https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932601#M938644 <P>Hi,</P><P></P><P>Does any have a way to compare current running ACLs against a previously saved copy of the config? Quarterly we need to review the security and it would be nice to run a quick compare to evaluate what has changed since the last quarter and make sure these changes are reflected in our change log as outlined by our corporate security policy.</P><P></P><P>I'm considering adding access-list remarks to my config to help document it better. I've heard this could clutter the config but using a "show run |exclude remarks" could help when troublshooting.</P><P></P><P>Does anyone have any thoughts?</P><P></P><P>Thanks</P><P>Glen</P> Mon, 11 Mar 2019 12:37:06 GMT gedmond 2019-03-11T12:37:06Z https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932601#M938644 <P>Hi,</P><P></P><P>Does any have a way to compare current running ACLs against a previously saved copy of the config? Quarterly we need to review the security and it would be nice to run a quick compare to evaluate what has changed since the last quarter and make sure these changes are reflected in our change log as outlined by our corporate security policy.</P><P></P><P>I'm considering adding access-list remarks to my config to help document it better. I've heard this could clutter the config but using a "show run |exclude remarks" could help when troublshooting.</P><P></P><P>Does anyone have any thoughts?</P><P></P><P>Thanks</P><P>Glen</P> Mon, 11 Mar 2019 12:37:06 GMT https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932601#M938644 gedmond 2019-03-11T12:37:06Z https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932602#M938645 <HTML><HEAD></HEAD><BODY><P>you can use command "show run | include access-list" and save this copy in a text file. In the next quarter you cna again get the output using same command, copy it and save in a different file then compare both files using a variey of free tools availbale on internet for this</P></BODY></HTML> Fri, 02 May 2008 19:36:59 GMT https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932602#M938645 htarra 2008-05-02T19:36:59Z https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932603#M938646 <HTML><HEAD></HEAD><BODY><P>Do a "copy running-config tftp" and compare the transfered file with your prior configuration file, with an application such as the one found at:</P><P></P><P><A class="jive-link-custom" href="http://www.scootersoftware.com/moreinfo.php" target="_blank">http://www.scootersoftware.com/moreinfo.php</A></P><P></P><P>The "Beyond Compare" application allows you to view differences between files rapidly.</P><P></P><P>Has a ton of other features as well.</P><P></P></BODY></HTML> Fri, 23 May 2008 22:11:47 GMT https://community.cisco.com/t5/network-security/tracking-acl-changes-using-access-list-remarks/m-p/932603#M938646 michael.leblanc 2008-05-23T22:11:47Z