08-13-2009 04:43 PM - edited 03-09-2019 10:30 PM
I have around 20 routers in production and my audit team is requesting the report of all the changes that I made to the network devices for the last 2 months. How can I acheive this. I am using Cisco ACS v 3.1 for authentication.
08-17-2009 09:23 AM
Do you also have accounting enabled in your routers and ACS? Otherwise a compare between a config 60 days ago and current one would work. UltraCompare would be helpful if you need to do the manual compare.
09-17-2009 04:33 PM
For future change management i would look at enabling archive logging:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered - 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional - exports changes to syslog server)
Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 jeremy@vty0 | logging enable
2 1 jeremy@vty0 | logging size 200
3 2 jeremy@vty0 |hostname CH_NAME_RTR
4 2 jeremy@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 jeremy@vty0 |interface FastEthernet0/0
6 2 jeremy@vty0 | bandwidth 100000
09-18-2009 05:05 AM
RANCID is your solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide