Home > CISCO > Configuration change tracking

Configuration change tracking

July 8th, 2009

This has been available since IOS 12.3(4)T/12.2(25)S. For each configuration command that is executed, the following information will be logged:

• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command

You can have this information stored in a local buffer or sent to a syslog server.  Here’s a basic configuration that will get you going:

Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:

CH_NAME_RTR# show archive log config all
 idx   sess           user@line      Logged command
    1     1         darenmatthews@vty0     |  logging enable
    2     1         darenmatthews@vty0     |  logging size 200
    3     2         darenmatthews@vty0     |hostname CH_NAME_RTR
    4     2         darenmatthews@vty0     |enable secret *****  (this is hidden because of hidekeys command)
    5     2         darenmatthews@vty0     |interface FastEthernet0/0
    6     2         darenmatthews@vty0     | bandwidth 100000
Categories: CISCO Tags:
Comments are closed.