM requires privilege level 15 account? Or I can change it somehow? B.R. Igor "Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message news:dj6ljr$e9s$1@canopus.cc.umanitoba.ca... > In article <dj6hbf$2ua$1@ss405.t-com.hr>, Igor Mamuzic <no@mail.xx> wrote: > :Is there possible to configure somehow syslog logging after user has been > :configured Cisco IOS device using Web console such as Cisco SDM? I mean > on > :syslog message 'configured from...by...' that is generated after you quit > :configuration mode using telnet or console. > > :I wish to know whether my rookie admins (and which one) changed my router > or > :switch config with the web console...Any idea? > > Give them distinct accounts, with the privilege they need and > different passwords. Then the account name of the one who logged in > would be the one displayed. > -- > I am spammed, therefore I am. |
Re: web console config change logging
In article <dj93rq$t07$1@ss405.t-com.hr>, Igor Mamuzic <no@mail.xx> wrote:
:Walter, thanks for the answer, I thought to do so,but they need to have :level 15 privileges. :If I reduce them privilege level are they will be able to connect to the :routers with SDM since SDM requires privilege level 15 account? Or I can :change it somehow? I haven't checked IOS, but in PIX "modeled after IOS", you can have multiple users with level 15 privileges. In PIX, you can also alter the privilege required for particular command using the "privilege" command. The documentation implies there is an IOS equivilent. -- "It is important to remember that when it comes to law, computers never make copies, only human beings make copies. Computers are given commands, not permission. Only people can be given permission." -- Brad Templeton |
| All times are GMT. The time now is 01:52 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.