Solved: Archive Command Question

Patrick McHenry · ‎08-15-2011

Hi,

I really like the archive command. Makes saving configs after changes much easier. One question about the command sample that was posted that I am using on our switches.

archive

log config

logging size 1000

notify syslog contenttype plaintext

hidekeys

path tftp://XX.XX.XX.XX/Main_Campus/XXX0/XXX01/XXX01

write-memory

I understand what each of the lines is accomplishing except for the logging size 1000. If I am saving to a external tftp server, do I really need it? And, is there any harm in keeping it?

When I do a "sh archive" I see a record of the write configs.

XXX21#sh arch

The maximum archive configurations allowed is 14.

The next archive file will be named tftp://XX.XX.XX.XX/Main_Campus/XXX2/XXX21/XXX21-<timestamp>-4

Archive # Name

1 tftp://XX.XX.XX.XX/Main_Campus/XXX2/XXX21/XXX21Aug--7-15-59-39.552-0

2 tftp://XX.XX.XX.XX/Main_Campus/XXX2/XXX21/XXX21Aug--8-10-48-23.605-1

3 tftp://XX.XX.XX.XX/Main_Campus/XXX2/XXX21/XXX21Aug--8-10-56-28.886-2

4 tftp://XX.XX.XX.XX/Main_Campus/XXX2/XXX21/XXX21Aug-15-06-16-06.365-3 <- Most Recent

Is this just informing me that configs have been saved or is it saving them locally as well?

Thanks, Pat.

Latchum Naidu · ‎08-15-2011

Hi Pat,

Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)

If you have "hidekeys" command configured under the archive, it wont save your passwords to tftp server which means it wont log the entry of passwords.

And logging size command is used to specify the maximum number of entries retained in the configuration log. The config will save to tftp server not locally on switch.

And "sh acrchive" will tell you how many archives you have in the tftp server for particular switch. Say for example archive 1 which means the first archive. Now you have done some change in that switch then tftp server will take another archive with name archive 2 like that it will show you a order of all the saved archives.

If you copied the saved config to new switch then you would need to edit the saved password (it will be like *******) in notepad and type the new password.

Hope i clear you...

Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

Latchum Naidu · ‎08-15-2011

Hi Pat,

The logging size command is to specify the maximum number of entries retained in the configuration log. This is not required actually.

And the "show archive" providing you the details of the currently archived ones and your next archived one will be 5.

And also I observed that you dont have "hidekeys" command configured under the archive. So configure this command immediately because it wont log the entry of passwords.

Please rate the helpfull posts.
Regards,
Naidu.

Patrick McHenry · ‎08-15-2011

Naidu,

I do have the hidekeys.

I didn't really give this command much thought, though. I thought it was just encrypting the keys as they went across the network?

Question - Just to clarify. If I have the hidekeys command, this will save my local and enable passwords to the tftp server?

also, I was wondering if the logging size 1000 is saving the configs to the swicth locally as well as to the tftp server? Or, is the output from the "sh acrchive" command just telling me that configs have been saved.

Thanks, Pat.

smogra · ‎08-15-2011

hidekeys command in configuration change logger configuration mode is used to suppress the display of password information in configuration log files. Enabling the hidekeys command increases security by preventing password information from being displayed in configuration log files. Applies to both the passwords.

"sh archive" tells you that the configs have been saved at tftp server with so and so name.

Find the link for explanation of each command in my above post.

Cheers

Sweta

Please rate useful posts.

smogra · ‎08-15-2011

To specify the maximum number of entries retained in the configuration log, we use the logging size command in configuration change logger configuration mode.

Refer this link for a explanantion of all the commands used in archiving:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.html#wp1032378

Valid values range for logging size is from 1 to 1000. The default value is 100 entries. So, even you dont mention it to be 1000, be default, it will save onlly 100 entries.

Hope that helps.

Cheers

Sweta

Please rate the helpful posts.

Patrick McHenry · ‎08-15-2011

Sweta, thanks for the link.

I just need to have clarification on what is happening with the hidekeys command. In the doc it says that it supresses the passwords.

So, if I copied the saved config to a new switch, would I have to then enter the password manually?

Latchum Naidu · ‎08-15-2011

Hi Pat,

Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged)

If you have "hidekeys" command configured under the archive, it wont save your passwords to tftp server which means it wont log the entry of passwords.

And logging size command is used to specify the maximum number of entries retained in the configuration log. The config will save to tftp server not locally on switch.

And "sh acrchive" will tell you how many archives you have in the tftp server for particular switch. Say for example archive 1 which means the first archive. Now you have done some change in that switch then tftp server will take another archive with name archive 2 like that it will show you a order of all the saved archives.

If you copied the saved config to new switch then you would need to edit the saved password (it will be like *******) in notepad and type the new password.

Hope i clear you...

Please rate the helpfull posts.
Regards,
Naidu.

Patrick McHenry · ‎08-15-2011

Thanks Naidu,

so, the "sh archive"in my case, is merey telling me about the configs saved in my tftp server?

Latchum Naidu · ‎08-15-2011

Hi Pat,

You are most welcome and thanks for your rating.
And YES the "show archive" in your case is telling you about the saved configs in your tftp server.

Please rate the helpfull posts.
Regards,
Naidu.