Category: configuration

Configuration Change Logging ignores the configuration downloads

The Configuration Change Notification and Logging feature is supposed to log changes to the router's configuration. While it does a great job of logging commands entered in the router configuration mode, it completely ignores configuration changes due to configuration download (for example, with configure network or copy tftp running-config command).
read more add comment

Log configuration commands entered on your Cisco router

As part of Configuraton Change Notification and Logging feature, Cisco IOS stores the most recent configuration commands in a circular buffer and (optionally) sends them to syslog streams.

This feature is configured under the archive configuration mode with the log config command, which brings you to yet another configuration mode where you can fine-tune the parameters (they are obvious, on-router help is sufficient), for example:
log config
logging enable 100
notify syslog
After you've enabled configuration command logging, you can use the show archive log config all command to inspect the logging buffer. You can also display commands entered in a particular session or by a selected user.

If you've configured notify syslog, every configuration command also triggers a syslog message similar to this one:
3d03h: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface loopback 0
Note: This feature logs only the configuration commands, if you want to log all commands, use TACACS+ or Embedded Event Manager.
see 2 comments

Download Router Configuration to a Web Browser

If you have HTTP server enabled on your router (on by default in many IOS releases, enable with ip http server), you can download the current router configuration into your web browser simply by typing in the URL http://router/exec/show/running/full. To get the startup configuration, use http://router/exec/show/startup-config/CR.

Of course, you need to authenticate to the router. By default, you can use anything as the username and the enable-password as the password, but you also use local usernames or AAA authentication. To use local usernames, configure ip http authentication local and enter username and password with the username username privilege 15 password password configuration command.
see 4 comments

Use HTTP to Store Router Configurations on Web Server

It's been possible for a long time to use HTTP to download information from a web server to a router. In IOS release 12.3(2)T, integrated in 12.4 release, Cisco has introduced the ability to store local information (for example, router configurations) on a web server. To use this feature, configure the username and password giving you write access to the web server with:
ip http client username web-user
ip http client password secret-password
After the username and password have been configured, you can use copy running http: to copy router's configuration to a web server.
Note: on the web server, you have to configure the target virtual directory for write access (default: disabled) and allow file-system write access to the underlying physical directory for the target user.
Alternatively, you can specify the username and password in the URL using the copy running http://user:password@host/file syntax.
router#copy running http://student:[email protected]/router-config
Address or name of remote host []?
Destination filename [router]?
Storing http://student:[email protected]/router-config !!
4231 bytes copied in 0.864 secs (4897 bytes/sec)
see 2 comments