Configuration changes

mobyplane · ‎07-23-2025

Is there a command to show what config changes since last write men?

MHM Cisco World · ‎07-23-2025

MHM

Mark Elsen · ‎07-23-2025

- @mobyplane Have a look at : https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15mt/config-mgmt-15-mt-book/cm-config-logger.pdf
It provides a more generic approach to overall auditing , follow up and inspecting configuration changes ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Joseph W. Doherty · ‎07-23-2025

Except for some pretty old IOSs, usually the answer is yes.

Part of the archival commands, you can do a "diff" between start-up and running configs.

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/syst-mgmt/b-system-management/m_cm-config-diff-0.html

https://learningnetwork.cisco.com/s/question/0D53i00000Kt17nCAB/how-to-check-the-configuration-difference-between-running-config-and-startup-config

Sometimes I find external diff programs work better than the Cisco version. However, you need to copy both configs off the device (which isn't difficult).

balaji.bandi · ‎07-23-2025

You can not able to figure it out what changes made, if you dont have any orchestration tool or auto backup tool available in the network,

you can view only date and time modified not the content.

until you using any achieve command to backup config.

If you using Cat 9300 use below guide to manage config files :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-11/configuration_guide/sys_mgmt/b_1711_sys_mgmt_9300_cg/managing_configuration_files.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎07-23-2025

You can not able to figure it out what changes made, if you dont have any orchestration tool or auto backup tool available in the network,

you can view only date and time modified not the content.

until you using any achieve command to backup config.

Are you sure? My first (Cisco) reference appears to show the archive diff doesn't require setting up an archive. (BTW, I can say in earlier classic IOS, it definitely didn't require an archive configuration. I used to use that command, extensively.)

balaji.bandi · ‎07-24-2025

yes that is generic comment, since we dont know OP uses what device and IOS XE code or IOS or something else..

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎07-24-2025

yes that is generic comment, since we dont know OP uses what device and IOS XE code or IOS or something else..

Excellant point, i.e. platform not mentioned!

(Edit - just noticed OP does have a "Catalyst 9000" label.)

However. . .

until you using any achieve command to backup config.

would appear to imply that an archive backup, of some kind, is always required.

On some (many) platforms it's not. Unless, perhaps, you consider the startup config an archive (which it sort of is - especially in OP context of ". . . config changes since last write men? [sic]").

This command just runs a diff comparison between two text files, it doesn't really care what's the relationship. For example, if I have multiple devices, of the same kind, "peas in a pod", their configs can be compared. (Another example of how I've used this command.)

The command is provided, when provided, in the archive command set, as it's often useful for delta differences between versions, but it's not limited to just being limited to archive versions, nor require archiving be configured.

balaji.bandi · ‎07-24-2025

we can have have many many post discussion on this, But for me point make clear - its all what OP device configuration in place matter to get optimal outcome.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty · ‎07-24-2025

Sure.

But, if device supports the archive *diff" and if, as OP seems to, for configuration changes since a write memory, and if that command can directly compare startup with running configs, that would appear to be a solution, or an optimal outcome, for OP, agree?

Jens Albrecht · ‎07-23-2025

Hello @mobyplane,

first of all, there is no single command to display such config changes on IOS-XE. Only IOS-XR has this kind of feature.

However, depending on what you want to achieve, there are basically 2 ways you can go.

One possibility is to configure a config-logger as mentioned by @Mark Elsen.
The configuration is pretty simple:

configure terminal
archive
 log config
  logging enable
  hidekeys
exit

You can then use the command 'show archive log config all' to see the logged commands:

This log records individual config commands but is not a full diff.

The second option is to enable the configuration archive feature. This allows you to save snapshots of previous configurations and compare them to the current running config. Again, the configuration is straight forward:

configure terminal
archive
 path bootflash:config-
 maximum 10
 write-memory
exit

Each time the 'write mem' command is issued a new entry in the archive is created:

You can then use the command 'show archive config differences bootflash:config-<filename> system:running-config' to display the line-by-line differences between the referenced archive (the last time you wrote memory) and your current running config:

So it depends on whether you want to see a diff between configs or the actual commands entered by the user.

HTH!

Joseph W. Doherty · ‎07-23-2025

first of all, there is no single command to display such config changes on IOS-XE.

Are you sure, as the first (Cisco) reference I provide is IOS-XE.

Jens Albrecht · ‎07-23-2025

Interesting. I use these commands for so many years now but never thought about using the show archive commands without an archive...

Joseph W. Doherty · ‎07-23-2025

I vaguely recall, when I first came across the command, I too assumed I would need to set up an archive. Delighted when I saw that wasn't required. As I noted, earlier, I've extensively used the command, over the years, since it was introduced but don't recall ever using the rest of the archive features (as we generally had external software providing that).

My most common usages, first, comparing startup to running before I make any changes, second, comparing startup to running before I update startup.

Something else many don't realize, you can easily make a temporary backup, in flash, of either/both startup and/or running, using copy.

Also important knowing copying to startup is a full replace, but copying to running is a merge, but then there's the later config replace command.

Jerome BERTHIER · ‎07-24-2025

Not totally answering the question but might be useful as well, you can monitor the "changed but unsaved" state of the running config using these SNMP OID:

1.3.6.1.4.1.9.9.43.1.1.1.0 # ccmHistoryRunningLastChanged

1.3.6.1.4.1.9.9.43.1.1.2.0 # ccmHistoryRunningLastSaved

Then compare the values (they're in TimeTicks). If the "last changed" value is greater, the config hasn't been saved.

Then if you walk from OID 1.3.6.1.4.1.9.9.43.1.2.4.1.2, it will print last commands (but not sure it will print all changes).

Regards