On Mon, 2012-01-16 at 13:18 +0200, Saku Ytti wrote: > On (2012-01-16 13:13 +0200), Mohammad Khalil wrote: > > ok , then to track configuration changes CONFIG_I is better than > > parser ? > > Why not combine it, if you have CONFIG_I and in preceeding lines you > see PARSER-5-CFGLOG_LOGGEDCMD before you see another CONFIG_I you can > conclusively state if configuration was changed during this CONFIG_I
... though one could enter configuration mode and issue e.g. "do show interface status", which would result ind a LOGGEDCMD but strictly speaking no configuration change. :-) We react to %SYS-5-CONFIG_I combined with ccmHistoryRunningLastChanged in CISCO-CONFIG-MAN-MIB. That of course sometimes results in the system downloading an unchanged configuration, but the change logging systems only logs a change if the running configuration text has actually changed. A full TACACS+ log (including "aaa authorization commands" and "aaa authorization config-commands") means that we can always go back and see who did what, though a system to document changes from this alone is IMHO too complex to be worth it. -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/