Monitor another user on a Router or Switch

If two or more users are logged into a router or switch can you watch what they are typing and getting from show commands?

What commands would do that?
Who is Participating?
luc_royConnect With a Mentor Commented:
If I understand you, you are wanting to see real time changes people are making to a including what they are looking at?

I am not aware of anything that can do what you are asking because the users actions in a router are not tracked unless they are applied to the configuration.

The best you can do is combine are few technologies together to get some of the results you want.
You can use Cisco AAA security to track when users are logged in and what they have access to.  Here is a good article on it (

For tracking revisions to the config in real time you can use several different tools.  I like Orion Network Configuration Management .  It’s a great way to track config changes, when they happen real time. Here is a blurb from the website

“Monitoring a network is easy. Isolating problems is tough. Fortunately, Orion NCM notifies you in real-time when configs change, helping you quickly determine which changes could potentially cause network issues. With Orion NCM, you’ll never have to guess who changed what and when as you troubleshoot that infamous user complaint: `the Internet is down.’ Plus, you can rest easy and save time with features like nightly config backups and bulk config changes!”
EDincerConnect With a Mentor Commented:
Maybe You can try cisco lms application for auditing and it will show all changes in the configuration, user actions ..

You can download a trial version from

Dragon0x40Author Commented:
thanks luc roy and EDincer,

Someone at work said they were watching me as a made a change to a router and I was wondering what they meant. Maybe I will ask!

Maybe show user to see if I am idle and when the idle timer goes to 0 then do a sh run and see what changed?

Unless you know what the planned changes are then it might be tough but I guess you could suck up the config into a text editor and use some kind of diff command to see the differences.
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Something like solar winds would tell them when you made a change.  It's just no live.  Also if someone says they are watching you it might be spyware or even a camera.
The change audit application of Cisco LMS lets you track and report network changes.

The change audit log fo LMS contains all the change that inventory manager, software manager and configuration manager applications discover. Every time one of these LMS applications detects a change (syslog message,snmp trap ), it`s sends a change record to the change audit service with details who made the change (possible in combination with cisco AAA security), when the change occoured and what type of the change occoured.

You can set up a syslog configuration in the DFM module of LMS for the real time monitoring.
if thye are using user base access, AAA or something like that.  but  again that is not a live feed, it is bases on when the changes are written to the router.
Dragon0x40Author Commented:
I will ask the guy I work with how he was monitoring what I was doing on the router.

I just thought maybe you could monitor another users session but apparently not.

Sometimes I try to figure things out on my own so I don't ask so many questions at work.
it's the best way to do things, I always want to figure things out off site.

Good luck.
Dragon0x40Author Commented:
My colleague was connected to the same router I was via telnet and repeatedly running the "sh run" command and looking for the changes that I was putting into the router.

He could not see what I was typing at the cli.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.