RE: Tracking when & who made config changes in config file

From: Alvarez, Rolando [NCSUS] (RAlvare5@NCSUS.JNJ.COM)
Date: Thu Nov 04 2004 - 18:30:59 GMT-3

I don't know if the clock matters or not but on your original email, on your
second question, you forgot to issue a 'wr mem', or 'conf t'. I think that
is what will generate those entries when you do a 'sh run'.

Rolando

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Thursday, November 04, 2004 4:20 PM
To: Rob Laidlaw; Edwards, Andrew M
Cc: Group Study
Subject: Re: Tracking when & who made config changes in config file
itself

Rob,

You're fantastic!!!

I'm gonna try it out in a few.

That was my problem - I didn't set the clock. I suspect the same would
happen if I use NTP, but I'll try that too and make sure.

Thanks, Tim

----- Original Message -----
From: "Rob Laidlaw" <laidlaw@consecro.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Edwards, Andrew M"
<andrew.m.edwards@boeing.com>
Cc: "Group Study" <ccielab@groupstudy.com>
Sent: Thursday, November 04, 2004 4:12 PM
Subject: Re: Tracking when & who made config changes in config file itself

> By setting the internal clock of the router, you'll then start seeing this
> in the config.
>
> !
> ! Last configuration change at 15:07:28 UTC Thu Nov 4 2004
> ! NVRAM config last updated at 15:06:37 UTC Thu Nov 4 2004
> !
>
> If you add a local username and password and make the person log in, then
it
> will show that in the line,
>
> username rob pass xxxx
> line con 0
> login local
> exit
> User Access Verification
>
> Username: rob
> Password:
> lan-rtr>en
> Password:
> lan-rtr#wr mem
> Building configuration...
> [OK]
> lan-rtr#sh run
> Building configuration...
>
> Current configuration : 813 bytes
> !
> ! Last configuration change at 15:09:50 UTC Thu Nov 4 2004
> ! NVRAM config last updated at 15:10:01 UTC Thu Nov 4 2004 by rob
> !
>
> NO aaa commands needed for that.
>
> GL
>
> -rob
> ----- Original Message -----
> From: "ccie2be" <ccie2be@nyc.rr.com>
> To: "Rob Laidlaw" <laidlaw@consecro.com>; "Edwards, Andrew M"
> <andrew.m.edwards@boeing.com>
> Cc: "Group Study" <ccielab@groupstudy.com>
> Sent: Thursday, November 04, 2004 2:39 PM
> Subject: Re: Tracking when & who made config changes in config file itself
>
>
> > Rob, You're right.
> >
> > But, in the lab, (and, I'm not saying that I know this is on the lab) I
> > can't earn any points, if I say that to the proctor.
> >
> > If the lab asks me to configure the router so that who and when the last
> > changes were made are in the config file, then configuring a syslog
server
> > won't do the trick.
> >
> > Do you think doing this requires enabling AAA?
> >
> > Thanks, Tim
> >
> >
> > ----- Original Message -----
> > From: "Rob Laidlaw" <laidlaw@consecro.com>
> > To: "ccie2be" <ccie2be@nyc.rr.com>; "Edwards, Andrew M"
> > <andrew.m.edwards@boeing.com>
> > Sent: Thursday, November 04, 2004 2:33 PM
> > Subject: Re: Tracking when & who made config changes in config file
itself
> >
> >
> > > If you really want to know whats going on, you'd do best to put up an
> acs
> > > server and turn on aaa accounting for everything. You'll have a big
> log,
> > > but it will show you EVERYTHING anybody does.
> > >
> > > GL
> > >
> > > -Rob
> > > ----- Original Message -----
> > > From: "ccie2be" <ccie2be@nyc.rr.com>
> > > To: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>; "Group Study"
> > > <ccielab@groupstudy.com>
> > > Sent: Thursday, November 04, 2004 12:44 PM
> > > Subject: Re: Tracking when & who made config changes in config file
> itself
> > >
> > >
> > > > Thanks Andrew. That confirmed what I was thinking.
> > > >
> > > > Do you have any idea about the 2nd part of my question ie having the
> > > router
> > > > put a line in the config that shows when and who made the last
> changes?
> > > >
> > > > Tim
> > > > ----- Original Message -----
> > > > From: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>
> > > > To: "ccie2be" <ccie2be@nyc.rr.com>
> > > > Sent: Thursday, November 04, 2004 12:52 PM
> > > > Subject: RE: Tracking when & who made config changes in config file
> > itself
> > > >
> > > >
> > > > The router is always logging to the console (for the level settings
> > > > specified with logging con command) even when there is nothing
> connected
> > > > to it. Once the logging has occurred to the console, if nothing is
> > > > there to see it and post in its own buffer (e.g. a computer) then
you
> > > > wont be able to retrieve the messages.
> > > >
> > > > I'd suggest logging to con and buff to same level, then you can go
> look
> > > > at the log on the local machine... Of course, logging to a logging
> > > > server is best then you can turn off con and buff and save the
router
> > > > cpu and memory resources.
> > > >
> > > > HTH,
> > > >
> > > > andy
> > > > -----Original Message-----
> > > > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > > > Sent: Thursday, November 04, 2004 9:22 AM
> > > > To: Group Study
> > > > Subject: Tracking when & who made config changes in config file
itself
> > > >
> > > >
> > > > Hi guys,
> > > >
> > > > I apologize in advanced if these are dumb questions, but....
> > > >
> > > > I can't figure out how to view the 165 messages logged as shown
below
> to
> > > > the console. Does the 165 represent the number of messages IOS sent
> to
> > > > the console and to see them I would have to scroll up quite a bit?
If
> > > > so, when did the router first start counting? Was it from the last
> time
> > > > the router was rebooted?
> > > >
> > > > Rack1R5#sh log
> > > > Syslog logging: enabled (0 messages dropped, 1 messages
rate-limited,
> 0
> > > > flushes, 0 overruns, xml disabled)
> > > > Console logging: level debugging, 165 messages logged, xml
> disabled
> > > > Monitor logging: level debugging, 0 messages logged, xml
disabled
> > > > Buffer logging: level debugging, 2 messages logged, xml disabled
> > > > Logging Exception size (4096 bytes)
> > > > Count and timestamp logging messages: disabled
> > > > Trap logging: level informational, 170 message lines logged
> > > >
> > > > Log Buffer (4096 bytes):
> > > >
> > > > *Mar 1 20:57:35.698: %SYS-5-CONFIG_I: Configured from console by
> > > > ROUTER4 on vty 0 (187.3.56.6) *Mar 1 20:57:42.582:
%CLEAR-5-COUNTERS:
> > > > Clear counter on all interfaces by ROUT ER4 on vty0 (187.3.56.6)
> > > >
> > > > Also, I would like the router to add lines to the config file like
> > > > below:
> > > >
> > > > Router1#show running-config
> > > > Building configuration...
> > > >
> > > > Current configuration : 4285 bytes
> > > > !
> > > > ! Last configuration change at 12:58:26 EDT Fri Jun 27 2003 by
ijbrown
> !
> > > > NVRAM config last updated at 13:01:45 EDT Fri Jun 27 2003 by kdooley
!
> > > >
> > > > I've tried various things but, so far, no success. This is what
I've
> > > > done so far.
> > > >
> > > > I added a username password command and enabled login local under
the
> > > > vty lines. Then, I telnetted in and logged in under the name
ROUTER4.
> > > > Then, I logged out and re-entered the router via the console and did
a
> > > > show run. I was expecting to see something like above, "Last config
> > > > change at ..." But, no luck.
> > > >
> > > > Can someone explain what I need to do to have the router keep track
of
> > > > when and who made changes to the config file and have that info
added
> to
> > > > the config file as shown above?
> > > >
> > > > TIA, Tim
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3