Hi, I collected the cisco deviceslog with "Cisco Networks Add-on for Splunk Enterprise". And install "Cisco Networks App for Splunk Enterprise" on my search heads. Now I want to know which user at what time execute what commands.
In the App, Audit, "Configuration change transactions" shows me the time and user but for the "cmd" (command) just shows "!exec: enable" .
It just shows the main command that enables user to enter other commands. Is it something wrong with my configs in Splunk or it's just about log level on Cisco devices?
Tanks in advance