Cisco Configuration Change Audit

avilt · ‎08-13-2009

I have around 20 routers in production and my audit team is requesting the report of all the changes that I made to the network devices for the last 2 months. How can I acheive this. I am using Cisco ACS v 3.1 for authentication.

Collin Clark · ‎08-17-2009

Do you also have accounting enabled in your routers and ACS? Otherwise a compare between a config 60 days ago and current one would work. UltraCompare would be helpful if you need to do the manual compare.

greglowe1329 · ‎09-17-2009

For future change management i would look at enabling archive logging:

Router(config)# archive

Router(config-archive)# log config (enters config logging mode)

Router(config-archive-log-config)# logging enable (turns on running config change logging)

Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)

Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)

Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:

CH_NAME_RTR# show archive log config all

idx sess user@line Logged command

1 1 jeremy@vty0 | logging enable

2 1 jeremy@vty0 | logging size 200

3 2 jeremy@vty0 |hostname CH_NAME_RTR

4 2 jeremy@vty0 |enable secret ***** (this is hidden because of hidekeys command)

5 2 jeremy@vty0 |interface FastEthernet0/0

6 2 jeremy@vty0 | bandwidth 100000

cisco24x7 · ‎09-18-2009

RANCID is your solution.