Get Unlimited Access to 799 Cisco Lessons Now Get $1 Trial
You are here: Home » Cisco » CCIE Routing & Switching

Configuration Change Notification and Logging

Lesson Contents

Change notification is a nice feature on Cisco IOS devices that lets you keep track of the changes that have been made to your configuration. It can even track the user who made these changes and it can send this information to a syslog server.

This is one of those features that is very useful when something suddenly doesn’t work anymore and everyone tells you that “nobody made any changes”.

Configuration

Let’s look at a Cisco router where we enable this feature:

Router(config)#archive
Router(config-archive)#log config
Router(config-archive-log-cfg)#logging enable

First, you should use the archive command and then enter the log config section. Use the logging enable command, and the router will keep track of the configuration changes. There are a number of other items that are useful to configure, however:

Router(config-archive-log-cfg)#logging size 1000

By default, your router will keep 100 entries in the configuration log but we can increase it to 1000 using the logging size command. All the changes will be kept locally on your router, but we can send it to the syslog server if we want:

Router(config-archive-log-cfg)#notify syslog

Last but not least, it might be a good idea not to store any passwords in the configuration change logs. You can use the following command to disable this:

Router(config-archive-log-cfg)#hidekeys

Verification

Whenever you make a change to the configuration, you will see the following message on your console:

Router#configure terminal
Router(config)#interface loopback 0
Router(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface loopback 0

You can see the change that was made (interface loopback 0) and the user that did this (console). Let’s make some more changes to the configuration of this router:

Router(config-if)#shutdown
Router(config-if)#no shutdown

You will see these changes on the console:

Router#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown 

%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown

We can also use some show commands to verify what changes have been made:

Router#show archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable 
    2     1        console@console  |  logging size 1000
    3     1        console@console  |  notify syslog 
    4     1        console@console  |  hidekeys 
    5     1        console@console  |  interface loopback 0  
    6     1        console@console  | shutdown 
    7     1        console@console  | no shutdown

Above, you find all the commands that I typed in the console so far. If you want to re-use some of the commands that you found then there’s a useful command for you to use:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 799 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

Give Membership a try - it's just $1 ►

593 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:

Forum Replies

  1. Rene,

    How do we send this to the syslog server? I saw a command notify syslog don’t we need an IP address?
    Please clarify.
    Thanks

    Hamood

  3. Hi Rene,
    Can you please give me the equivalent of these command for IOS XR?
    Hope to hear from you soonest.

  4. Hi Adekunle,

    IOS XR has a similar mechanism. You can view the commit list and its changes:

    RP/0/0/CPU0:ios#show configuration commit list
Mon Mar  7 11:44:19.885 UTC
SNo. Label/ID              User      Line                Client      Time Stamp
~~~~ ~~~~~~~~              ~~~~      ~~~~                ~~~~~~      ~~~~~~~~~~
1    1000000002            cisco     con0_0_CPU0         CLI         Mon Mar  7 11:44:17 2016
2    1000000001            cisco     con0_0_CPU0         CLI         Mon Mar  7 11:43:48 2016

    Above you can see two changes have been made through

    ... Continue reading in our forum

  5. Hi Rene,

    Coreswitch#show archive log config all provisioning
archive
 log config
  logging enable
hidekeys
interface lo0
shutdown
interface Loopback0
no shutdown
enable secret *****

Coreswitch#show loggi
Coreswitch#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 7 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level debugging, 129 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level
    ... Continue reading in our forum

9 more replies! Ask a question or join the discussion by visiting our Community Forum