[nsp] router configuration tracking and AAA server used for audit trail
Tomas Daniska
tomas@tronet.com
Wed, 27 Nov 2002 10:38:42 +0100
> telneting using expect - it works good now.
>
> I would like to have the ability to tell which config
> change is made by which user. I unfiltered some lines
> in rancid and now the "Last configuration change by"
> and the "NVRAM config last updated by" lines show in
> the config and this could be used to find who has made
> changes. Still, since I run rancid once an hour, if
> two users make changes between two runs (or even
> simultaneosly) then looking at just the running-config
> cannot show who made every change.
ios sends syslog/snmp trap each time a user ends the config mode
(regardless of wether there were changes or not)
> Some tools use syslog logoff messeges to trigger the
> config dowload and immediate diff with the old one.
> This cannot cope with the case when two users are
> logged and make changes simultaneosly.
cw rme listens for this and downloads config immediately after each
change (if configured to). if you do some tweaking - install a syslog
watcher and set it up to fire up rancid - then you can get the same
functionality
> I believe that a tool, tied closely to TACACS/RADIUS
> ААА server should be used for that
> purpose. I am using TACACS auth of commands, and have
> the raw log of every command made by any user.
not that needed as you still see the changes after you compare versions
--
deejay