Configuration Change Notification and Logging

Published on by dellpe

Change notification is a nice feature on Cisco IOS devices that lets you keep track of the changes that have been made to your configuration. It can even track the user who made these changes and it can send this information to a syslog server.

This is one of those features that is very useful when something suddenly doesn’t work anymore and everyone tells you that “nobody made any changes”.

Configuration

Let’s look at a Cisco 2951 router where we enable this feature:

Router(config)#archive
Router(config-archive)#log config
Router(config-archive-log-cfg)#logging enable

First you should use the archive command and then enter the log config section. Use the logging enable command and the router will keep track of the configuration changes. There’s a number of other items that are useful to configure however:

Router(config-archive-log-cfg)#logging size 1000

By default your router will keep 100 entries in the configuration log but we can increase it to 1000 using the logging size command. All the changes will be kept locally on your router but we can send it to the syslog server if we want:

Router(config-archive-log-cfg)#notify syslog

Last but not least, it might be a good idea not to store any passwords in the configuration change logs. You can use the following command to disable this:

Router(config-archive-log-cfg)#hidekeys

Verification

Whenever you make a change to the configuration you will see the following message on your console:

Router#configure terminal
Router(config)#interface loopback 0
Router(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface loopback 0

You can see the change that was made (interface loopback 0) and the user that did this (console). Let’s make some more changes to the configuration of this router:

Router(config-if)#shutdown
Router(config-if)#no shutdown

You will see these changes on the console:

Router#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown 

%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown

We can also use some show commands to verify what changes have been made:

Router#show archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable 
    2     1        console@console  |  logging size 1000
    3     1        console@console  |  notify syslog 
    4     1        console@console  |  hidekeys 
    5     1        console@console  |  interface loopback 0  
    6     1        console@console  | shutdown 
    7     1        console@console  | no shutdown

Above you find all the commands that I typed in the console so far. If you want to re-use some of the commands that you found then there’s a useful command for you to use:

Router#show archive log config all provisioning 
archive 
 log config 
  logging enable 
  logging size 1000
  notify syslog 
  hidekeys 
interface loopback 0  
 shutdown 
 no shutdown

This gives you the logged configuration changes in the same format as you can find them in the running configuration. What about passwords in my configuration? I used the hidekeys command so they shouldn’t be visible…let’s find out if this is true. I’ll configure an enable secret:

Router(config)#enable secret Cisco123

Your console will show this:

Router#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:enable secret *****

It’s masking the secret so it’s not giving away any information. You’ll find the same thing in the overview of commands:

Router#show archive log config all | include secret 
    8     2        console@console  |enable secret *****

I hope this tutorial has been helpful to you, if you have any changes feel free to leave a comment!



Read more: http://networklessons.com/network-management/configuration-change-notification-logging/#ixzz2ym3I5nSK

Published on Cisco Network

Comment on this post

Obat sipilis 12/01/2015 13:31

Took me time to read all the comments, but I really enjoyed the article. It proved to be Very helpful to me and I am sure to all the commenters here! It’s always nice when you can not only be informed, but also entertained!

Obat Sipilis 11/19/2015 18:28

Thanks for sharing your nice post

Obat Wasir 06/19/2015 23:37

Thank's to information

obat wasir ambeien 11/28/2014 07:10

nice atricel

Obat kutil kelamin 11/06/2014 06:16

Cara mengobati kutil kelamin