No announcement yet.

Configure router audit & logging (not only enabling)

  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure router audit & logging (not only enabling)

    Hello everyone,

    I'm having some troubles finding a guide or document on how to enable
    audit in routers.

    I've read the Cisco IOS System Messages Guide vol 1 & 2, for version
    12.4 (which is the one I'm running on my router).

    In that guide you can find all messages with their explanation.

    I turned on logging on my router correctly and I'm sending everything
    to a syslog server.
    The logging trap level is set to debug, so I'm also getting every
    lower level.

    The router is sending messages, for example, for facility codes SYS,

    As soon as I turned on logging I started to get SYS, LINK and
    LINEPROTO messages, but to get the SEC messages I had to turn on
    logging on each ACL by adding the keyword "log" or "log-input".
    Something similar happens with PARSER messages (which is logging every
    command run by any user). I had to configure this by running commands:
    log config
    logging enable
    logging size 200
    notify syslog

    I've seen somewhere that if I use AAA accounting I can get messages
    even if I don't have TACACS+ server. Is that correct? Does anyone know
    how can I log AAA events to the syslog?

    In the "System Messages Guide" I find a lot of facility codes that I
    don't get on my syslog server.

    Does anyone know if there is any cisco guide that explains how to
    audit everything on a router?
    And I don't mean "how to enable logging", because I've done that and I
    know there is a guide for that.
    I want to know how to get all messages that are on the "System Message
    Guide" on my syslog.

    I've also read the "Cisco IOS Security Configuration Guide" and I
    haven't found a clear explanation to enable "full system logging".

    Thanks in advance!