.svg?sv=2022-11-02&spr=https&st=2024-11-08T11%3A51%3A39Z&se=2024-11-08T12%3A01%3A39Z&sr=c&sp=r&sig=jEdXD3Kf%2BGzUoP4AQMwsjrCdqnBufpPBcZO0JZq7Xzg%3D){kind=logo}
Audit Logging Commands
- 10 Jul 2024
- 4 Minutes to read
- Contributors
- Print
- PDF
Audit Logging Commands
- Updated on 10 Jul 2024
- 4 Minutes to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The audit log is a security application utilized by security personnel to compile an accurate risk assessment. By using the audit log, security personal can know what is ongoing or being attempted, by whom, where it is happening or even when it occurred.
Audit Logging CLI commands are categorized as follows:
Notes: The maximum command length supported for audit-logging is 72. (CLI Command - Max 72 characters supported. NETCONF - There is no character limit.)
A backup file will not be created once the audit log is enabled; it will be created automatically once the primary file reaches 100%.
The default file size is 1024 MB.
Enable and Disable Command
This section includes the Audit Logging enable and disable command.
audit-logging
Command Objective:
This command enables or disables audit logging that allows users to configure audit trails, which track changes that have been made to a router. Each change is logged as a syslog message and all syslog messages are kept in the audit file, which is kept in the audit subsystem.
Syntax:
audit-logging { enable | disable}
Parameter Description:
- enable - Enables audit logging
- disable - Disables audit logging
Mode:
Global Configuration Mode
Default:
Disabled
Example:
Your Product(config)# audit-logging enable
Configuration Commands
This section includes Audit Logging configuration commands.
Note: The required privilege level for audit-logging configuration commands is 15.
audit-logging filename
Command Objective:
This command configures the file name to the audit log file. When the new file name is configured, the audit logging will occur in the new file name that has been configured. The maximum string value of the file name is 128.
Syntax:
audit-logging filename
Mode:
Global Configuration Mode
Default:
config.txt
Example:
Your Product(config)# audit-logging filename srv.txt
audit-logging filesize
Command Objective:
This command specifies the maximum file size (of the configs.txt file, in kilobytes) of the audit file which is a fixed file size in the disk file system.
The audit file contains syslog messages and it is stored on the disk. The number of messages that can be stored is dependent on the size of the selected file and the size determines the number of messages that can be stored on the disk before a wraparound occurs.
Ensure that the audit file is secure; the audit file should be access protected so that only the audit subsystem can access it. This value ranges from 1024 to 1048576.
Syntax:
audit-logging filesize <filesize(1024-1048576)>
Mode:
Global Configuration Mode
Default:
1048576
Example:
Your Product(config)# audit-logging filesize 1025
audit-logging logsize-threshold
Command Objective:
This command configures the threshold value of the log storage space with respect to the maximum storage space size. The threshold value in percentage ranges between 1 and 99.
When the file size reaches the threshold value, an SNMP trap will be sent to notify the administrator about the threshold being exceeded.
Syntax:
audit-logging logsize-threshold <threshold in %(1-99)>
Mode:
Global Configuration Mode
Default:
threshold in % - 70
Example:
Your Product(config)# audit-logging logsize-threshold 99
audit-logging reset
Command Objective:
This command is used to erase the contents in the configs.txt file and start logging.
Syntax:
audit-logging reset
Mode:
Global Configuration mode
Example:
Your Product(config)# audit-logging reset
Display Commands
This section includes Audit Logging display commands.
Note: The required privilege level for audit-logging display commands is 1.
show audit
Command Objective:
This command displays the content of the audit-log file.
Syntax:
show audit [filestat]
Parameter Description:
- filestat – Displays rollover counter and number of messages received.
Mode:
Privileged EXEC Mode
Example:
Your Product# show audit
Audit:root audit-logging reset SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root default rm-interface int1 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root vrf unq-mac enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root internal-lan 1 add interface virtual 1 FAILURE CONSOLE Mon Jul 8 17:06:29 2024
Audit:root set entity physical-index 2222222 asset-id 8 serial-number 7 alias-name FAILURE CONSOLE Mon Jul 8 17:06:29 2024
Audit:root web-session timeout 120 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root automatic-port-create enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root automatic-port-create disable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root traffic-separation control system_default SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root end SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root configure terminal SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
Audit:root interface gigabitethernet 0/3 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024
show config log
Command Objective:
This command displays Information related to Audit Logging.
Syntax:
show config log
Mode:
Privileged EXEC Mode
Example:
Your Product# show config log
Audit Status : Enabled
Audit File Name : config.text
Audit File Size : 1025
Audit Log Size Threshold : 70
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?