- Print
- PDF
The Audit Log is a security application utilized by security personnel to compile an accurate risk assessment; a chronological record of system activities. By using this feature, security personnel can know what is ongoing or being attempted, by whom, where it is happening, or even when it occurred. This is achievable because all configurations performed on the system are being recorded.
Audit Logging CLI commands are categorized as follows:
Notes: The maximum command length supported for audit-logging is 72.
A backup file, named auditlog.bkp, will be created automatically once the primary file reaches 100%; this filename cannot be renamed.
The default file size is 1048576 KB.
Enable and Disable Command
This section includes the Audit Logging enable and disable command.
audit-logging { enable | disable}
Command Objective:
This command enables or disables audit logging that allows users to configure the Audit Log. Logging occurs inside the unit and the audit file is stored inside the unit's flash; it will be rewritten if the file size and the backup file both exceed their capacity.
The following information is found inside the audit log:
< Username>
< CLI/SNMP/NETCONF Command) >
< Status (SUCCESS/FAILURE) >
< Manager IP Address (if any) >
< Timestamp >
No syslog message is logged inside the audit log as these are two different files.
Syntax:
audit-logging { enable | disable}
Parameter Description:
- enable - Enables audit logging
- disable - Disables audit logging
Mode:
Global Configuration Mode
Default:
Disabled
Example:
Your Product(config)# audit-logging enable
Configuration Commands
This section includes Audit Logging configuration commands.
Notes: The required privilege level for audit-logging configuration commands is 12.
Ensure that the audit file is secure; the audit file should be access protected so that only the audit subsystem can access it.
audit-logging filename
Command Objective:
This command configures the file name to the audit log file. When the new file name is configured, the audit logging will occur in the new file name that has been configured. The maximum string value of the file name is 128.
Syntax:
audit-logging filename
Mode:
Global Configuration Mode
Default:
auditlog.txt
Example:
Your Product(config)# audit-logging filename srv.txt
audit-logging filesize
Command Objective:
This command specifies the maximum file size (of the auditlog.txt file, in kilobytes) of the audit file which is a fixed file size in the disk file system.
The size of the file determines the number of messages that can be stored on the disk before a wraparound occurs.
This value ranges from 1024 to 1048576.
Syntax:
audit-logging filesize <filesize(1024-1048576)>
Mode:
Global Configuration Mode
Default:
1048576
Example:
Your Product(config)# audit-logging filesize 1025
audit-logging logsize-threshold
Command Objective:
This command configures the threshold value of the log storage space with respect to the maximum storage space size. The threshold value in percentage ranges between 1 and 99.
When the file size reaches the threshold value, an SNMP trap will be sent to notify the administrator about the threshold being exceeded.
Syntax:
audit-logging logsize-threshold <threshold in %(1-99)>
Mode:
Global Configuration Mode
Default:
threshold in % - 70
Example:
Your Product(config)# audit-logging logsize-threshold 99
audit-logging reset
Command Objective:
This command is used to erase the contents in the auditlog.txt file.
Syntax:
audit-logging reset
Mode:
Global Configuration mode
Example:
Your Product(config)# audit-logging reset
Display Commands
This section includes Audit Logging display commands.
Note: The required privilege level for audit-logging display commands is 1.
show audit
Command Objective:
This command displays the content of the audit-log file.
Syntax:
show audit [filestat]
Parameter Description:
- filestat – Displays rollover counter and number of messages received.
Mode:
Privileged EXEC Mode
Example:
Your Product# show audit
Audit:root audit-logging reset SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root default rm-interface int1 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root vrf unq-mac enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root internal-lan 1 add interface virtual 1 FAILURE CONSOLE Mon Jul 8 17:06:29 2024
Audit:root set entity physical-index 2222222 asset-id 8 serial-number 7 alias-name FAILURE CONSOLE Mon Jul 8 17:06:29 2024
Audit:root web-session timeout 120 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root automatic-port-create enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root automatic-port-create disable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root traffic-separation control system_default SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root end SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root configure terminal SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root interface gigabitethernet 0/3 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
show config log
Command Objective:
This command displays Information related to Audit Logging.
Syntax:
show config log
Mode:
Privileged EXEC Mode
Example:
Your Product# show config log
Audit Status : Enabled
Audit File Name : config.text
Audit File Size : 1025
Audit Log Size Threshold : 70
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks