Go Premium for a chance to win a PS4. Enter to Win


Best way to monitor configuration changes on a Cisco switch / Router

Posted on 2014-12-23
Medium Priority
Last Modified: 2015-04-08
We have a requirement to monitor all changes to the running configurations of our devices.
Including which user made the change, the time and what commands were issued.

What is the best way to do this?
Is it SNMP, SYSLOG, something else?

Which 3rd party applications are you using to monitor this?
Question by:PerimeterIT
LVL 50

Accepted Solution

Don Johnston earned 2000 total points
ID: 40515998
AAA  = Authenticating, Authorization & Accounting

AAA guide
LVL 18

Expert Comment

ID: 40516010
Most Network monitoring tools that can integrate with the device MIB may be able to achieve this in conjunction with SNMP.

We use enterprise edition of WhatsUpGold (v16) in our organization and it works great.
Pricey but will give you all the details. You can even configure alerts and receive real time notification if you desire.
LVL 31

Expert Comment

ID: 40516034
This link should be solution to your question - Cisco standard config with sending notification to syslog.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 47

Expert Comment

by:Craig Beck
ID: 40516446
As Don said, AAA is what you need.  TACACS+ is the way to go with Cisco devices.  This will enable you to do command authorization and will provide an audit trail of which user did what.

If you want to be able to comprehensively report on this, use Prime LMS too.
LVL 57

Expert Comment

ID: 40517613
If you don't need real time notification, you can use something like RANCID (which is free).  You configure RANCID to check the switches/routers as often as you want for changes.  In addition to notifying you about changes, it will also backup the current configuration and allow you to do reporting on the differences between the the configurations so you can see what changes.

Solarwinds can do the same thing, but costs money.  I'm fairly sure that Prime LMS and WhatsUpGold can do it also, but I have never used them.  Probably a few other products also.
LVL 47

Expert Comment

by:Craig Beck
ID: 40517647
LMS can do it, just like I said :-)
LVL 57

Expert Comment

ID: 40517678
Need to be a little clearer.  LMS can monitor the 6500, did not mean to imply that I was not sure about this.  Prime LMS can monitor any Cisco device for changes.

What I didn't know about LMS is if it can back up the configurations and show you the differences between different versions of a devices configuration.  I would assume it can since it is from Cisco, but you never know.

If you have managed non-Cisco devices that have a CLI these products should be able to monitor them for changes and backup the configurations also.  I have used RACNID and Solarwinds on Juniper Firewalls, PIX firewalss, and BIG-IP LTM devices.
The reason I like RANCID is that it's free.  However, the other products can do more than just doing configuration backups and monitoring for configuration changes.

Expert Comment

ID: 40543818
Another solution is to use the archive function within the IOS that either write the config to an FTP server with "write memory" function is preformed, or better yet you use the archive config to log all the commands that are entered into the terminal.


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question