PerimeterIT
asked on
Best way to monitor configuration changes on a Cisco switch / Router
We have a requirement to monitor all changes to the running configurations of our devices.
Including which user made the change, the time and what commands were issued.
What is the best way to do this?
Is it SNMP, SYSLOG, something else?
Which 3rd party applications are you using to monitor this?
Including which user made the change, the time and what commands were issued.
What is the best way to do this?
Is it SNMP, SYSLOG, something else?
Which 3rd party applications are you using to monitor this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This link should be solution to your question - Cisco standard config with sending notification to syslog.
As Don said, AAA is what you need. TACACS+ is the way to go with Cisco devices. This will enable you to do command authorization and will provide an audit trail of which user did what.
If you want to be able to comprehensively report on this, use Prime LMS too.
If you want to be able to comprehensively report on this, use Prime LMS too.
If you don't need real time notification, you can use something like RANCID (which is free). You configure RANCID to check the switches/routers as often as you want for changes. In addition to notifying you about changes, it will also backup the current configuration and allow you to do reporting on the differences between the the configurations so you can see what changes.
Solarwinds can do the same thing, but costs money. I'm fairly sure that Prime LMS and WhatsUpGold can do it also, but I have never used them. Probably a few other products also.
Solarwinds can do the same thing, but costs money. I'm fairly sure that Prime LMS and WhatsUpGold can do it also, but I have never used them. Probably a few other products also.
LMS can do it, just like I said :-)
Need to be a little clearer. LMS can monitor the 6500, did not mean to imply that I was not sure about this. Prime LMS can monitor any Cisco device for changes.
What I didn't know about LMS is if it can back up the configurations and show you the differences between different versions of a devices configuration. I would assume it can since it is from Cisco, but you never know.
If you have managed non-Cisco devices that have a CLI these products should be able to monitor them for changes and backup the configurations also. I have used RACNID and Solarwinds on Juniper Firewalls, PIX firewalss, and BIG-IP LTM devices.
The reason I like RANCID is that it's free. However, the other products can do more than just doing configuration backups and monitoring for configuration changes.
What I didn't know about LMS is if it can back up the configurations and show you the differences between different versions of a devices configuration. I would assume it can since it is from Cisco, but you never know.
If you have managed non-Cisco devices that have a CLI these products should be able to monitor them for changes and backup the configurations also. I have used RACNID and Solarwinds on Juniper Firewalls, PIX firewalss, and BIG-IP LTM devices.
The reason I like RANCID is that it's free. However, the other products can do more than just doing configuration backups and monitoring for configuration changes.
Another solution is to use the archive function within the IOS that either write the config to an FTP server with "write memory" function is preformed, or better yet you use the archive config to log all the commands that are entered into the terminal.
https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive-feature-to-backup-configuration-file
https://learningnetwork.cisco.com/blogs/vip-perspectives/2013/10/30/understanding-cisco-auto-archive-feature-to-backup-configuration-file
We use enterprise edition of WhatsUpGold (v16) in our organization and it works great.
Pricey but will give you all the details. You can even configure alerts and receive real time notification if you desire.