Change notification is a nice feature on Cisco IOS devices that lets you keep track of the changes that have been made to your configuration. It can even track the user who made these changes and it can send this information to a syslog server.
This is one of those features that is very useful when something suddenly doesn’t work anymore and everyone tells you that “nobody made any changes”.
Let’s look at a Cisco router where we enable this feature:
Router(config)#archive Router(config-archive)#log config Router(config-archive-log-cfg)#logging enable
First you should use the archive command and then enter the log config section. Use the logging enable command and the router will keep track of the configuration changes. There’s a number of other items that are useful to configure however:
Router(config-archive-log-cfg)#logging size 1000
By default your router will keep 100 entries in the configuration log but we can increase it to 1000 using the logging size command. All the changes will be kept locally on your router but we can send it to the syslog server if we want:
Last but not least, it might be a good idea not to store any passwords in the configuration change logs. You can use the following command to disable this:
Whenever you make a change to the configuration you will see the following message on your console:
Router#configure terminal Router(config)#interface loopback 0 Router(config-if)# %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface loopback 0
You can see the change that was made (interface loopback 0) and the user that did this (console). Let’s make some more changes to the configuration of this router:
Router(config-if)#shutdown Router(config-if)#no shutdown
You will see these changes on the console:
Router# %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:shutdown %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no shutdown
We can also use some show commands to verify what changes have been made:
Router#show archive log config all idx sess user@line Logged command 1 1 console@console | logging enable 2 1 console@console | logging size 1000 3 1 console@console | notify syslog 4 1 console@console | hidekeys 5 1 console@console | interface loopback 0 6 1 console@console | shutdown 7 1 console@console | no shutdown
Above you find all the commands that I typed in the console so far. If you want to re-use some of the commands that you found then there’s a useful command for you to use:
How do we send this to the syslog server? I saw a command notify syslog don’t we need an IP address?
“notify syslog” will ensure that configuration change will send messages to syslog but you will still need to configure syslog to send messages to an external syslog server. Here’s how it’s done:
Can you please give me the equivalent of these command for IOS XR?
Hope to hear from you soonest.
IOS XR has a similar mechanism. You can view the commit list and its changes:
Above you can see two changes have been made through... Continue reading in our forum
Hi Rene,... Continue reading in our forum