Privilege mode disable the show logging command
any one pls advice how to disable the show logging command through the privilege
Pls see this link,
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Regards,
~JG
Do rate helpful posts
Similar Messages
-
Aaa authorization and show logging command
Hello Guys,
I am running IOS 15 on some routers and using ACS version 5.3.0.40.5 for authentication and authorization.
I would like to have a group of users not be able to access the configuration mode but issue all show commands.
However, the show logging command does not seem to work in user mode.
Any ideas or work arounds are welcome.
thanks in advance.Hello,
There is no contradiction. You can be a level 15 access and deny or permit access to whatever commands that you want.
I am using ACS where everyone have level 15 access but some of them can only use show commands (no conf t).
You can configure things the same way by allowing everyone level 15 access and allow or deny whatever commands you want.
let me know if you need extra help.
Regards,
Amjad
Rating useful replies is more useful than saying "Thank you" -
Dear all,
If I do a show log command on switch it starts showing logs which are several months old.
How can I filter those to show only last month log -like pipe is one way or anything to be set on switch.
Also if I do sh log and if it starts showing logs for last 6 months then i can't break it and hence might b causing overhead.
Please advise.
Sent from Cisco Technical Support iPhone AppHi,
I believe there is no other options to view the logs options apart from using the pipe filter.
or we can tune the logging level in such a way to capture only the interested message by applying the below options.
There are eight levels of logging. If you specify a particular level of logging for console logging, for example the messages of that level and of the higher levels (numerically lower) are forwarded to the console.
Level
Logging Message
0
Emergencies
1
Alerts
2
Critical
3
Errors
4
Warnings
5
Notifications
6
Informational
7
Debugging
Router(config)# logging monitor error
Now let us discuss the anatomy of the logging messages. Each message is associated with one of the eight levels of logging, which is referred to as the severity of the message
Level Name
Severity
Description
Syslog Definition
Emergencies
0
System unusable
LOG_EMERG
Alerts
1
Immediate action needed
LOG_ALERT
Critical
2
Critical conditions
LOG_CRIT
Errors
3
Error conditions
LOG_ERR
Warnings
4
Warning conditions
LOG_WARNING
Notifications
5
Normal significant conditions
LOG_NOTICE
Informational
6
Informational messages only
LOG_INFO
Debugging
7
Debugging messages
LOG_DEBUG
Hope this helps
Cheers
Somu
Rate helpful posts -
How to disable the archive logs in SAP IDES(Windows) using SQL Server
can any body tell us How to disable the archive logs in SAP IDES(Windows 2003) using SQL Server 2000.SP4.?
Hi,
Unfortunately, SQL Server does not have the option to turn off transaction logging. You can set the recovery mode to SIMPLE, instead of FULL. This will result in the transaction log being truncated on checkpoint.
http://support.microsoft.com/kb/873235 - check this microsoft article
This will help in reduction of the size of the transcation log.
- Regards, Dibya -
Whenever I close down Photoshop CS5 I get the message: "Could not save Preferences because the file is locked or you do not have the necessary access privileges. Use the get info command in Finder to unlock the file or change permission on the file or enclosing folders." What on earth does it mean? How can I stop this message from appearing?
See here:
I cannot save recent images. -
Where is the "show duplicates" command in iTunes 11?
I can't find the "show dupicates" command in iTunes 11 and I have a number I want to delete.
https://discussions.apple.com/message/20438897?ac_cid=op123456#20438897
-
Clarification on the SHOW TOP command
Does anyone know much about the Show Top command? I am trying to get specs on the bandwidth utilization of a port. When
I do the Top command it tells me a percent of utilization. However it looks to be too low. I verified the util using a traffic generator test set and it has results of almost double the util. that the Top command stated. So my thoughts are that if the port is set for 100/Full then the Top stats for Util show only half Dux. Is this so??? I think that I need to double the Top results for util and that will be the true Util for the port. Can anyone verify this????you are kind of correct, that it will look like a half duplex utilization because process actually bundles the TX AND rx into the same counter and it also looks at the full duplex bandwidth when calculating the % utilization. So a GE port is really 2000Mbps full-duplex. so, from the traffic generator you are sending at line rate of 1 Gig, the TOP will see that as 50% utilization. Does that make sense. This is how I understand it.
-
How can i disable the automatic move command?
how can i disable the automatic move command? when i choose the move command it automatically moves whatever element that's selected, using the previous dimension used to move something. Big Problem.
went back to see if Preview was checked - it isn't.
It happens when we double-click on the arrow to open the move dialouge box, but the box doesn't open - instead the selected item is automatically moved #!@**
that's what we need to stop... any ideas? -
Aborting the show file command ouput in cisco nexus
Hi all ,
In order to verify the md5 value in cisco nexus image we need to use show file bootflash:image md5sum command. But instead of that we given show file bootflash:image . And it is continiously showing the entire file content and full junk values coming in console. I have given ctrl+shift+6 to abort the ouput. But it is not stopping and now i am not able to do anything in console. Any suggestion to abort that.
Thanks,
VijayHi All,
I just cleared the console session from tty lines using the below command,
clear line linename.
After this , console responded and we are able to access it.
Thanks,
Vijay. -
Need help with disabling the output excution command
hey guys
i'm doing an assignment in which user can input multiple lines. I'm using the scanner class. The problem i'm facing is that when user gives their input in multiple lines then it displays the asking input line even though it doesn't ask for new input because the pervious input stored in the memory. Please help me to disable it somehow. I understand the logic and everything but i can't find a way to disable that line. Here's my code:
print("Please enter words to be converted into Swedish Chef or \"END\" to stop");
inputText = input.nextLine();
while (!inputText.equals ("END") ) {
// separate the text and punctuations
removePunctuations();
// translate all the input text
for (int i = 0; i < inputWOP.length; i++ ) {
translateText(inputWOP);
// display the translated text inculding all the punctuations
printTranslatedText();
System.out.println();
/** the problem is on this line, logically it make sense that
* this will be displayed until "END" isn't entered
* but i want this line not to excute if there's multiple line input
print("Please enter words to be converted into Swedish Chef or \"END\" to stop");
inputText = input.nextLine();
Please help me to solve this problem, thanks in advance!salubad,
Do you really understand your logic? This is a classic while !EOF loop gone wrong... Examine your own code I'm sure you'll get it.
/** the problem is on this line, //YEP
logically it make sense that
* this will be displayed until "END"
isn't entered //DOES IT REALLY?
* but i want this line not to excute if
there's multiple line input //yep, just make it so.
rint("Please enter words to be converted into Swedish
Chef or \"END\" to stop");
inputText = input.nextLine();
Keith. -
"show logging" not available in privilege 7 anymore
Hi,
I am encoutering an issue on some Catalysts 3750/3560/2960 on IOS 12.2(55). Users logged on privilege 7 can't use the "show logging" command anymore. The command vas available on previous IOS like 12.2(50).
I fixed it with the command "privilege exec level 7 show logging" but I wanted to know if it was intentional or not, as I couldn't find anything about a change on the privilege 7 rights int any of the Cisco's release notes between 12.2(50) and 12.2(55).
Do anyone know about that ?This was implemented as a security feature. Take a look at:
CSCsl61281
https://supportforums.cisco.com/discussion/10624981/change-privilege-level-command-show-logging
Thank you for rating helpful posts! -
Privilege command: the show run does not show the running-config
Hi,
Whenever I login using "user1" I can successfully authenticate however when I ussue the show run for user1. The only thing that I can see are the following:
R4#show run
Building configuration...
Current configuration : 13 bytes
end
R4#
I have put the command on the router as follows:
~~~~~~~~~~~~~~~~~~~~~
aaa new-model
aaa authentication login ACS group tacacs+ local
aaa authentication login NO-AUTH none
aaa authorization exec ACS group tacacs+ local
aaa authorization exec NO-AUTH none
aaa authorization commands 1 ACS-1 group tacacs+ local
aaa authorization commands 1 NO-AUTH none
aaa authorization commands 10 ACS-10 group tacacs+ local
aaa authorization commands 10 NO-AUTH none
aaa authorization commands 15 ACS-15 group tacacs+ local
aaa authorization commands 15 NO-AUTH none
username user2 privilege 15 password xxx
username user1 privilege 10 password xxx
tacacs-server host 10.50.31.6
tacacs-server directed-request
tacacs-server key xxx
privilege exec level 15 show
privilege exec level 10 show running-config
line con 0
exec-timeout 1000 0
authorization commands 1 NO-AUTH
authorization commands 10 NO-AUTH
authorization commands 15 NO-AUTH
authorization exec NO-AUTH
login authentication NO-AUTH
line aux 0
authorization commands 1 NO-AUTH
authorization commands 10 NO-AUTH
authorization commands 15 NO-AUTH
authorization exec NO-AUTH
login authentication NO-AUTH
line vty 0 4
authorization commands 1 ACS-1
authorization commands 10 ACS-10
authorization commands 15 ACS-15
authorization exec ACS
login authentication ACS
end
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regards,
LorenzLorenz
I believe that the answer is that in implementing privilege levels Cisco designed the show run command so that if you do not have capability to change something that it will not show up in the show run. I believe the logic is that from a security standpoint if you are not authorized to change it you should not be able to see it in the config. So in your case if user1 is not able to change anything then they will not be able to see anything in show run.
HTH
Rick -
Giving access to privilege mode or giving access to few commands
We have a site to site vpn tunnel for different offices and we usually use taacs for username and password and we want to give privilege level access to few people. and access to only few commands in privilege mode using the same tacacs password ,, through cli and asdm?
Can you kindly help me with this
Thnx muchPlease check this link,
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
You need to setup command authorization.
Regards,
~JG
Do rate helpful posts -
"Show logging" displays the switch UP time not the Date & time
Hi,
i have cisco 2950 switch, when i type the show logging, what ever event has happend i am getting like this "26w6d: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down" but it is not showing the date & time when the event has occured, so every time i need to check the show version & have to see the switch up time & then i need to calculate. is there any configuration has to be done where i should get the information of the date & time in place of switch up time eg. like this...
"Sep4 4:15: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down"what you could do is to enable timestamping if not already done so.
2950(config)# service timestamp debug datetime msec
2950(config)# service timestamp log datetime msec
or you can use SNMP to provide traps of the 'events' that occur on the device.
these SNMP traps will provide the date, time and trap.
what version IOS on that device? have you enabled timestamping? have you upgrade lately? perhaps an upgrade could be of assistance. i'll verify the operation on some 2950s i have to confirm if i have the same issue or not and what version is being used. i'll post the result when available. -
Hi
I need to understand, what does RMAN use to read configuration info in case of No Recovery catalog.
We all know that it read from Control file about backup information.
But, when my database is in NOMOUNT mode, I connect to rman target /
Then I run show all; command.
It displays RMAN configuration, Where is this information stored?
Any idea?
Thanks in advanceHi,
Did you compare the output of the <show all ;> commands in nomount and mount (or open) mode?
In nomount you get the defaults :
RMAN configuration parameters are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
In mount mode you get the actual settings:
using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/backup/DB10G/%U';
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/appl/ora102/product/10.2.0/dbs/snapcf_DB10G.f'; # default
Regards,
Tycho
Maybe you are looking for
-
Hello. I have tried to use my visa gift card to purchase something from apple. However, the security code is not present, which I am aware of. When I typed in the correct security code, I discovered that there was not enough money in the card to comp
-
How do I do a clean reinstall of iTunes?
I had been converting my cassette library to MP3 files and using iTunes (10.1.2) to burn CD's therefrom. I was using separate iTune libraries saved on an external disk when a 'my bad' moment caused the loss of the libraries. No harm, as I had already
-
Reducing physical size of a movie
Hi I hope this is not a stupid question, but I can't see an easy way of doing this. I have a flash movie which is 250 pixels wide x 110 pixels deep, and I need the exact same movie for a space that is 160 pixels wide x 65 pixels deep. Obviously, I ca
-
How to generate Outbound Test IDOC ?
I have the sample IDOC receiver application running and registered with the SAP test system, but now I am trying to find out how to create an IDOC and send it from the SAP system to my test application. (We are using the test system provided by SAP a
-
Try to Execute CRM_TEXT_MAINTAIN_OW
Hi Experts, i am trying to execute the fm CRM_TEXT_MAINTAIN_OW, but i will not work, what is the mistake in my test report, i cannot find him. *& Report ZTEST_CRM_TEXT_MAINTAIN_OW REPORT ZTEST_CRM_TEXT_MAINTAIN_OW. DATA: lv_guid_ref TYPE crmt_object_