Best way to monitor configuration changes on a Cisco switch / Router

Posted on 2014-12-23
Last Modified: 2015-04-08
We have a requirement to monitor all changes to the running configurations of our devices.
Including which user made the change, the time and what commands were issued.

What is the best way to do this?
Is it SNMP, SYSLOG, something else?

Which 3rd party applications are you using to monitor this?
Question by:PerimeterIT
LVL 50

Accepted Solution

Don Johnston earned 500 total points
ID: 40515998
AAA  = Authenticating, Authorization & Accounting

AAA guide
LVL 18

Expert Comment

ID: 40516010
Most Network monitoring tools that can integrate with the device MIB may be able to achieve this in conjunction with SNMP.

We use enterprise edition of WhatsUpGold (v16) in our organization and it works great.
Pricey but will give you all the details. You can even configure alerts and receive real time notification if you desire.
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40516034
This link should be solution to your question - Cisco standard config with sending notification to syslog.
LVL 45

Expert Comment

by:Craig Beck
ID: 40516446
As Don said, AAA is what you need.  TACACS+ is the way to go with Cisco devices.  This will enable you to do command authorization and will provide an audit trail of which user did what.

If you want to be able to comprehensively report on this, use Prime LMS too.
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

LVL 57

Expert Comment

ID: 40517613
If you don't need real time notification, you can use something like RANCID (which is free).  You configure RANCID to check the switches/routers as often as you want for changes.  In addition to notifying you about changes, it will also backup the current configuration and allow you to do reporting on the differences between the the configurations so you can see what changes.

Solarwinds can do the same thing, but costs money.  I'm fairly sure that Prime LMS and WhatsUpGold can do it also, but I have never used them.  Probably a few other products also.
LVL 45

Expert Comment

by:Craig Beck
ID: 40517647
LMS can do it, just like I said :-)
LVL 57

Expert Comment

ID: 40517678
Need to be a little clearer.  LMS can monitor the 6500, did not mean to imply that I was not sure about this.  Prime LMS can monitor any Cisco device for changes.

What I didn't know about LMS is if it can back up the configurations and show you the differences between different versions of a devices configuration.  I would assume it can since it is from Cisco, but you never know.

If you have managed non-Cisco devices that have a CLI these products should be able to monitor them for changes and backup the configurations also.  I have used RACNID and Solarwinds on Juniper Firewalls, PIX firewalss, and BIG-IP LTM devices.
The reason I like RANCID is that it's free.  However, the other products can do more than just doing configuration backups and monitoring for configuration changes.

Expert Comment

ID: 40543818
Another solution is to use the archive function within the IOS that either write the config to an FTP server with "write memory" function is preformed, or better yet you use the archive config to log all the commands that are entered into the terminal.

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco stacked switches monitoring 4 60
Cisco switch SVI 17 42
Network Config 9 59
catalyst 6500 - recover from corrupted IOS 4 41
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now