Hide this message
Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.
Changes made to a Cisco router or switch’s running configuration do not log to the LEM appliance (or any other appliance) by default. These configuration changes also do not log locally on the router or switch itself. Enabling configuration change monitoring on your Cisco routers and switches allows you to monitor unauthorized changes to the network devices responsible for your organization’s connectivity.
Setting the commands described in this article tells the router to log every command that changes the router’s configuration. (Show commands, for example, are not logged, because they don’t change the router’s configuration.)
LEM with Cisco devices
Perform the following steps to enable configuration change monitoring on Cisco devices:
Enters Privilege-Exec mode on the router. Some routers put you in Privilege-Exec mode by default. You can tell if you are there if there is a # next to the router name. For example: routername# instead of <routername>
Enters Global Configuration Mode. You must enter this mode to make any changes to a router or a switch.
Enters the archive’s sub menu.
Goes into the logging configuration sub-mode. This is where you specify the logging options for the running configuration.
Enables logging for the running configuration.
Specifies how many logs to keep on the local system. For example the command logging size 200 keeps 200 logs on the cisco device itself as well as sends those logs where you tell it to.
Enables more secure logging by making sure passwords are not sent in the clear.
Sends the log files to syslog.
Sends you back to Privilege-Exec mode.
Note: These events will most likely show up in LEM as PolicyModify events.