03-11-2014 11:19 AM
I've got audit logging enabled on a switch and it's set to the most aggressive level possible:
admin> auditcfg --show
Audit filter is enabled.
Severity level: INFO
When I look at the syslog events file I'm sending this to, I can see a lot of good things, but it's missing some critical stuff. On the top of my list is that while it will show who applied a new zoning config, it doesn't provide any information about what they changed. Is there a way to include that somehow? We need to track changes made by CLI as well as through the GUI.
Second is that portdisable commands are not logged. Of all the commands to not include in an audit log, this is a strange choice...
03-12-2014 04:00 AM
which FOS Version you are using?
Please look with auditdump -s if the Information is there.
We can see everything you want in the BNA Masterlog and auditdump.