Monday, 30 May 2011

Configuration Change Notification and Logging


About Configuration Log

The Configuration Change Notification and Logging feature tracks changes made to the Cisco IOS software running configuration by maintaining a configuration log. This configuration log tracks changes initiated only through the command-line interface (CLI) or HTTP. Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:
•Commands that result in a syntax error message
•Partial commands that invoke the router help system
For each configuration command that is executed, the following information is logged:
•The command that was executed
•The configuration mode in which the command was executed
•The name of the user that executed the command
•The time at which the command was executed
•A configuration change sequence number
•Parser return codes for the command
You can display information from the configuration log through the use of the show archive log config command, with the exception of the parser return codes, which are for use by internal Cisco IOS applications only.

About Configuration Change Notifications and Config Change Logging

You can configure the Configuration Change and Notification Logging feature to send notification of configuration changes to the Cisco IOS software system logging (syslog) process. Syslog notifications allow monitoring of the configuration log information without performing polling and information gathering tasks.
The Configuration Change Notification and Logging feature allows the tracking of configuration changes entered by users on a per-session and per-user basis. This tool allows administrators to track any configuration change made to the Cisco IOS software running configuration, and identify the user that made that change. 

Commands
RX2(config)#archive
RX2(config-archive)#  log config
RX2(config-archive-log-cfg)#  hidekeys
RX2(config-archive-log-cfg)#  logging  enable
RX2(config-archive-log-cfg)#  notify syslog
RX2(config-archive-log-cfg)#  exit

Keyword “hidekeys” suppresses output of password while logging. 

Verification:
RX2#sh archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  notify syslog
    3     1        console@console  |  exit
    4     1        console@console  |   exit
    5     2        console@console  |router rip
    6     2        console@console  | exit
    7     2        console@console  |no router rip
     8    2        console@console  |enable password *****

No comments:

Post a Comment