I need enabled audit logging in ERS4900/5900 series, but I not sure if the only option available is enabling enhanced secure mode on switches which is no option due to all changes that introduces in users and password management. Any idea?
Best answer by Todd Hancock
It is automatic.
From the Security manual:
A special area of flash memory reserved for CLI audit stores the command history. Access to this
area is read-only. When you enable remote logging, the audit message is also forwarded to a
remote syslog server, no matter the logging level.
I have always seen the audit log entries on our syslog server.