Cisco Configuration Change Audit

Unanswered Question
Aug 13th, 2009
User Badges:

I have around 20 routers in production and my audit team is requesting the report of all the changes that I made to the network devices for the last 2 months. How can I acheive this. I am using Cisco ACS v 3.1 for authentication.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Mon, 08/17/2009 - 09:23
User Badges:
  • Purple, 4500 points or more

Do you also have accounting enabled in your routers and ACS? Otherwise a compare between a config 60 days ago and current one would work. UltraCompare would be helpful if you need to do the manual compare.

greglowe1329 Thu, 09/17/2009 - 16:33
User Badges:

For future change management i would look at enabling archive logging:

Router(config)# archive

Router(config-archive)# log config (enters config logging mode)

Router(config-archive-log-config)# logging enable (turns on running config change logging)

Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)

Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)

Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:

CH_NAME_RTR# show archive log config all

idx sess [email protected] Logged command

1 1 [email protected] | logging enable

2 1 [email protected] | logging size 200

3 2 [email protected] |hostname CH_NAME_RTR

4 2 [email protected] |enable secret ***** (this is hidden because of hidekeys command)

5 2 [email protected] |interface FastEthernet0/0

6 2 [email protected] | bandwidth 100000

cisco24x7 Fri, 09/18/2009 - 05:05
User Badges:
  • Silver, 250 points or more

RANCID is your solution.


This Discussion