[logs] Re: Syslog the 'enable command'

From: Gabriel Friedmann (log_gabe@private)
Date: Tue Nov 07 2006 - 07:29:13 PST


Ron,

In our environment, we have our network equipment using a TACACS+ server. 
This is used for centralized authentication to the equipment and has a
side benefit of logging every command executed.

Depending on your TACACS+ implementation, you may forward all this to a
flat file or a syslog server.  Then you are free to set alerts for certain
behavior.

I hope that helps you.

-- Gabriel Friedmann


On Mon, November 6, 2006 2:25 pm, Clayton Dukes \(cdukes\) wrote:
> No,
> Only thing you get is when someone exits out of enabled mode.
>
>
>
> -----Original Message-----
> From: loganalysis-bounces+cdukes=cisco.com@private
> [mailto:loganalysis-bounces+cdukes=cisco.com@private] On Behalf
> Of Ron Widlewski
> Sent: Monday, November 06, 2006 9:08 AM
> To: loganalysis@private
> Subject: [logs] Syslog the 'enable command'
>
>
> Is there a procedure to (unix) syslog the use of the Cisco "enable"
> command when used on any Cisco device ?
>
>
>
>
>
> ************************************************************************
> ****
> Confidentiality Notice:
> This e-mail message, any attachment, and the information therein is
> confidential, intended only for the named recipient(s), and may contain
> material that is proprietary, privileged, or otherwise private under
> applicable law.  If you have received this message in error, or are not a
> named recipient:
>
> (1) You are advised that any disclosure, copying, distribution or use of
> this e-mail, or the information in its content, is strictly prohibited; (2)
> We ask you immediately to notify the sender by return e-mail or
> contact Third Federal at 1-888-THIRD-FED (1-888.844-7333); (3) We instruct
> you to delete this e-mail message and any attachment from your computer.
>
> Thank you.
> ************************************************************************
> ****
>
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
>


_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Tue Nov 07 2006 - 12:14:30 PST