Skip to main content

Remote logging of user activity

More
17 years 7 months ago #21831 by panosv
I want to log user activity of a cisco router (telnet login/logout/errors, if possible commands executed) to a remote syslog server (linux box).

I tried
[code:1]
logging host 192.168.0.1
logging trap x
[/code:1]
but all that get logged is various messages about debugging messages about acls etc.

Is there a way to have the user activity remotely logged?
More
17 years 7 months ago #21855 by semper
You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.
More
17 years 6 months ago #21976 by lomaree
hi,

do the following

install any syslog server on windows machine e.g. solarwinds syslog or kiwi syslog deamon

on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on

what it will do is that any one logging in on using telnet or ssh to firewall and issusing any command will be logged in also all informational messages e.g. who is accessing what etc etc will be logged in.

HTH.
More
17 years 6 months ago #22026 by panosv

on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on

This is about a router not a firewall. It doesn't support "inside". It goes just "logging host w.x.y.z" but the syslog server doesn't get the messages I want, no matter what trap level I used.

You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.

That should work but it is more complicated than I want (=I don't know how to do it :shock:)
Time to create page: 0.121 seconds