[c-nsp] Router audit
Ryan O'Connell
ryan at complicity.co.uk
Thu Nov 11 08:18:14 EST 2004
On 11/11/2004 10:15, Jean-Christophe Varaillon wrote:
>I would like to know if it exists an auditing tool that would track any
>change in the running configuration
>(cisco router and/or pix), as they occur.
>
>The idea is to get any mis-configuration that would disrupt network
>services, even though
>this mis-configuration command(s) would have been removed 5 min
>afterward.
>
>
"aaa accounting commands 15 <aaa name> stop-only group tacacs+" will do
this for you.
I've seen this work with TACACS, I don't know if it also works for
RADIUS servers but I presume so. This will also catch any other
"disruptive" commands (I.e. anything requiring enable priviledge) such
as clearing controllers.
--
Ryan O'Connell - CCIE #8174
<ryan at complicity.co.uk> - http://www.complicity.co.uk
I'm not losing my mind, no I'm not changing my lines,
I'm just learning new things with the passage of time
More information about the cisco-nsp
mailing list