Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
2
Replies

Trackin guser logins and config changes

keeleym
Level 5
Level 5

‎08-12-2009 04:44 AM

Hi All

I am part of a group who administer 2 Cisco 7609 devices. These nodes are used in a test lab for testing and trouble shooting.

We have received a request from our customer (internal) for access to these nodes to which our manager has agreed and both groups are to update a shared document when a change is made.

However we would also like to police this a little better and actively monitor when our customers log on and what changes they make.

I would therefore like to ask what solutions are availaebl to us to allow monitoring?

Requirements would be

Who logged on and when (date/time)

What changes were made (if any) also with a date and time stamp

The cisco built in change monitoring is nota an option as we are running IOS s72033-adventerprisek9_wan-mz.122-18.SXE2.bin and I can not see our management springing for an IOS upgrade just to help us monitoring changes.

Any solution would have to be as low cost as possible.

Best Regards and thanks for your time,

Michael

Labels:
0 Helpful
2 Replies 2

Sven Hruza
Level 4
Level 4

‎08-12-2009 04:53 AM

Hi!

Are you using TACACS+ for AAA with ACS server?

This could be an option to log the activities of all users on these devices.

With LMS it is possible to look into the config archive history to see changes.

But it is not possible to do that automatically.

You can configure an auto action for syslog messages from the deivce if there was a config made which will send you an email.

0 Helpful

keeleym
Level 5
Level 5
In response to Sven Hruza

‎08-12-2009 05:08 AM

Hi There

Thank you for taking the time to read my question and respond.

At present there is no TACACS+/AAA configured. In our group there was 1 or 2 folks who worked on these nodes and documented any changes they made.

However now that our customer is to have access to these nodes and even though that have been tols that the must also log all changes they make, we just want to see if there is any way that we can track their activity on these nodes to ensure that we know exactly what they are doing as all connectivity/routing problems will still end up with us and will be difficult to work through if we can not be sure what changes have been made.

As I said we would like to record when a customer logs onto one of these nodes what changes they make.

The auto action for syslog look interesting. will look into this

Best Regards,

Michael

0 Helpful
Customers Also Viewed These Support Documents