Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

enable cli command logging howto

3 views
Skip to first unread message

tudalat wong

unread,
Dec 18, 2009, 5:30:10 PM12/18/09
to
Hi All:
Is there a way to log all the cli commands typed in from the console?
Thanks
tudalat

Doug McIntyre

unread,
Dec 18, 2009, 7:05:41 PM12/18/09
to
tudalat wong <tud...@shaw.ca> writes:
> Is there a way to log all the cli commands typed in from the console?

The easiest way is to setup a TACACS server on a machine and have it
authorize every command line sent through for your logins. You can log
every command then with the aaa config section.

You may be able to do some sort of EMM function to do this, but you'll
have to think about how to get the data off the router to something
that logs then.

Its not a typical setup. Ie. my setup is to have RANCID run every so
often and capture the config for archiving, which includes the last
user's username who wrote out the config, which is totaly sufficient
for audit purposes, config changes don't happen very often at all anyway.

Dan Lanciani

unread,
Dec 19, 2009, 1:04:57 AM12/19/09
to

I've noticed that crash dump files often include every CLI command (and
every configuration command) executed since the router last booted.
That suggests that they are already being logged somewhere; it's just
a matter of getting at the data. Maybe there is a way to generate a
dump without actually crashing?

Dan Lanciani
ddl@danlan.*com

bod43

unread,
Dec 19, 2009, 5:34:17 PM12/19/09
to
On 19 Dec, 06:04, ddl@danlan.*com (Dan Lanciani) wrote:

> In article <SnTWm.78370$Zu5.29...@newsfe24.iad>, tuda...@shaw.ca (tudalat wong) writes:
>
> | Hi All:
> |  Is there a way to log all the cli commands typed in from the console?
> | Thanks
>
> I've noticed that crash dump files often include every CLI command (and
> every configuration command) executed since the router last booted.
> That suggests that they are already being logged somewhere; it's just
> a matter of getting at the data.  Maybe there is a way to generate a
> dump without actually crashing?

This works too -

conf t

logging buffered 20000

event manager applet CLIaccounting
event cli pattern ".*" sync no skip no
action 1.0 syslog priority informational msg "$_cli_msg"
set 2.0 _exit_status 1

Above config logs to the local logging buffer as displayed
by sh log. Will also I would suppose log to a configured
syslog server.

May be Feature Set dependant.

Works for sure on
(C870-ADVIPSERVICESK9-M), Version 12.4(15)T7

I think there is another method of configuring logging
to the logging buffer too but I forget what it is.

0 new messages