Change notification is a nice feature on Cisco IOS devices that lets you keep track of the changes that have been made to your configuration. It can even track the user who made these changes and it can send this information to a syslog server.
This is one of those features that is very useful when something suddenly doesn’t work anymore and everyone tells you that “nobody made any changes”.
Configuration
Let’s look at a Cisco router where we enable this feature:
Router(config)#archive
Router(config-archive)#log config
Router(config-archive-log-cfg)#logging enable
First you should use the archive command and then enter the log config section. Use the logging enable command and the router will keep track of the configuration changes. There’s a number of other items that are useful to configure however:
Router(config-archive-log-cfg)#logging size 1000
By default your router will keep 100 entries in the configuration log but we can increase it to 1000 using the logging size command. All the changes will be kept locally on your router but we can send it to the syslog server if we want:
Router(config-archive-log-cfg)#notify syslog
Last but not least, it might be a good idea not to store any passwords in the configuration change logs. You can use the following command to disable this:
Router(config-archive-log-cfg)#hidekeysVerification
Whenever you make a change to the configuration you will see the following message on your console:
Router#configure terminal
Router(config)#interface loopback 0
Router(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface loopback 0
You can see the change that was made (interface loopback 0) and the user that did this (console). Let’s make some more changes to the configuration of this router:
Router(config-if)#shutdown
Router(config-if)#no shutdown
You will see these changes on the console:
Router#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:shutdown
%PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no shutdown
We can also use some show commands to verify what changes have been made:
Router#show archive log config all
idx sess user@line Logged command
1 1 console@console | logging enable
2 1 console@console | logging size 1000
3 1 console@console | notify syslog
4 1 console@console | hidekeys
5 1 console@console | interface loopback 0
6 1 console@console | shutdown
7 1 console@console | no shutdown
Above you find all the commands that I typed in the console so far. If you want to re-use some of the commands that you found then there’s a useful command for you to use:
Router#show archive log config all provisioning
archive
log config
logging enable
logging size 1000
notify syslog
hidekeys
interface loopback 0
shutdown
no shutdown
This gives you the logged configuration changes in the same format as you can find them in the running configuration. What about passwords in my configuration? I used the hidekeys command so they shouldn’t be visible…let’s find out if this is true. I’ll configure an enable secret:
Router(config)#enable secret Cisco123
Your console will show this:
Router#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:enable secret *****
It’s masking the secret so it’s not giving away any information. You’ll find the same thing in the overview of commands:
Router#show archive log config all | include secret
8 2 console@console |enable secret ***** hostname Router
!
ip cef
!
archive
log config
logging enable
logging size 1000
notify syslog contenttype plaintext
hidekeys
!
endI hope this tutorial has been helpful to you, if you have any changes feel free to leave a comment!
No comments:
Post a Comment