Here is few ways of tracking applied commands from Cisco router and switch.
Yup, time to time we need to track who did what, but not for "you are fired~~"
1. Using Archive command
Cisco# conf t
Cisco(config)# archive
Cisco(config-archive)# log config
Cisco(config-archive-log-cfg)# hidekeys <— suppress output of password
Cisco(config-archive-log-cfg)# notify syslog <— send logged commands as syslog message
Cisco(config-archive-log-cfg)# logging enable
Cisco(config-archive-log-cfg)# logging size 200 <–Limit 200 of commands history
Cisco(config)# no logging trap <— If send commands to syslog server
Cisco(config)# logging x.x.x.x <— If send commands to syslog server(x.x.x.x)
* only commands on configuration mode will be logged/tracked.
** For GNS3, due to old IOS, archive command should be configured with outside of strange resources such as (tftp, http, https, rcp…..). What you need to do is that just configure with fake tftp with IP. It will activate archive feature.
Cisco# show archive log config all
2. Using Accounting + Syslog server(Syslog-ng, Splunk, TACACS+ and so on)
Being updated ~
* ALL commands on Cisco devices will be logged/tracked.
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
