09-05-2016 01:09 AM
Dear All,
We have Cisco Setup at our office. My question is if one of our team member log on the device and do some changes. How can we trace that login info and changes other than history command. Do syslog server give us logs about the commands he has given and through which username and password he has log on the device.
Solved! Go to Solution.
09-06-2016 03:51 AM
yes it will very slightly though just keep the logging size down a bit , if you notice mem or cpu issues lower it again
I used to have it running on a lot of routers until, we got a software that did the same thing and I never really noticed any issue with it in terms of using up cpu and ram , obviously though the more you store the more it uses but its only history buffer so should not effect prod traffic at all
show proc cpu sorted will show if its effecting cpu at all , if mem gets effected it will most likely pop up in show log , never seen it happen though from just using archiving you should be fine
09-05-2016 04:36 AM
Hi
You need to set it up first its not enabled by default
Archiving is what it is called when you can see what a user has done and changes they made
http://itknowledgeexchange.techtarget.com/cisco/tracking-configuration-changes-with-the-cisco-ios-built-in-using-the-archive-command/
For each configuration command that is executed, the following information will be logged:
• The command that was executed
• The configuration mode in which the command was executed
• The name of the user that executed the command
• The time at which the command was executed
• A configuration change sequence number
• Parser return codes for the command
Here is a sample of how you configure it:
Router(config)# archive
Router(config-archive)# log config (enters config logging mode)
Router(config-archive-log-config)# logging enable (turns on running config change logging)
Router(config-archive-log-config)# logging size 500 (remembers the last 500 commands entered – 100 are default)
Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)
Router(config-archive-log-config)# notify syslog (optional – exports changes to syslog server)
09-06-2016 03:09 AM
Dear Mark,
Thank you very much for the answer. One more question. If we apply this on our core switch do archiving will increase the CPU utilization. I means these commands will have overhead on the CPU and RAM or it consume little processing power.
09-06-2016 03:51 AM
yes it will very slightly though just keep the logging size down a bit , if you notice mem or cpu issues lower it again
I used to have it running on a lot of routers until, we got a software that did the same thing and I never really noticed any issue with it in terms of using up cpu and ram , obviously though the more you store the more it uses but its only history buffer so should not effect prod traffic at all
show proc cpu sorted will show if its effecting cpu at all , if mem gets effected it will most likely pop up in show log , never seen it happen though from just using archiving you should be fine
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide