- Posts: 3
- Thank you received: 0
Remote logging of user activity
17 years 7 months ago #21831
by panosv
Remote logging of user activity was created by panosv
I want to log user activity of a cisco router (telnet login/logout/errors, if possible commands executed) to a remote syslog server (linux box).
I tried
[code:1]
logging host 192.168.0.1
logging trap x
[/code:1]
but all that get logged is various messages about debugging messages about acls etc.
Is there a way to have the user activity remotely logged?
I tried
[code:1]
logging host 192.168.0.1
logging trap x
[/code:1]
but all that get logged is various messages about debugging messages about acls etc.
Is there a way to have the user activity remotely logged?
17 years 7 months ago #21855
by semper
James
www.securitygeek.net
Replied by semper on topic Re: Remote logging of user activity
You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.
James
www.securitygeek.net
17 years 6 months ago #21976
by lomaree
Replied by lomaree on topic Re: Remote logging of user activity
hi,
do the following
install any syslog server on windows machine e.g. solarwinds syslog or kiwi syslog deamon
on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on
what it will do is that any one logging in on using telnet or ssh to firewall and issusing any command will be logged in also all informational messages e.g. who is accessing what etc etc will be logged in.
HTH.
do the following
install any syslog server on windows machine e.g. solarwinds syslog or kiwi syslog deamon
on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on
what it will do is that any one logging in on using telnet or ssh to firewall and issusing any command will be logged in also all informational messages e.g. who is accessing what etc etc will be logged in.
HTH.
17 years 6 months ago #22026
by panosv
Replied by panosv on topic Re: Remote logging of user activity
This is about a router not a firewall. It doesn't support "inside". It goes just "logging host w.x.y.z" but the syslog server doesn't get the messages I want, no matter what trap level I used.on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on
That should work but it is more complicated than I want ( don't know how to do it :shock:)You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.
Time to create page: 0.121 seconds