Cisco IOS: Configuration Change Tracking…Built in?!?

Cisco Blog: Configuration Change Tracking…Built in?!?

For years, I have been relying on outside tools to tack changes in running configurations on Cisco devices. One of my favorite (cheaper) tools has been Kiwi CatTools. However, recently, someone turned me on to the fact that this functionality is BUILT-IN to the Cisco IOS! Here’s the basics:

The feature is called Configuraton Change Notification and Logging. It has been available since IOS 12.3(4)T/12.2(25)S (it has really gone mainstream in 12.4).

For each configuration command that is executed, the following information will be logged:

• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command

Pretty nice – and you can have this information stored in a local buffer or sent to a syslog server. Here’s a configuration that will get you going:

Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:

CH_NAME_RTR# show archive log config all
 idx   sess           user@line      Logged command
    1     1         jeremy@vty0     |  logging enable 
    2     1         jeremy@vty0     |  logging size 200
    3     2         jeremy@vty0     |hostname CH_NAME_RTR
    4     2         jeremy@vty0     |enable secret *****  (this is hidden because of hidekeys command)
    5     2         jeremy@vty0     |interface FastEthernet0/0 
    6     2         jeremy@vty0     | bandwidth 100000
This entry was posted in Configuration Change Tracking. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s