[c-nsp] Router audit
Olav Langeland
olav.langeland at active24.com
Fri Nov 12 05:42:38 EST 2004
Hi,
would be nice if it was possible to send all commands to syslog, then
use syslog-ng (or similar) on syslog host to filter into a separate
file.
regards
Olav Langeland
> -----Original Message-----
> From: Rodney Dunn [mailto:rodunn at cisco.com]
> Sent: 11. november 2004 15:14
> To: Sergio Ramos
> Cc: 'jcvaraillon at dolnet.gr'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Router audit
>
> There is a new option coming out:
>
> show history all
>
>
> That will show the command history that was
> entered recently. This is the same buffer that
> is dumped in a crashinfo file at the top.
> This just gives an easier way to see it without
> having to save a crashinfo file manually via
> a "test crash" command.
>
> Unfortunately I just tested "show history all" and
> it didn't do what I asked for when I put in the
> enhancement request. :( I'll check back on that.
>
> Very few customers have (although all should) command
> logging saved so when something happens they
> know what commands were entered or when to help correlate
> a possible trigger for the problem. Hopefully
> "show history all" will bridge that gap just a little.
>
> It went in 12.3(11.9)T and 12.3(11.9) but it doesn't
> appear to be working correctly yet though.
>
> Rodney
>
>
> On Thu, Nov 11, 2004 at 02:19:06PM +0100, Sergio Ramos wrote:
> > Hi,
> >
> > You can use TACACS accounting to log all commands typed in a router.
> > You will get the timestamp, which user ran the command,
> from which IP
> > address and the command itself.
> >
> > You can find more information in this previous thread:
> >
> > http://puck.nether.net/pipermail/cisco-nsp/2004-August/012308.html
> >
> > Sergio.
> >
> >
> > -----Original Message-----
> > From: Jean-Christophe Varaillon [mailto:jcvaraillon at dolnet.gr]
> > Sent: 11 November 2004 11:15
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] Router audit
> >
> >
> > Hello,
> >
> > I would like to know if it exists an auditing tool that
> would track any
> > change in the running configuration
> > (cisco router and/or pix), as they occur.
> >
> > The idea is to get any mis-configuration that would disrupt network
> > services, even though
> > this mis-configuration command(s) would have been removed 5 min
> > afterward.
> >
> > Thank you.
> >
> > Christophe
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list