Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6303
Views
1
Helpful
5
Replies

Need to find out what has been modified to running-config

davidwu2007
Level 1
Level 1

‎07-18-2008 08:08 AM - edited ‎03-09-2019 09:07 PM

Hello,

When I enter the "reload" command, Cisco ASA 5510 asks me

a question: System config has been modified Save? [Y]es/[N]o:

All I did was issuing a few "show" commands before the "reload" command. I definitely need to find out what

has been modified before the reboot

Is there any way to find out what has been modified to the running configuration.

Thanks!

1 person had this problem
Labels:
0 Helpful
5 Replies 5

mj11
Level 3
Level 3

‎07-18-2008 03:40 PM

Hi David

The steps I would be doing is:

1, show start

2, capture text

3, save to a text file (named startup)

4, show run

5, capture text

6, save to a text file (named runing)

Download a program called examdiff, you will then be able to compare the 2 files.

Regards MJ

0 Helpful

michael_dean
Level 1
Level 1

‎07-21-2008 06:25 AM

If you want to know when changes are made, but don't want to setup TACACS (and you have a syslog server setup), you can have the router syslog all commands entered while in config mode:

devcorert01#conf t

devcorert01(config)#archive

devcorert01(config-archive)#log config

devcorert01(config-archive-log-cfg)#hidekeys

devcorert01(config-archive-log-cfg)#logging enable

devcorert01(config-archive-log-cfg)#notify syslog

Anytime someone enters any command while in config mode, the command will be sent to your syslog server.

Examples:

Jul 21 10:15:41 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:do sh run

Jul 21 10:17:33 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface GigabitEthernet2/2

Jul 21 10:17:38 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:shutdown

Jul 21 10:17:42 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no shutdown

Note the "do show run". Even thought that is not a config command per se, it was entered while in config mode. Also notice the user is "console". If it was from a telnet session, you would see

Jul 21 10:17:33 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user logged command:interface GigabitEthernet2/2

Jul 21 10:17:38 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user logged command:shutdown

Jul 21 10:17:42 EDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user logged command:no shutdown

Mike

0 Helpful

michael.leblanc
Level 4
Level 4

‎07-21-2008 07:25 AM

Enter the following on the CLI:

show archive config differences nvram:startup-config system:running-config

Lines preceded with "+" are only found in the running-config. Lines preceded with "-" are absent from the running-config (i.e.: only found in the startup-config).

Jagdeep Gambhir
Level 10
Level 10
In response to michael.leblanc

‎07-22-2008 05:29 AM

In ASA if you are doing tacacs command accounting then it will logs only those command that change the running config.

Since show command do not change any config , so it won't be reported by tacacs.

Regards,

~JG

0 Helpful

michael.leblanc
Level 4
Level 4
In response to michael.leblanc

‎07-22-2008 10:44 AM

Re: My post above.

Lost sight of the fact that you were using an ASA. Sorry about that.

show archive config differences nvram:startup-config system:running-config

... would be useful on an IOS device.

0 Helpful
Customers Also Viewed These Support Documents