Log configuration commands entered on your Cisco router

As part of Configuraton Change Notification and Logging feature, Cisco IOS stores the most recent configuration commands in a circular buffer and (optionally) sends them to syslog streams.

This feature is configured under the archive configuration mode with the log config command, which brings you to yet another configuration mode where you can fine-tune the parameters (they are obvious, on-router help is sufficient), for example:
archive
log config
logging enable 100
notify syslog
hidekeys
After you've enabled configuration command logging, you can use the show archive log config all command to inspect the logging buffer. You can also display commands entered in a particular session or by a selected user.

If you've configured notify syslog, every configuration command also triggers a syslog message similar to this one:
3d03h: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface loopback 0
Note: This feature logs only the configuration commands, if you want to log all commands, use TACACS+ or Embedded Event Manager.

2 comments:

  1. we don't have an automated chang tracking tool (CSM bugs), so are reliant upon the archive/log config commands, however I have two questions, firstly, where is the file kept with this information, so I can export the logs for our routers and secondly, is it possible to show the date/time for when the commands were entered?
  2. The syslog timestamps can use the actual date/time. Use "service timestamps" global configuration command and NTP to synchronize the time. The following IP corner articles discuss NTP:

    http://wiki.nil.com/NTP

    The syslog messages can be sent to a syslog server or stored locally, see ...

    http://blog.ioshints.info/2007/09/logging-to-flash-disk.html
Add comment
Sidebar