Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!ncar!csn!boulder!daemon From: MAP@lcs.mit.edu (Michael A. Patton) Newsgroups: comp.dcom.sys.cisco Subject: logging config Message-ID: <35716@boulder.Colorado.EDU> Date: 6 Jun 91 00:45:58 GMT Sender: daemon@boulder.Colorado.EDU Lines: 39 Date: Wed, 5 Jun 91 09:34:38 MDT From: Rex Mammel Has anyone looked at logging the configuration mode entries. We have several people in our network operations group, and it would be a good change control feature to have an automatic record of changes to the AGS configuration. I have been running a script that gets printouts of various info on my ASM by telnetting in with a fixed set of commands. It runs once an hour and produces a script file (I have available dumps for nearly 3 years [starting June 27, 1988 @10PM], once an hour). I mostly keep these long term for the connectivity info of the terminal users (for usage trend analysis), but the same technique would work for what you want. I have occasionally used these to determine when a particular configuration change was done. The one possible problem you might have is that you get no record of WHO did it. I have two Cisco routers in addition to the ASM. I don't keep any data like thi on them. That's because, in my setup, the official config is the one on a master server, it's controlled with RCS. The Makefile copies it to the individual boot servers from whence it is TFTP loaded into the Cisco boxes. Also, is there a good reason to prevent someone from looking at the config listing from initial password level. Yes! One of the things in the config is the privileged password!!! Most of the information they might want can be obtained by other non-privileged commands. In that form, it's also more human oriented. __ /| /| /| \ Michael A. Patton, Network Manager / | / | /_|__/ Laboratory for Computer Science / |/ |/ |atton Massachusetts Institute of Technology Disclaimer: The opinions expressed above are a figment of the phosphor on your screen and do not represent the views of MIT, LCS, or MAP. :-)