Audit Logging Commands
  • 10 Jul 2024
  • 4 Minutes to read
  • Contributors
  • PDF

Audit Logging Commands

  • PDF

Article summary

The audit log is a security application utilized by security personnel to compile an accurate risk assessment. By using the audit log, security personal can know what is ongoing or being attempted, by whom, where it is happening or even when it occurred.

Audit Logging CLI commands are categorized as follows:


Notes: The maximum command length supported for audit-logging is 72. (CLI Command - Max 72 characters supported. NETCONF - There is no character limit.)

A backup file will not be created once the audit log is enabled; it will be created automatically once the primary file reaches 100%.

The default file size is 1024 MB.


Enable and Disable Command

This section includes the Audit Logging enable and disable command.

audit-logging

Command Objective:
This command enables or disables audit logging that allows users to configure audit trails, which track changes that have been made to a router. Each change is logged as a syslog message and all syslog messages are kept in the audit file, which is kept in the audit subsystem.

Syntax:
audit-logging { enable | disable}

Parameter Description:

  • enable - Enables audit logging
  • disable - Disables audit logging

Mode:
Global Configuration Mode

Default:
Disabled

Example:

Your Product(config)# audit-logging  enable

Configuration Commands

This section includes Audit Logging configuration commands.


Note: The required privilege level for audit-logging configuration commands is 15.

audit-logging filename

Command Objective:
This command configures the file name to the audit log file. When the new file name is configured, the audit logging will occur in the new file name that has been configured. The maximum string value of the file name is 128.

Syntax:
audit-logging filename

Mode:
Global Configuration Mode

Default:
config.txt

Example:

Your Product(config)# audit-logging filename srv.txt

audit-logging filesize

Command Objective:
This command specifies the maximum file size (of the configs.txt file, in kilobytes) of the audit file which is a fixed file size in the disk file system.

The audit file contains syslog messages and it is stored on the disk. The number of messages that can be stored is dependent on the size of the selected file and the size determines the number of messages that can be stored on the disk before a wraparound occurs.

Ensure that the audit file is secure; the audit file should be access protected so that only the audit subsystem can access it. This value ranges from 1024 to 1048576.

Syntax:
audit-logging filesize <filesize(1024-1048576)>

Mode:
Global Configuration Mode

Default:
1048576

Example:

Your Product(config)# audit-logging filesize 1025

audit-logging logsize-threshold

Command Objective:
This command configures the threshold value of the log storage space with respect to the maximum storage space size. The threshold value in percentage ranges between 1 and 99.

When the file size reaches the threshold value, an SNMP trap will be sent to notify the administrator about the threshold being exceeded.

Syntax:
audit-logging logsize-threshold <threshold in %(1-99)>

Mode:
Global Configuration Mode

Default:

threshold in % - 70

Example:

Your Product(config)# audit-logging logsize-threshold 99

audit-logging reset

Command Objective:
This command is used to erase the contents in the configs.txt file and start logging.

Syntax:
audit-logging reset

Mode:
Global Configuration mode

Example:

Your Product(config)# audit-logging reset

Display Commands

This section includes Audit Logging display commands.


Note: The required privilege level for audit-logging display commands is 1.

show audit

Command Objective:
This command displays the content of the audit-log file.

Syntax:
show audit [filestat]

Parameter Description:

  • filestat – Displays rollover counter and number of messages received.

Mode:
Privileged EXEC Mode

Example:

Your Product# show audit
Audit:root audit-logging reset SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root default rm-interface int1 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root vrf unq-mac enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root internal-lan 1 add interface virtual 1 FAILURE CONSOLE Mon Jul 8 17:06:29 2024

Audit:root set entity physical-index 2222222 asset-id 8 serial-number 7 alias-name  FAILURE CONSOLE Mon Jul 8 17:06:29 2024

Audit:root web-session timeout 120 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root automatic-port-create enable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root automatic-port-create disable SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root traffic-separation control system_default SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root end SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root configure terminal SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

Audit:root interface gigabitethernet 0/3 SUCCESS CONSOLE Mon Jul 8 17:06:29 2024

show config log

Command Objective:
This command displays Information related to Audit Logging.

Syntax:
show config log

Mode:
Privileged EXEC Mode

Example:

Your Product# show config log
Audit Status     :  Enabled

Audit File Name  :  config.text

 Audit File Size   :  1025

 Audit Log Size Threshold : 70

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.