Change in privilege level for the command show logging

I have recently discovered a change in behavior in IOS. The command show logging has traditionally been available at user level. Now it has become a privilege level 15 command.
I thought that this was strange and opened a case with Cisco TAC about it. I was told that this is a new "feature" that was implemented for bugid CSCsl61281. Unfortunately this bugid is viewable by Cisco internally but not viewable by the public.
The TAC engineer tells me that this change is integrated into these releases:
This was integrated into the following releases:
12.4(24.05.01)PIX11
12.4(21.14.09)PIC01
12.4(19.03)T
12.2(52.23)SIN
12.2(33)SXI01
12.2(32.08.11)SX229
12.2(32.08.11)SR174
I do not think that this is a good change. If you do not think that this is a good change I suggest that you contact your Cisco support team and express your opinion about this change.
Otherwise as you go to new versions of IOS be aware of the potential impact on your network monitoring processes and procedures that show logging will require level 15 privilege access.
HTH
Rick

Hi Rick,
Can you suggest me references to know more about privilege level commands?
How to enable different commands for different levels of privileges?
Thanks.
-Sudhish

Similar Messages

  • Privilege level for the commands

    Hi All,
    I am trying to modify the privilege level of the commands in my router.
    I need to understand what is the privilege level for the commands.
    Is there a command in the IOS or a link with a document on the CCO with the criteria or the list of the command and its corresponded privile level.
    Thanks
    Matteo

    Matteo
    I am not clear what it is that you are trying to do. But let me make a suggestion. While there are 16 privilege levels (0 through 15) there are two levels that are commonly used 1 and 15. 1 is what is usually called user mode and is the default level when someone first logs into the router. My suggestion is to identify what group of commands you do not want to be available in user mode, decide if they should be available in something less than 15, pick a level, and assign the commands to that level.
    If you really do want to start from a list of commands and their privilege level, I do not think that you will find any single source which will accurately give you the privilege level for all commands. The closest you will find is to look in the command reference and find the command. The command reference will usually describe the privilege level. Unfortunately I have found a few situations where the description of privilege level was not correct.
    My advice is that if you want to find the privilege level for some commands that you want to manipulate, that you get a router and try the command and determine what its privilege level is.
    HTH
    Rick

  • Snmp oids for the command "show counters interface intx/y delta"

    Hello,
    I have a question about SNMP OIDs for the command "show counters interface intx/y delta" on Catalyst6500. The customer wants to create graphs for the following values:Overruns, qos0Outlost, InErrors, OutErrors, InDiscards, OutDiscards etc..
    Is possible to get these values using SNMP??
    Thank you
    Roman

    Thank you, Dan. These OIDs are for the output from the command "show interface int x/y". But I think, that these OIDs are not for the command "show interface int x/y delta".
    Roman

  • Custom privilege level for CSM commands

    Is there a way to creat a custom privilege level to allow a user access to only CSM config commands while in config mode?? I'm trying to allow members of our server/web team to check on the status of the web servers and to take them out of service for maintenance....and not allow them access to change any other configs on the switch.
    Thanks...Jeff

    Here is an exampel for enable 5
    enable secret level 5
    privilege slb-lam-mode-real level 5 no inservice
    privilege slb-lam-mode-real level 5 inservice
    privilege slb-lam-mode-real level 5 inservice standby
    privilege slb-lam-mode-csm-sfarm level 5 real
    privilege slb-lam-mode-csm-sfarm level 5 real name
    privilege slb-lam-mode-csm level 5 server
    privilege configure level 5 module csm
    privilege exec level 5 conf t
    privilege exec level 5 exit

  • Privilege level - tuning the commands

    This example allows users with level 10 privileges to configure an interface ip address...
    privilege exec level 10 configure terminal
    privilege configure level 10 interface
    privilege interface level 10 ip address
    My question is how to configure users in level 10 to ping ONLY ONE ip address..
    eg
    privilege exec level 10 ping 192.168.11.10
    But it seems that I can ping anyway?
    Router2#sh run | be privilege
    privilege interface level 10 ip address
    privilege interface level 10 ip
    privilege configure level 10 interface
    privilege configure level 10 hostname
    privilege exec level 10 ping !!!!!!!!!!!!!!!!
    privilege exec level 10 configure terminal
    privilege exec level 10 configure
    privilege exec level 10 no
    When I telnet into Router2 with the level 10 password I automatically get to the privileged mode
    and I have the following exec commands...
    Router2>en 10
    Password:
    Router2#?
    Exec commands:
    <1-99> Session number to resume
    access-enable Create a temporary Access-List entry
    access-profile Apply user-profile to interface
    clear Reset functions
    configure Enter configuration mode
    connect Open a terminal connection
    disable Turn off privileged commands
    disconnect Disconnect an existing network connection
    enable Turn on privileged commands
    exit Exit from the EXEC
    help Description of the interactive help system
    lock Lock the terminal
    login Log in as a particular user
    logout Exit from the EXEC
    modemui Start a modem-like user interface
    mrinfo Request neighbor and version information from a multicast
    router
    mstat Show statistics after multiple multicast traceroutes
    mtrace Trace reverse multicast path from destination to source
    name-connection Name an existing network connection
    no Disable debugging functions
    pad Open a X.29 PAD connection
    ping Send echo messages
    ppp Start IETF Point-to-Point Protocol (PPP)
    resume Resume an active network connection
    rlogin Open an rlogin connection
    show Show running system information
    slip Start Serial-line IP (SLIP)
    systat Display information about terminal lines
    tclquit Quit Tool Command Language shell
    telnet Open a telnet connection
    terminal Set terminal line parameters
    tn3270 Open a tn3270 connection
    traceroute Trace route to destination
    tunnel Open a tunnel connection
    udptn Open an udptn connection
    where List active connections
    x28 Become an X.28 PAD
    x3 Set X.3 parameters on PAD
    How can I select only the commands I really want from this list??
    ie how can I allow only one specific ping command?
    Thanks !

    Privilege levels can be configured on basis of commands allowed to be executed on that privilege level. It is not possible to restrict the execution of commands which are allowed based on its parameters. So you cannot make it to allow a ping to only one specific IP address and block the ping to others. You can use an access list to block ping to other IP addresses, however the access list will be applicable to all the users at any privilege level.

  • What is the default key command for the COMMAND key?I seem to have changed it somehow along the way and now when I push the command key it hides all windows or shows desk top I need to correct this as soon as possible-.any ideas?

    What is the default key command for THE COMMAND (apple) key? I seem to have changed it somehow along the way and now when I push the command key (only) it hides all open windows and shows the desk top and when I push it again it shows all windows again...I need to return to default A.S.A.P. just this one key...Any ideas? Thanks in advance...

    Go to
     > System Preferences > Keyboard
    Click on the 'Keyboard' tab and hit the 'modifier keys...' button. You can see and change the defaults there.
    As I'm not sure if all the labels are the same in Lion, he's a screenshot from Snow Leopard. It should be similar enough:

  • Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

    Hello,
    I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
    the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
    The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
    So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
    Please advise.  And providing links to cisco documentation would be great too.
    Thanks,
    Brendan

    Hi Berendan,
    Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
    About Authorization
    Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
    •Management commands
    •Network access
    •VPN access
    Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
    If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
    The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
    Regards
    Karthik

  • Aironet 1600 privilege level for MAC Filtering

       Hi,
    I want to permit from a user profile with the telnet CLI command to configure the new MAC address on the dot11 association mac-list 700
    I have create the user 14 with the followed commands:
    enable secret level 14 5 **************
    enable secret 5 **************
    privilege configure level 14 access-list
    privilege exec level 14 write memory
    privilege exec level 14 write
    privilege exec level 14 configure terminal
    privilege exec level 14 configure
    privilege exec level 14 show dot11 associations client
    privilege exec level 14 show dot11 associations
    privilege exec level 14 show dot11
    privilege exec level 14 show access-lists
    privilege exec level 14 show
    Access from login privilege 14
    1602AP16#show privile
    Current privilege level is 14
    1602AP16#show access-l
    Bridge address access list 700
        permit 100b.a965.7384   0000.0000.0000 (2 matches)
        permit 0026.c659.b182   0000.0000.0000
        permit 0019.d2c2.96c0   0000.0000.0000
    OK
    add the new MAC address
    1602AP16(config)#access-list ?                                        
      <1-99>       IP standard access list
      <100-199>    IP extended access list
      <1100-1199>  Extended 48-bit MAC address access list
      <1300-1999>  IP standard access list (expanded range)
      <200-299>    Protocol type-code access list
      <2000-2699>  IP extended access list (expanded range)
      <700-799>    48-bit MAC address access list
    1602AP16(config)#access-list 700 permit 0026.c659.b182   0000.0000.0000
                                                                   ^
    % Invalid input detected at '^' marker.
    I can open the user level 14 config and when I add the new MAC address I received the " Invalid input detected " message
    What is wrong ?
    Is it only permit at level 15 ?
    IOS version : 
    Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
    Thank you to shared me yours comments !
    Patrick

    Hi Patric,
    Can u try this :
    privilege configure level 14 access-list
    and all other with priv 13.
    privilege exec level 13 write memory
    privilege exec level 13 write
    privilege exec level 13 configure terminal
    privilege exec level 13 configure
    privilege exec level 13 show dot11 associations client
    privilege exec level 13 show dot11 associations
    privilege exec level 13 show dot11
    privilege exec level 13 show access-lists
    privilege exec level 13 show
    and then try to configure it.
    If still fails then u must use priv 15 .
    Regards

  • I recently had to change my email address for the Apple ID and now when the App store comes up it still asks has my old email address and no password will work.  What should I taccepts it all fine as does facetime.  Help?

    I recently changed my email address for the Apple Id and it was accepted but now when the App store comes up it still shows my old email address and no password will work.  iCloud and Facetime are fine.  Don't know why it stays there or how to alter it.

    1. Sign out of old ID
    2. Sign in with new ID
    Settings>AppStore>Apple ID

  • Is there (or can I create) a keyboard shortcut for the command "export"?

    is there (or can I create) a keyboard shortcut for the command "export"?

    Keyboard Shortcuts are created in the System Preferences app, Hardware section, Keyboard, Keyboard Shortcuts tab.
    Select Application Shortcuts on the left.
    Click the "+" sign on the right and in the dialog box that pops up, enter: "Export..." and your preferred key combination. Here's an example:
    Keep in mind that when you enter the name of the action in a layered menu, such as File > Export..., or Share > Export..., you are only going to enter the last menu choice, not the higher levels.
    Regards,
    Jerry

  • Running commands with powershell - randomly need to press Enter for the command to continue

    Hi,
    I have noticed quiet a few times now that when i run some commands in a powershell window, the execution seems to hang and if i press enter the rest of the command is executed.
    It does it for such as simple thing as
    xcopy \\source \\dest
    repadmin /syncall /Adep
    The commands are executed but i need to press enter at some point (and multiple times) for the command to complete.
    Anyone have seen this kind of behavior?

    Something very similar to this came up recently, so I'll throw it out there.  Do you have "QuickEdit Mode" enabled for your PowerShell console?  If so, when you click your mouse somewhere in the window, it starts to select text to be copied or
    pasted, and your window title will change from (for example) "Windows PowerShell" to "Select Windows PowerShell".  When you press enter, you copy whatever was highlighted to the clipboard, and the console goes back to normal.

  • Using a Variable in SSIS - Error - "Command text was not set for the command object.".

    Hi All,
    I am using a OLE DB Source in my dataflow component and want to select SQL Query from the master table  I have created variables v_Archivequery
    String packageLevel (to store the query).
    <Variable Name="V_Archivequery" DataType="String">
         SELECT a.*, b.BBxKey as Archive_BBxKey, b.RowChecksum as Archive_RowChecksum
         FROM dbo.ImportBBxFbcci a LEFT OUTER JOIN Archive.dbo.ArchiveBBxFbcci b
         ON (SUBSTRING(a.Col001,1,4) + SUBSTRING(a.Col002,1,10)) = b.BBxKey
         Where (b.LatestVersion = 1 OR b.LatestVersion IS NULL)
        </Variable>
    I am assigning this query to the v_Archivequery variable, "SELECT a.*, b.BBxKey as Archive_BBxKey, b.RowChecksum as Archive_RowChecksum
    FROM dbo.ImportBBxFbcci a LEFT OUTER JOIN Archive.dbo.ArchiveBBxFbcci b
     ON (SUBSTRING(a.Col001,1,4) + SUBSTRING(a.Col002,1,10)) = b.BBxKey
    Where (b.LatestVersion = 1 OR b.LatestVersion IS NULL)"
    Now in the OLE Db source, I have selected as Sql Command from Variable, and I am getting the variable, v_Archivequery .
    But when I am generating the package and when running I am getting bewlo errror
     Error at Data Flow Task [OLE DB Source [1]]: An OLE DB error has occurred. Error code: 0x80040E0C.
    An OLE DB record is available.  Source: "Microsoft SQL Native Client"  Hresult: 0x80040E0C  Description: "Command text was not set for the command object.".
    Can Someone guide me whr am going wrong?
    Please let me know where am going wrong?
    Thanks in advance.
    Thankx & regards, Vipin jha MCP

    What happens if you hit Preview button in OLE DB Source Editor? Also you can use the same query by selecting SQL Command option and test.
    Could you try set the Delay Validation = True at Package and re-run ?
    If set the query in variable expression (not in value), then Set Evaluate As Expression = True.
    -Vaibhav Chaudhari

  • Unable to get the composite instance for the invocation. This could be because instance has not yet been created or because the audit level for the SOA infra has been set to Off

    I am on Oracle 11.1.1.7 BPM suite on W8 64 bit. I can't launch the flow trace and get the error "Unable to get the composite instance for the invocation. This could be because instance has not yet been created or because the audit level for the SOA infra has been set to Off".  I have set the audit level to development at the soa-infra>SOA Administration> Common Properties > Audit level set to development and Capture Composite Instance State is Checked.
    Can somebody advice.
    Thanks

    Can you please confirm me the following steps...
    Log in to the EM console, Expand soa-infra (soa_server1) , go to the partition where your composite is been deployed, Click on your composite, On the right, click on the dropdown Settings and choose Composite Audit Level. you can choose to set the Audit Level for this composite. If you choose Inherit, it will take the settings to what the server is being set to. Otherwise, we can override it by choosing Off, Production, or Development.
    Make sure your setting for that composite is not Off, keep inherit or production or development.
    Thanks,
    N

  • I get no audio for the Daily Show and Colbert Report

    I am using the most recent Adobe Flash Player 11.4.402.265 with Windows 7, 64-bit, which works for all videos except those for The Daily Show and the Colbert Report, which have no audio.
    The Daily Show and Colbert Report play in Google Chrome, but not in Firefox.

    Sometimes it's jest THEM! But be sure to check PLUGINS. The Shockwave and Java applications may need 'PLUGIN UPDATE' for newer versions. Suggest a check for any outdated PLUGIN UPDATE found from the Mozilla Firefox Toolbar 'Help' Menu > 'Firefox Help' > [lower right margin displays link to more info to review and 'UPDATE PLUGIN's!

  • I am putting together a slide show using iphoto and I wanted to add a description on each slide/photo. How can I do that? Also on the choice of music for the silde show, if the slide show is longer than one song can you chose a different song for backgrou

    I am putting together a slide show using iphoto and I wanted to add a description on each slide/photo. How can I do that? Also on the choice of music for the silde show, if the slide show is longer than one song can you chose a different song for background music?

    This might help
    http://www.apple.com/findouthow/photos/#slideshow
    Regards
    TD

Maybe you are looking for

  • Wrong calculation of tax

    Hii The total tax is coming wrong and same is reflected in the pricing.Infact the calculation is proper but the total tax the system is picking is wrong.The system is calculating extra 100 rs.I dont know from where it is picking this 100 rs extra.Inf

  • Can't connect to itunes

    Hi, I suddenly have a problem that my apple tv can't connect to itunes or icloud To play any of the music I've just bought (via the Apple TV) or movies, tv shows etc that I've purchased. Connected to the internet fine, and can stream from my mac, but

  • Segment Builder

    Hi All, Can any one guide me the usage of below in the Segment Builder (CRM 5.0) "AND Within an Attribute", "OR Within an Attribute", "AND Across all Attributes" and "OR Across all Attributes" . Thanks for your assistance in advance. Regards, Krish

  • Enable Create Event/Subscription button in R12

    hello experts, I am trying to create a business event/subscription in R12 and I cannot find the "Create" button. I tried using Workflow Administrator, Workflow Administrator Event Manager and Workflow Administrator Web Applications responsibilities.

  • Programmatically enable/disable application scrollbars

    Hi, At present I need to modify some of our custom tools in LabVIEW 2010 to work on lower resolution screens. The automatic rescaling functionality is not really an option as it distorts most UI features. I have looked at adding a vertical/horizontal