Log Changes to Router Configurations
Articles » Log Changes to Router Configurations
Whenever you’re faced with an “unexpected” network outage that doesn’t seem to be caused by a hardware failure, the root cause often tends to be a change in a device configuration, raising these questions:
- What changes were made to the device configuration?
- When were the changes made?
- Who made them?
Network managers who implemented centralized Authentication, Authorization, and Accounting (AAA) with Cisco’s proprietary TACACS+ protocol could log any command executed on the routers in their network for ages1. The above questions are also easy to answer in environments using modern network automation workflows like GitOps (more details), but unfortunately, many organizations are still not at that stage.
However, your networking vendor might have implemented some rudimentary change logging functionality in the network operating system. Cisco was one of the first vendors to do that; the Configuration Change Notification feature was introduced almost twenty years ago in Cisco IOS release 12.4.
-
Several other vendors implemented TACACS+ clients. Some of them also support command authentication or accounting. A few vendors provide similar functionality with RADIUS accounting. ↩︎
Next: Who Did It?