Command to check who last made changes to a router/switch configuration

eandrcisco007 · ‎05-01-2015

Gents...

I wonder if anyone knows a command that would make it possible to see when a router/switch configuration has changed along with user name and or ID...? (i.e. I need to find out the history of changes within last 6 months),

I have done some research but I couldn’t find anything but in fact I am certain there is a command for this purpose.

Highly appreciated for any guidance.

Thank you.

thiland · ‎05-01-2015

It sounds like what you really need is an AAA server (Cisco ACS, FreeRADIUS, etc.) to store accounting information like who logged in, what commands they typed in long term storage.

For example:

aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default stop-only group tacacs+

If you're looking for a command on-device that shows you entered commands, the best you'll find is the archive config logger which stores commands in volatile memory. This isn't going to go back 6 months though.

archive
 log config
  logging enable
  logging size 1000
  hidekeys

You can optionally send entered commands to an off-device syslog server like Splunk using the "notify syslog" option.

eandrcisco007 · ‎05-01-2015

Thank you Thiland,

Please be aware that ASA server is configured along with acs and Tacacs+ and all those requirements, it is a matter of having access to ACS and going through its process that is time consuming... ( This option would be the last if i could not find any )

I am pretty much sure there is a command that pulls all those details in Cisco IOS ...