Audit Logging Commands
  • 23 Aug 2024
  • 4 Minutes to read
  • Contributors
  • PDF

Audit Logging Commands

  • PDF

Article summary

The Audit Log is a security application utilized by security personnel to compile an accurate risk assessment; a chronological record of system activities. By using this feature, security personnel can know what is ongoing or being attempted, by whom, where it is happening, or even when it occurred. This is achievable because all configurations performed on the system are being recorded.

Audit Logging CLI commands are categorized as follows:


Notes: The maximum command length supported for audit-logging is 72.

A backup file, named auditlog.bkp, will be created automatically once the primary file reaches 100%; this filename cannot be renamed.

The default file size is 1048576 KB.


Enable and Disable Command

This section includes the Audit Logging enable and disable command.

audit-logging { enable | disable}

Command Objective:
This command enables or disables audit logging that allows users to configure the Audit Log. Logging occurs inside the unit and the audit file is stored inside the unit's flash; it will be rewritten if the file size and the backup file both exceed their capacity.

The following information is found inside the audit log:

< Username>
< CLI/SNMP/NETCONF Command) >
< Status (SUCCESS/FAILURE) >
< Manager IP Address (if any) >
< Timestamp >

No syslog message is logged inside the audit log as these are two different files.

Syntax:
audit-logging { enable | disable}

Parameter Description:

  • enable - Enables audit logging
  • disable - Disables audit logging

Mode:
Global Configuration Mode

Default:
Disabled

Example:

Your Product(config)# audit-logging  enable

Configuration Commands

This section includes Audit Logging configuration commands.


Notes: The required privilege level for audit-logging configuration commands is 12.

Ensure that the audit file is secure; the audit file should be access protected so that only the audit subsystem can access it.


audit-logging filename

Command Objective:
This command configures the file name to the audit log file. When the new file name is configured, the audit logging will occur in the new file name that has been configured. The maximum string value of the file name is 128.

Syntax:
audit-logging filename

Mode:
Global Configuration Mode

Default:
auditlog.txt

Example:

Your Product(config)# audit-logging filename srv.txt

audit-logging filesize

Command Objective:
This command specifies the maximum file size (of the auditlog.txt file, in kilobytes) of the audit file which is a fixed file size in the disk file system.

The size of the file determines the number of messages that can be stored on the disk before a wraparound occurs.

This value ranges from 1024 to 1048576.

Syntax:
audit-logging filesize <filesize(1024-1048576)>

Mode:
Global Configuration Mode

Default:
1048576

Example:

Your Product(config)# audit-logging filesize 1025

audit-logging logsize-threshold

Command Objective:
This command configures the threshold value of the log storage space with respect to the maximum storage space size. The threshold value in percentage ranges between 1 and 99.

When the file size reaches the threshold value, an SNMP trap will be sent to notify the administrator about the threshold being exceeded.

Syntax:
audit-logging logsize-threshold <threshold in %(1-99)>

Mode:
Global Configuration Mode

Default:

threshold in % - 70

Example:

Your Product(config)# audit-logging logsize-threshold 99

audit-logging reset

Command Objective:
This command is used to erase the contents in the auditlog.txt file.

Syntax:
audit-logging reset

Mode:
Global Configuration mode

Example:

Your Product(config)# audit-logging reset

Display Commands

This section includes Audit Logging display commands.


Note: The required privilege level for audit-logging display commands is 1.

show audit

Command Objective:
This command displays the content of the audit-log file.

Syntax:
show audit [filestat]

Parameter Description:

  • filestat – Displays rollover counter and number of messages received.

Mode:
Privileged EXEC Mode

Example:

Your Product# show audit
Audit:root audit-logging reset SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root default rm-interface int1 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root vrf unq-mac enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root internal-lan 1 add interface virtual 1 FAILURE CONSOLE Mon Jul 8 17:06:29 2024

Audit:root set entity physical-index 2222222 asset-id 8 serial-number 7 alias-name  FAILURE CONSOLE Mon Jul 8 17:06:29 2024

Audit:root web-session timeout 120 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root automatic-port-create enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root automatic-port-create disable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root traffic-separation control system_default SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root end SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root configure terminal SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root interface gigabitethernet 0/3 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

show config log

Command Objective:
This command displays Information related to Audit Logging.

Syntax:
show config log

Mode:
Privileged EXEC Mode

Example:

Your Product# show config log
Audit Status     :  Enabled

Audit File Name  :  config.text

 Audit File Size   :  1025

 Audit Log Size Threshold : 70

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.