Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Configuration Change Audit

I have around 20 routers in production and my audit team is requesting the report of all the changes that I made to the network devices for the last 2 months. How can I acheive this. I am using Cisco ACS v 3.1 for authentication.

3 REPLIES

Re: Cisco Configuration Change Audit

Do you also have accounting enabled in your routers and ACS? Otherwise a compare between a config 60 days ago and current one would work. UltraCompare would be helpful if you need to do the manual compare.

New Member

Re: Cisco Configuration Change Audit

For future change management i would look at enabling archive logging:

Router(config)# archive

Router(config-archive)# log config (enters config logging mode)

Router(config-archive-log-config)# logging enable (turns on running config change logging)

Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)

Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)

Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:

CH_NAME_RTR# show archive log config all

idx sess user@line Logged command

1 1 jeremy@vty0 | logging enable

2 1 jeremy@vty0 | logging size 200

3 2 jeremy@vty0 |hostname CH_NAME_RTR

4 2 jeremy@vty0 |enable secret ***** (this is hidden because of hidekeys command)

5 2 jeremy@vty0 |interface FastEthernet0/0

6 2 jeremy@vty0 | bandwidth 100000

Silver

Re: Cisco Configuration Change Audit

RANCID is your solution.

457
Views
5
Helpful
3
Replies