[nsp] router configuration tracking and AAA server used for a udit trail

Temkin, David temkin@sig.com
Wed, 27 Nov 2002 08:11:51 -0500


To answer your question in short form, yes, RME does this.  Especially if
you have AAA properly configured.

-Dave

> -----Original Message-----
> From: Pete Giligan [mailto:pete_giligan@yahoo.com] 
> Sent: Wednesday, November 27, 2002 4:32 AM
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] router configuration tracking and AAA server 
> used for audit trail
> 
> 
> Hi all, 
> 
> Thank to all that replied to my question of device
> config tracking!
> 
> I set-up RANCID with CVSWEB, fixed some problems with
> telneting using expect - it works good now.
> 
> I would like to have the ability to tell which config
> change is made by which user. I unfiltered some lines
> in rancid and now the "Last configuration change by"
> and the "NVRAM config last updated by" lines show in
> the config and this could be used to find who has made
> changes. Still, since I run rancid once an hour, if
> two users make changes between two runs (or even
> simultaneosly) then looking at just the running-config
> cannot show who made every change.
> 
> Some tools use syslog logoff messeges to trigger the
> config dowload and immediate diff with the old one.
> This  cannot cope with the case when two users are
> logged and make changes simultaneosly. 
> 
> I believe that a tool, tied closely to TACACS/RADIUS 
> ААА server should be used for that purpose. 
> I am using TACACS auth of commands, and have the raw log of 
> every command made by any user.
> 
> So is anyone using such a tool? Is CiscoWorks Resource
> Manager Essentials doing this? 
> 
> TIA
> Pete
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now. 
http://mailplus.yahoo.com _______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


IMPORTANT:The information contained in this email and/or its attachments is
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all its
attachments.  Any review, use, reproduction, disclosure or dissemination of
this message or any attachment by an unintended recipient is strictly
prohibited.  Neither this message nor any attachment is intended as or
should be construed as an offer, solicitation or recommendation to buy or
sell any security or other financial instrument.  Neither the sender, his or
her employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained herein
or that this message or any of its attachments is free of viruses.