Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Remote logging of user activity

Remote logging of user activity 9 years 6 months ago #21831

  • panosv
  • panosv's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
I want to log user activity of a cisco router (telnet login/logout/errors, if possible commands executed) to a remote syslog server (linux box).

I tried
[code:1]
logging host 192.168.0.1
logging trap x
[/code:1]
but all that get logged is various messages about debugging messages about acls etc.

Is there a way to have the user activity remotely logged?
The administrator has disabled public write access.

Re: Remote logging of user activity 9 years 6 months ago #21855

  • semper
  • semper's Avatar
  • Offline
  • Frequent Member
  • Posts: 39
  • Karma: 0
You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.
The administrator has disabled public write access.

Re: Remote logging of user activity 9 years 6 months ago #21976

  • lomaree
  • lomaree's Avatar
  • Offline
  • Frequent Member
  • Posts: 21
  • Karma: 0
hi,

do the following

install any syslog server on windows machine e.g. solarwinds syslog or kiwi syslog deamon

on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on

what it will do is that any one logging in on using telnet or ssh to firewall and issusing any command will be logged in also all informational messages e.g. who is accessing what etc etc will be logged in.

HTH.
The administrator has disabled public write access.

Re: Remote logging of user activity 9 years 6 months ago #22026

  • panosv
  • panosv's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
on the firewall:
#logging host inside 192.168.1.1
#logging trap informational
#logging on
This is about a router not a firewall. It doesn't support "inside". It goes just "logging host w.x.y.z" but the syslog server doesn't get the messages I want, no matter what trap level I used.
You will need to setup a radius server, enable AAA, and configure accounting on your cisco devices to log what commands are executed by users on your cisco devices.
That should work but it is more complicated than I want (=I don't know how to do it :shock:)
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup