Configuration change notification

Unanswered Question
Dec 21st, 2007
User Badges:

We usually find out that a device had its configuration changed but not saved when a device loses power and things go wrong.


Is there a way to receive a notification (snmp trap or a message in the banner motd) warning that running-config and startup-config are different?


I think that it is better than asking technicians to issue a sh run whenever they log into a device.


If not possible, that would be my suggestion to Cisco for the next IOS releases.


Thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wochanda Fri, 12/21/2007 - 17:16
User Badges:
  • Silver, 250 points or more

We have these features:

-Log message generated when config change made:

"configured via console by user"


You could tweak your SNMP config to send a trap for these messages and take action on them.


-When you issue a 'reload' command, we compare the startup and running configuration, and prompt you to save


You could also implement AAA command accounting, where you'll be notified of any and all configuration changes made on your devices.

Edison Ortiz Fri, 12/21/2007 - 18:51
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Releases of Cisco IOS software prior to 12.3(4)T/12.2(25)S lack the ability to track the origin of changes to the running configuration. The only way to determine if a Cisco IOS software configuration has been changed is to pull the running and startup configurations offline and do a line-by-line comparison. This comparison will identify all the changes that have occurred between the two configurations, but it will not specify the sequence in which the changes occurred or the person responsible for the changes.


The Configuration Change Notification and Logging (Configuration Logging) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing a configuration log. The configuration log will track each configuration command that is applied, who applied the command, the parser return code for that command, and the time that the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes.


_________________________________________


http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hcf_c/ch35/hconlog.htm


Richard Burts Sat, 12/22/2007 - 15:12
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Marcelo


We use a network management tool called NetMRI and this tool is able to examine all the routers in the network on a periodic basis and to report all routers whose configuration appears to have changed but not saved to NVRAM.


HTH


Rick

Actions

This Discussion