Hello, I would like to monitor all the changes made on my router from telnet connexion on a console.
I tried the debug/loggind commands but I didn't find a way to log the command ligne.
does anyone got an idea ???
Thaks.
Thierry
Hello, I would like to monitor all the changes made on my router from telnet connexion on a console.
I tried the debug/loggind commands but I didn't find a way to log the command ligne.
does anyone got an idea ???
Thaks.
Thierry
on a console.
You need, in addition to your "debug" or "logging" commands, the following: terminal monitor
Regards, Christoph Gartmann
connexion on a console.
AFAIK you cannot do what I think you are trying to accomplish.
You could setup alocal login for each administrator and when they do a write mem it will show the userid who made change that will go to syslog and you could setup a syslogserver to capture that if you do not have it already setup
For local authentication
line vty 0 4 ! or whatever the highest VTY line number is on the box login local
username admin1 secret letmein username admin2 secret letmeout
logging buffer 10000 debug ! setup internal syslog buffer for quick checks of log
Hi Christoph,
What I want to do is that is someone get a telnet connexion to my cisco and then do (for exemple): "conf t int eth0 ip address 192.168.3.2 255.255.255.0"
I want to log those lines somewhere....
on a console.
You need, in addition to your "debug" or "logging" commands, the following: terminal monitor
Regards, Christoph Gartmann
Pk thanks for your answer. Thierry
connexion on a console.
AFAIK you cannot do what I think you are trying to accomplish.
You could setup alocal login for each administrator and when they do a write mem it will show the userid who made change that will go to syslog and you could setup a syslogserver to capture that if you do not have it already setup
For local authentication
line vty 0 4 ! or whatever the highest VTY line number is on the box login local
username admin1 secret letmein username admin2 secret letmeout
logging buffer 10000 debug ! setup internal syslog buffer for quick checks of log
then do (for exemple):
IIRC I believe that this can be done with a TACACS server. I do not know any details however I recall seeing it done once.
I don't think Cisco logs individual configuration commands anywhere. There's a log message when they do "write mem" to save the configuration changes, but it doesn't list the individual changes.
I suggest you do your router configurations using config files that are downloaded to the routers, and use a version control system on the file server.
~ In article , ~ Thierry wrote: ~ ~ > What I want to do is that is someone get a telnet connexion to my cisco and ~ > then do (for exemple): ~ > "conf t ~ > int eth0 ~ > ip address 192.168.3.2 255.255.255.0" ~ > ~ > I want to log those lines somewhere... ~ ~ I don't think Cisco logs individual configuration commands anywhere. ~ There's a log message when they do "write mem" to save the configuration ~ changes, but it doesn't list the individual changes.
EEM (Embededded Event Manager) can do this, I'm reasonably sure.
Cheers,
Aaron
Apparently Cisco has added a feature to log configuration changes
Configuration Change Notification and Logging
Releases of Cisco IOS software prior to 12.3(4)T/12.2(25)S lack the ability to track the origin of changes to the running configuration. The only way to determine if a Cisco IOS software configuration has been changed is to pull the running and startup configurations offline and do a line-by-line comparison. This comparison will identify all the changes that have occurred between the two configurations, but it will not specify the sequence in which the changes occurred or the person responsible for the changes.
The Configuration Change Notification and Logging (Configuration Logging) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing a configuration log. The configuration log will track each configuration command that is applied, who applied the command, the parser return code for that command, and the time that the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes.
This is something people have wanted for years !!!
TACACS accounting logs every command entered by every user. We use to figure out who changed what when the fecal matter hits the rotating air disturbance device.
Scott
Thank you all for your answers...
Thierry
TACACS accounting logs every command entered by every user. We use to figure out who changed what when the fecal matter hits the rotating air disturbance device.
Scott
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.