Viewing, clearing, and configuring AUDIT log messages

This section provides information on viewing, clearing, and configuring the AUDIT log messages.

Displaying the AUDIT messages

To display the saved AUDIT messages, perform the following steps.

  1. Log in to the switch as admin.

  2. Enter the show logging auditlog command at the command line.

    You can also display messages in reverse order by using the reverse option. 

    device# show logging auditlog
0 AUDIT, 2017/05/23-19:40:00 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp-t928 adaptive".
1 AUDIT, 2017/05/23-19:40:00 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp-t928 secondary-path secondary".
2 AUDIT, 2017/05/23-19:40:00 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp--secpath-secondary standby".
3 AUDIT, 2017/05/23-19:40:00 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp--secpath-secondary enable".
4 AUDIT, 2017/05/23-19:40:00 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp-t928 lsp t929".
5 AUDIT, 2017/05/23-19:40:01 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp-t929 to 5.2.3.4".
6 AUDIT, 2017/05/23-19:40:01 (GMT), [DCM-1006], INFO, DCMCFG, admin/admin/10.20.161.51/telnet/cli,, SLX9850-8, Event: database commit transaction, Status: Succeeded, User command: "configure config-router-mpls-lsp-t929 primary-path primary".
[...]

Clearing the AUDIT messages

To clear the AUDIT log messages for a particular switch instance, perform the following steps.

  1. Log in to the switch as admin.
  2. Enter the clear logging auditlog command to clear all messages in the switch memory.

Configuring event auditing

The AUDIT log classes SECURITY, CONFIGURATION, and FIRMWARE are enabled by default. You can enable or disable auditing of these classes by using the logging auditlog class class command.

To configure and verify the event auditing, perform the following steps.

  1. Enter the configure terminal command to access the global configuration level of the CLI. 
    device# configure terminal
Entering configuration mode terminal

  2. Configure the event classes you want to audit. For example, to audit the CONFIGURATON class, enter the following command.

    You can choose one of the following event classes: CONFIGURATION, FIRMWARE, or SECURITY. 
    device(config)# logging auditlog class CONFIGURATION
  3. Enter the show running-config logging auditlog class command to verify the configuration. 
    device# show running-config logging auditlog class
logging auditlog class CONFIGURATION
9036693-01 Rev AA