cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
35
Helpful
13
Replies
Highlighted

Log configuration changes on cisco devices

Hello,

Our company wants to run a report every month to check if there were any changes on the current configuration for all Cisco equipment. I know there is a way to log every single command is typed on a device using:

1-archive

2-log config

3-logging enable

 

But that is not the best option because I do a lot of verifications on the switches and ASAs and type multiple command without  changing the configuration.

 

Is there a way that I can log only when a change is done in the configuration?. So that way I can send them a report every month with the changes that were made.

 

Thank you in advance for your help!

13 REPLIES 13
Highlighted
VIP Mentor

If you looking to log changes in device it will not helpfull, since once the buffer over, it will be overwritten,

instead you can run EEM script once config changed, generate syslog event to syslog and upload config to remote server is best practice i see here.

 

but happy to listen if any idea available.

 

BB
*** Rate All Helpful Responses ***
Highlighted

Hi BB,

 

Thanks for this solution, but I have a question.

 

How will be the script for only send to the server a log file once config changed every day?

I don't want to log all the commands I type on the device.

 

Thanks.

Highlighted

Hello,

 

the below will send an email daily containing the configuration changes. 

 

It works in conjunction with the 'archive' function.

 

EEM script to track configuration changes:

 

1. enable
2. configure terminal
3. archive
4. log config
5. logging enable
6. logging size entries
7. hidekeys
8. notify syslog
9. end

 

The show archive command will show the difference between the startup and the running config and notify you by email.

 

event manager applet CFG_CHANGE
event timer watchdog name DAYLY time 86400
action 1.0 cli command "enable"
action 2.0 cli command "show archive config differences nvram:startup-config system:running-config"
action 3.0 mail to "user@company.com" from "user@company.com" server "x.x.x.x" subject "Configuration has been changed:" body "$_cli_result"
action 4.0 cli command "end"
action 5.0 cli command "exit"

Highlighted

Hello Georg,

 

I believe this is exactly what I am looking for!.

I am going to implement this and then let you know the results.

 

Thank you for your support on this!

 

Highlighted

Hello
Note: the EEM script is set to send the syslog the output of differential archive however the archive logging will still also capture the key strokes and send them to the syslog server



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hi Georg,

 

This is the error I see "Error occurred when sending mail to SMTP server"

 

Sep 15 2020 11:12:26.046: %PARSER-5-CFGLOG_LOGGEDCMD: User:****** logged command:!exec: enable
Sep 15 2020 11:12:27.486: %PARSER-5-CFGLOG_LOGGEDCMD: User:****** logged command:!exec: enable
Sep 15 2020 11:12:41.622: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: ******** : error in connecting to SMTP server
Sep 15 2020 11:12:41.622: %HA_EM-3-FMPD_ERROR: Error executing applet Config_change statement 3.0

 

Note: I can ping and telnet to the server from the switch.

 

Please help.

Thank you.

 

Highlighted

Hello,

 

you need to set the environment variables below:

 

Router(config)#event manager environment _email_to your-to-mail@domain.com
Router(config)#event manager environment _email_server your.mail.server
Router(config)#event manager environment _email_from your-from-mail@domain.com

Highlighted

Hello Georg,

 

I have different error this time "timeout error".

 

Sep 15 2020 17:16:52.611: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to SMTP server: _email_server : timeout error

 

Regards,

Highlighted
VIP Mentor

Depends on the config you made at the device - if you achieve it will log all the command enter by the user, so tune that.

 

when any changes made by the user you get log info: "\%SYS-5-CONFIG_I: Configured"

 

if you like to send log to an external Syslog server and backup the config look the below thread :

 

https://community.cisco.com/t5/network-management/eem-backup-config-when-changes-made/td-p/2020494

BB
*** Rate All Helpful Responses ***
Highlighted

Thanks BB for the reference link and your help. I really appreciate it!.

Highlighted
VIP Mentor

sure happy to help - let us know any issues further if you encounter with an example config to review.

if no further assistance required can we mark as resolve this?

 

BB
*** Rate All Helpful Responses ***
Highlighted

BB,

 

Please allow me to implement the configuration and then I will let you know if that resolve.

 

Thanks.

Highlighted

The watchdog timer is 86400 (seconds), which equals 24 hours. If you want the script to run monthly, change the timer accordingly.

Content for Community-Ad