Cisco Blog: Configuration Change Tracking...Built in?!?
For years, I have been relying on outside tools to tack changes in running configurations on Cisco devices. One of my favorite (cheaper) tools has been Kiwi CatTools. However, recently, someone turned me on to the fact that this functionality is BUILT-IN to the Cisco IOS! Here's the basics:
The feature is called Configuraton Change Notification and Logging. It has been available since IOS 12.3(4)T/12.2(25)S (it has really gone mainstream in 12.4).
For each configuration command that is executed, the following information will be logged:
• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command
Pretty nice - and you can have this information stored in a local buffer or sent to a syslog server. Here's a configuration that will get you going:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)
Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 jeremy@vty0 | logging enable
2 1 jeremy@vty0 | logging size 200
3 2 jeremy@vty0 |hostname CH_NAME_RTR
4 2 jeremy@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 jeremy@vty0 |interface FastEthernet0/0
6 2 jeremy@vty0 | bandwidth 100000
