Solved

ERS4900/5900 config audit logging

  • 19 October 2020
  • 3 replies
  • 62 views

Userlevel 1
Badge
  • Contributor
  • 25 replies

Hi folks!!

 

I need enabled audit logging in ERS4900/5900 series, but I not sure if the only option available is enabling enhanced secure mode on switches which is no option due to all changes that introduces in users and password management. Any idea?

 

Regards

EF

 

 

icon

Best answer by Todd Hancock 19 October 2020, 15:33

Hi EF,
It is automatic.
From the Security manual:
A special area of flash memory reserved for CLI audit stores the command history. Access to this
area is read-only. When you enable remote logging, the audit message is also forwarded to a
remote syslog server, no matter the logging level.

I have always seen the audit log entries on our syslog server.

View original

3 replies

Userlevel 1

Audit logging is enabled by default - command is : audit log save.
View the logs with command : show audit log.

Userlevel 1
Badge

Thanks Todd, I saw it but, how can i send it to syslog server?

 

Regards,

 

EF

 

 

Userlevel 1

Hi EF,
It is automatic.
From the Security manual:
A special area of flash memory reserved for CLI audit stores the command history. Access to this
area is read-only. When you enable remote logging, the audit message is also forwarded to a
remote syslog server, no matter the logging level.

I have always seen the audit log entries on our syslog server.

Reply