Log changes mad to config on switch?

whiteford · ‎11-22-2008

Hi,

I have many Cisco Catalyst switches and I have managed to log when a user logs into the switches to our syslog server, however I now need to log any changes made on the configs, is this possble?

This is what I have added so far:

logging buffered 8192 notifications

login on-failure log

login on-success log

archive

log config

logging enable

logging size 200

notify syslog contenttype plaintext

hidekeys

logging trap notifications

logging source-interface Vlan1

logging 192.168.1.19

Am I missing something?

glen.grant · ‎11-22-2008

You would probably have to use AAA accounting and the use of a tacacs or radius server to accomplish this. Do a search on configuring AAA accounting.

Willem de Groot · ‎11-24-2008

Hi

Be carfull, my 3750/3560 rebooted every time i made a config change after I configured this option.

What Switch, What IOS?

You have seen this config?

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.html

Giuseppe Larosa · ‎11-24-2008

Hello Andy,

I think you need to move to AAA for doing this

we use the following commands with ACS tacacs+

aaa new-model

aaa authentication login ACS group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa accounting update newinfo

aaa accounting exec ACS start-stop group tacacs+

aaa accounting commands 1 ACS start-stop group tacacs+

aaa accounting commands 15 ACS start-stop group tacacs+

!

aaa session-id common

the accounting commands are the ones that allow to record any command entered by every one.

In the log there is a line for each command with the timestamp, user, command, ip address of device

This is useful in understanding the reasons of crashes or some major faults.

Hope to help

Giuseppe

Collin Clark · ‎11-24-2008

I agree with the others that AAA is the best solution, but you can do it locally (depending on your platform).

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.html