Configuration change tracking
This has been available since IOS 12.3(4)T/12.2(25)S. For each configuration command that is executed, the following information will be logged:
• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command
You can have this information stored in a local buffer or sent to a syslog server. Here’s a basic configuration that will get you going:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)
Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 darenmatthews@vty0 | logging enable
2 1 darenmatthews@vty0 | logging size 200
3 2 darenmatthews@vty0 |hostname CH_NAME_RTR
4 2 darenmatthews@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 darenmatthews@vty0 |interface FastEthernet0/0
6 2 darenmatthews@vty0 | bandwidth 100000