Getting Data In

Getting in the commands from cisco devices

m_zandinia
Path Finder

Hi, I collected the cisco deviceslog with "Cisco Networks Add-on for Splunk Enterprise". And install  "Cisco Networks App for Splunk Enterprise" on my search heads. Now I want to know which user at what time execute what commands.

In the App, Audit,  "Configuration change transactions"  shows me the time and user but for the "cmd" (command) just shows "!exec: enable" .

It just shows the main command that enables user to enter other commands. Is it something wrong with my configs in Splunk or it's just about log level on Cisco devices?

Tanks in advance

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...