From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Nov 04 2004 - 17:39:21 GMT-3
Rob, You're right.
But, in the lab, (and, I'm not saying that I know this is on the lab) I
can't earn any points, if I say that to the proctor.
If the lab asks me to configure the router so that who and when the last
changes were made are in the config file, then configuring a syslog server
won't do the trick.
Do you think doing this requires enabling AAA?
Thanks, Tim
----- Original Message -----
From: "Rob Laidlaw" <laidlaw@consecro.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Edwards, Andrew M"
<andrew.m.edwards@boeing.com>
Sent: Thursday, November 04, 2004 2:33 PM
Subject: Re: Tracking when & who made config changes in config file itself
> If you really want to know whats going on, you'd do best to put up an acs
> server and turn on aaa accounting for everything. You'll have a big log,
> but it will show you EVERYTHING anybody does.
>
> GL
>
> -Rob
> ----- Original Message -----
> From: "ccie2be" <ccie2be@nyc.rr.com>
> To: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>; "Group Study"
> <ccielab@groupstudy.com>
> Sent: Thursday, November 04, 2004 12:44 PM
> Subject: Re: Tracking when & who made config changes in config file itself
>
>
> > Thanks Andrew. That confirmed what I was thinking.
> >
> > Do you have any idea about the 2nd part of my question ie having the
> router
> > put a line in the config that shows when and who made the last changes?
> >
> > Tim
> > ----- Original Message -----
> > From: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>
> > To: "ccie2be" <ccie2be@nyc.rr.com>
> > Sent: Thursday, November 04, 2004 12:52 PM
> > Subject: RE: Tracking when & who made config changes in config file
itself
> >
> >
> > The router is always logging to the console (for the level settings
> > specified with logging con command) even when there is nothing connected
> > to it. Once the logging has occurred to the console, if nothing is
> > there to see it and post in its own buffer (e.g. a computer) then you
> > wont be able to retrieve the messages.
> >
> > I'd suggest logging to con and buff to same level, then you can go look
> > at the log on the local machine... Of course, logging to a logging
> > server is best then you can turn off con and buff and save the router
> > cpu and memory resources.
> >
> > HTH,
> >
> > andy
> > -----Original Message-----
> > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > Sent: Thursday, November 04, 2004 9:22 AM
> > To: Group Study
> > Subject: Tracking when & who made config changes in config file itself
> >
> >
> > Hi guys,
> >
> > I apologize in advanced if these are dumb questions, but....
> >
> > I can't figure out how to view the 165 messages logged as shown below to
> > the console. Does the 165 represent the number of messages IOS sent to
> > the console and to see them I would have to scroll up quite a bit? If
> > so, when did the router first start counting? Was it from the last time
> > the router was rebooted?
> >
> > Rack1R5#sh log
> > Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0
> > flushes, 0 overruns, xml disabled)
> > Console logging: level debugging, 165 messages logged, xml disabled
> > Monitor logging: level debugging, 0 messages logged, xml disabled
> > Buffer logging: level debugging, 2 messages logged, xml disabled
> > Logging Exception size (4096 bytes)
> > Count and timestamp logging messages: disabled
> > Trap logging: level informational, 170 message lines logged
> >
> > Log Buffer (4096 bytes):
> >
> > *Mar 1 20:57:35.698: %SYS-5-CONFIG_I: Configured from console by
> > ROUTER4 on vty 0 (187.3.56.6) *Mar 1 20:57:42.582: %CLEAR-5-COUNTERS:
> > Clear counter on all interfaces by ROUT ER4 on vty0 (187.3.56.6)
> >
> > Also, I would like the router to add lines to the config file like
> > below:
> >
> > Router1#show running-config
> > Building configuration...
> >
> > Current configuration : 4285 bytes
> > !
> > ! Last configuration change at 12:58:26 EDT Fri Jun 27 2003 by ijbrown !
> > NVRAM config last updated at 13:01:45 EDT Fri Jun 27 2003 by kdooley !
> >
> > I've tried various things but, so far, no success. This is what I've
> > done so far.
> >
> > I added a username password command and enabled login local under the
> > vty lines. Then, I telnetted in and logged in under the name ROUTER4.
> > Then, I logged out and re-entered the router via the console and did a
> > show run. I was expecting to see something like above, "Last config
> > change at ..." But, no luck.
> >
> > Can someone explain what I need to do to have the router keep track of
> > when and who made changes to the config file and have that info added to
> > the config file as shown above?
> >
> > TIA, Tim
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3