cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2525
Views
0
Helpful
4
Replies

Monitoring Network Changes on Cisco Switches and Routers

Forgotten2852
Level 1
Level 1

What are some good tools or ways to monitor network changes on cisco routers and switches in a medium sized business?

 

Preferably tools that will allow a network administrator to go in and see if any changes were made in the router or switch configurations by specific employees.

 

Is there any specific feature or operating system for the cisco switches or routers I should be looking into to ensure these tools have full functionality?

 

Thank you!

4 Replies 4

CHYMER
Level 1
Level 1

Hi bro

I think you will build one syslog server to collect syslog alarm from all of devices, or using cisco prime software of cisco

Thanks

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

A great opensource tool I have use din the past is RANCID:

http://www.shrubbery.net/rancid/

 

...this will periodically SSH onto a supplied list of switches and record any changes in CSV/ git to give you a full historical change repository for each device. RANCID can also be configured to report via email any changes detected. This information can be corelated about AAA logs to determine who/ what made the config change.

 

cheers,

Seb.

Hello Seb,

 

Thank you for the information! I really like that fact Rancid will send notification emails with the configuration changes.

 

As for AAA, would I just need to set up accounting, and have the accounting log saved to a server?

 

Do you possibly have any good online resources I can review on setting up a way to log who/what made config changes?

Hi there,

RADIUS accounting will not give the level of fidelity that you require to determine what config changes have been made.

 

What you may want to do is enable config logging:

!
archive
  log config
    logging enable
    notify syslog
!

This will record every config command entered by a user to the configured syslog server:

!
logging server <SYSLOG_SERVER_IP>
!

Between this and rancids periodically config snapshots, you should be covered.

 

cheers,

Seb.