04-02-2016 09:18 PM
Hi everyone,
Is there a way to log all cli command without TACACS server on IOS-XR (like "archive config" in IOS/IOS-XE) ?
I know that "show cli history detail" can print all command, but I wand to store them in log and to external syslog server.
Thanks in advance
04-02-2016 11:12 PM
So you have show cli hist,
you have the commit database which stores all the configs modified,
you can also archive logs,
you can also automatically export the config on every commit,
But there isn't a native function that export the commands punched on the cli, you can script it.
What are you trying to achieve whats the end goal?
Eddie.
02-04-2019 03:30 AM
Reason.
Why can't IOS-XR support nice opreatioal feature that classic IOS has?
Second.
Now in the world of automation and scripting. It would be nice to easy make a complete list what users do from the CLI in a network based on hundreds of ASR9Ks. Specially when we establish node access over a portal instead Then prepopulated with "top-of-the-poplist" with filtered and nice structured CLI commands.
Etc. Etc....
Owe Grafford
02-04-2019 04:53 AM
Configurations on many IOS-XR devices tend to be large. I know about instances where it takes 5 minutes to display the full running config. Hence archiving full config after every update may become a challenge from disk space utilisation. The "sh configuration commit list" allows to go back and check on the last 100 commit updates, which would be the equivalent of the most recent 100 archived configurations.
For the centralised monitoring of command executed by users: have you considered tacacs for that purpose? Instead of polling the CLI history from each router, you could simply poll that from the tacacs server.
/Aleksandar
02-04-2019 06:02 AM
02-04-2019 09:02 AM
hi Owe,
Im not saying that IOS XR platforms can't cope with a load of forwarding some commands. :) I'm saying that this is not something that IOS XR customers were asking for, so we never implemented it.
Instead of waiting on a new feature to be developed, you could resolve this with the EEM/Tcl script that would wake up on a syslog message
RP/0/RSP0/CPU0:Jan 18 15:24:51.372 CET: config[65927]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'foo'. Use 'show configuration commit changes 1000000436' to view the changes.
then execute "show configuration commit changes 1000000436" and finally notify the central repository of this change. You can configure the script to generate the "%PARSER-5-CFGLOG_LOGGEDCMD" syslog message that I understand is picked up by your central monitoring system.
In general, our automation efforts are slated towards data-models. We recommend netconf for service provisioning.
/Aleksandar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide