David’s Cisco Networking Blog

Dec 6 2007   5:00AM GMT

Tracking Configuration Changes with the Cisco IOS – Built in! – using the Archive command

David Davis David Davis Profile: David Davis

As a semi-paranoid admin like me, perhaps you have used (or have wanted to use) applications like Tripwire and Kiwi CatTools to log all Cisco IOS configuration changes.

However, maybe we don’t need external tools. Have you seen the Configuraton Change Notification and Logging features?

It has been available since IOS 12.3(4)T/12.2(25)S (it has really gone mainstream in 12.4).

For each configuration command that is executed, the following information will be logged:

• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command

Here is a sample of how you configure it:

Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)

Watch this: this is an example of what the logging looks like in action:
CH_NAME_RTR# show archive log config all
idx sess user@line Logged command
1 1 david@vty0 | logging enable
2 1 david@vty0 | logging size 200
3 2 david@vty0 |hostname CH_NAME_RTR
4 2 david@vty0 |enable secret ***** (this is hidden because of hidekeys command)
5 2 david@vty0 |interface FastEthernet0/0
6 2 david@vty0 | bandwidth 100000

Personal Website: HappyRouter.com – home of Cisco how-to articles & videos
David Recommends:
HappyRouter Cisco VMware Workstation & Server Video Training Series
HappyRouter Cisco CCNA & CCNP Video Training Series

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Dendeni
    is there something similar for CISCO ASA firewalls? 

    thank you! 
    25 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: