03-08-2023 10:43 PM
How can Cisco DNA and Cisco Prime Infrastructure provide integrity to prevent any one change running configuration on whole infrastructure devices?
How can Cisco DNA and Cisco Prime Infrastructure rewrite the last backup configuration back to network devices once detected changes in running configuration?
03-09-2023 05:53 AM
- Both products won't be able to fulfill your requirements completely , I advise to use logging of config changes on network equipment if there is a business requirement , as in (see below) , then of course the global syslog server must be watched and examined on a regular basis too. Check this document too : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-logger.html
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#archive R1(config-archive)#log config R1(config-archive-log-cfg)#logging enable R1(config-archive-log-cfg)#logging size 500 R1(config-archive-log-cfg)#hidekeys R1(config-archive-log-cfg)#notify syslog R1(config-archive-log-cfg)#end R1#
03-09-2023 05:20 PM - edited 03-09-2023 09:54 PM
I remember that configuration change can generate a configuration change log to syslog
but how to write a script once received this configuration change log this pattern, then Prime Infrastructure can overwrite existing configuration with specified date of configuration?
How can be done in Cisco DNA ?
Even if hackers edited configuration, new running configuration can be overwritten back to original configuration or special configuration to make IP address path to honey pot.
I have never found people done this until 2023. So I am curious about this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide