Solved

Best way to monitor configuration changes on a Cisco switch / Router

Posted on 2014-12-23
8
81 Views
Last Modified: 2015-04-08
We have a requirement to monitor all changes to the running configurations of our devices.
Including which user made the change, the time and what commands were issued.

What is the best way to do this?
Is it SNMP, SYSLOG, something else?

Which 3rd party applications are you using to monitor this?
0
Comment
Question by:PerimeterIT
8 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40515998
AAA  = Authenticating, Authorization & Accounting

AAA guide
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40516010
Most Network monitoring tools that can integrate with the device MIB may be able to achieve this in conjunction with SNMP.

We use enterprise edition of WhatsUpGold (v16) in our organization and it works great.
Pricey but will give you all the details. You can even configure alerts and receive real time notification if you desire.
0
 
LVL 27

Expert Comment

by:Predrag Jovic
ID: 40516034
This link should be solution to your question - Cisco standard config with sending notification to syslog.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40516446
As Don said, AAA is what you need.  TACACS+ is the way to go with Cisco devices.  This will enable you to do command authorization and will provide an audit trail of which user did what.

If you want to be able to comprehensively report on this, use Prime LMS too.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40517613
If you don't need real time notification, you can use something like RANCID (which is free).  You configure RANCID to check the switches/routers as often as you want for changes.  In addition to notifying you about changes, it will also backup the current configuration and allow you to do reporting on the differences between the the configurations so you can see what changes.

Solarwinds can do the same thing, but costs money.  I'm fairly sure that Prime LMS and WhatsUpGold can do it also, but I have never used them.  Probably a few other products also.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40517647
LMS can do it, just like I said :-)
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40517678
Need to be a little clearer.  LMS can monitor the 6500, did not mean to imply that I was not sure about this.  Prime LMS can monitor any Cisco device for changes.

What I didn't know about LMS is if it can back up the configurations and show you the differences between different versions of a devices configuration.  I would assume it can since it is from Cisco, but you never know.

If you have managed non-Cisco devices that have a CLI these products should be able to monitor them for changes and backup the configurations also.  I have used RACNID and Solarwinds on Juniper Firewalls, PIX firewalss, and BIG-IP LTM devices.
 
The reason I like RANCID is that it's free.  However, the other products can do more than just doing configuration backups and monitoring for configuration changes.
0
 
LVL 1

Expert Comment

by:skipskip
ID: 40543818
Another solution is to use the archive function within the IOS that either write the config to an FTP server with "write memory" function is preformed, or better yet you use the archive config to log all the commands that are entered into the terminal.

https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive-feature-to-backup-configuration-file
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question