Configuration Change Notification & Logging - Cisco

This task asks us to track configuration changes (as a simple alternative to AAA). This is a best example of a topic for which we need to consult our friend in the lab – the Doc CD. So let’s start with that.

Doc CD Navigation

• Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
• Part 8: Managing Configuration Files
• Configuration Change Notification and Logging

Configuration

Rack1R4#
archive
 log config
 logging enable
 logging size 1000
 hidekeys
 notify syslog

Verification

Rack1R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R4(config)#int e0/0
Rack1R4(config-if)#shut
Rack1R4(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
Rack1R4(config-if)#no shut
Rack1R4(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
Rack1R4(config-if)#

Rack1R4#sh log
Syslog logging: enabled (11 messages dropped, 2 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 144 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 62 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: enabled

No active filter modules.

    Trap logging: level informational, 58 message lines logged

Log Buffer (4096 bytes):

%SYS-5-CONFIG_I: Configured from console by console
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
%SYS-5-CONFIG_I: Configured from console by console
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Rack1R4#sh archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  logging size 1000
    3     1        console@console  |  hidekeys
    4     1        console@console  |  notify syslog
    5     2        console@console  |archive
    6     2        console@console  | log config
    7     2        console@console  |  logging enable
    8     2        console@console  |  exit
    9     2        console@console  |   exit
   10     4        console@console  |interface lo111
   11     4        console@console  | exit
   12     4        console@console  |no interface Loopback111
   13     6        console@console  |interface Ethernet0/0
   14     6        console@console  | shutdown
   15     6        console@console  | no shutdown

Rack1R4#sh archive log config statistics 
Config Log Session Info:
        Number of sessions being tracked: 1
        Memory being held: 3910 bytes
        Total memory allocated for session tracking: 3910 bytes
        Total memory freed from session tracking: 0 bytes

Config Log log-queue Info:
        Number of entries in the log-queue: 15
        Memory being held by the log-queue: 3199 bytes
        Total memory allocated for log entries: 3199 bytes
        Total memory freed from log entries: 0 bytes

Rack1R4#sh archive log config all ?
  provisioning  Display logged commands as a configlet suitable for
                provisioning
  |             Output modifiers
  

Rack1R4#sh archive log config all provisioning 
archive
 log config
  logging enable
  logging size 1000
  hidekeys
notify syslog
archive
 log config
  logging enable
  exit
exit
interface lo111
exit
no interface Loopback111
interface Ethernet0/0
 shutdown
 no shutdown