I would like to be notified through a log message if the router is rebooted (deliberately or otherwise) and either drops into rommon mode or is forced into rommon mode with a ctrl+break sequence. When I manually create this scenario I don't get any syslog message. Syslog is configured and working properly in that I can generate and receive messages for all serverities 0-7. When in rommon I know it doesn't load the IOS or the startup config which contains the logging parameters but surely there has to be some form of logging messages generated if the router falls into this mode.
No offence taken. Yeah I can log that but what I'm ultimately trying to alert on is if someone unauthorized gets physical access to the router and performs a password recovery. The commands (configreg and reset) entered while in rommon do not get logged and as you know the result after the reboot is privilege exec mode to the router, providing access to the startup config and essentially a fully compromised router should an unauthorized individual chose to leverage it. I can have a log message generated for the cold restarts but that in and of itself is not enough in my mind to indicate that a possible compromise has occured. The cold restart log message coupled with a configreg log message would be a pretty good indication of something suspicious. A copy start run (which can also generate a log message) would just further solidify my resolve of something suspicious occuring. The key though in my mind is somehow alerting on the rommon commands invoked. Oh well, if you think of something else, I'm all ears. Thanks for your replies though.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...