Configuration Change Notification & Logging

October 26, 2008 at 10:51 pm | Posted in System Management | Leave a comment

IEWB1 Vol5 Task 12.6

This task asks us to track configuration changes (as a simple alternative to AAA). This is a best example of a topic for which we need to consult our friend in the lab – the Doc CD. So let’s start with that.

Doc CD Navigation

  • Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
  • Part 8: Managing Configuration Files
  • Configuration Change Notification and Logging

Configuration

Rack1R4#
archive
 log config
 logging enable
 logging size 1000
 hidekeys
 notify syslog

Verification


Rack1R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R4(config)#int e0/0
Rack1R4(config-if)#shut
Rack1R4(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
Rack1R4(config-if)#no shut
Rack1R4(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
Rack1R4(config-if)#
Rack1R4#sh log
Syslog logging: enabled (11 messages dropped, 2 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 144 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 62 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: enabled

No active filter modules.

    Trap logging: level informational, 58 message lines logged

Log Buffer (4096 bytes):

%SYS-5-CONFIG_I: Configured from console by console
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
%SYS-5-CONFIG_I: Configured from console by console
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Rack1R4#sh archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  logging size 1000
    3     1        console@console  |  hidekeys
    4     1        console@console  |  notify syslog
    5     2        console@console  |archive
    6     2        console@console  | log config
    7     2        console@console  |  logging enable
    8     2        console@console  |  exit
    9     2        console@console  |   exit
   10     4        console@console  |interface lo111
   11     4        console@console  | exit
   12     4        console@console  |no interface Loopback111
   13     6        console@console  |interface Ethernet0/0
   14     6        console@console  | shutdown
   15     6        console@console  | no shutdown 

Rack1R4#sh archive log config statistics 
Config Log Session Info:
        Number of sessions being tracked: 1
        Memory being held: 3910 bytes
        Total memory allocated for session tracking: 3910 bytes
        Total memory freed from session tracking: 0 bytes

Config Log log-queue Info:
        Number of entries in the log-queue: 15
        Memory being held by the log-queue: 3199 bytes
        Total memory allocated for log entries: 3199 bytes
        Total memory freed from log entries: 0 bytes

Rack1R4#sh archive log config all ?
  provisioning  Display logged commands as a configlet suitable for
                provisioning
  |             Output modifiers
  <cr>

Rack1R4#sh archive log config all provisioning 
archive
 log config
  logging enable
  logging size 1000
  hidekeys
notify syslog
archive
 log config
  logging enable
  exit
exit
interface lo111
exit
no interface Loopback111
interface Ethernet0/0
 shutdown
 no shutdown
Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: