[c-nsp] Router audit

Siva Valliappan svalliap at cisco.com
Thu Nov 11 17:19:01 EST 2004


you can also use the base feature that this builds on called the
config diff utility.  the config diff utility also allows config
rollback.

some info on this:

http://cco.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1dc2.html

and the config change logging feature:

http://cco.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81.html

so you can actually capture the config changes without having to
enable TACAS+ with AAA command authorization.

cheers
.siva

On Thu, 11 Nov 2004, Rodney Dunn wrote:

> Actually it's working just fine.
>
> I was trying it on a platform that doesn't
> have the crashinfo subsystem and that's
> a requirement for this to work.
>
> Rodney
>
> On Thu, Nov 11, 2004 at 09:14:08AM -0500, Rodney Dunn wrote:
> > There is a new option coming out:
> >
> > show history all
> >
> >
> > That will show the command history that was
> > entered recently.  This is the same buffer that
> > is dumped in a crashinfo file at the top.
> > This just gives an easier way to see it without
> > having to save a crashinfo file manually via
> > a "test crash" command.
> >
> > Unfortunately I just tested "show history all" and
> > it didn't do what I asked for when I put in the
> > enhancement request. :(  I'll check back on that.
> >
> > Very few customers have (although all should) command
> > logging saved so when something happens they
> > know what commands were entered or when to help correlate
> > a possible trigger for the problem.  Hopefully
> > "show history all" will bridge that gap just a little.
> >
> > It went in 12.3(11.9)T and 12.3(11.9) but it doesn't
> > appear to be working correctly yet though.
> >
> > Rodney
> >
> >
> > On Thu, Nov 11, 2004 at 02:19:06PM +0100, Sergio Ramos wrote:
> > > Hi,
> > >
> > > You can use TACACS accounting to log all commands typed in a router.
> > > You will get the timestamp, which user ran the command, from which IP
> > > address and the command itself.
> > >
> > > You can find more information in this previous thread:
> > >
> > > http://puck.nether.net/pipermail/cisco-nsp/2004-August/012308.html
> > >
> > > Sergio.
> > >
> > >
> > > -----Original Message-----
> > > From: Jean-Christophe Varaillon [mailto:jcvaraillon at dolnet.gr]
> > > Sent: 11 November 2004 11:15
> > > To: cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] Router audit
> > >
> > >
> > > Hello,
> > >
> > > I would like to know if it exists an auditing tool that would track any
> > > change in the running configuration
> > > (cisco router and/or pix), as they occur.
> > >
> > > The idea is to get any mis-configuration that would disrupt network
> > > services, even though
> > > this mis-configuration command(s) would have been removed 5 min
> > > afterward.
> > >
> > > Thank you.
> > >
> > > Christophe
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list