Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Log & Event Manager (LEM) > Enabling Change Monitoring on Cisco Devices Syslogging to LEM

Enabling Change Monitoring on Cisco Devices Syslogging to LEM

Overview

Changes made to a Cisco router or switch’s running configuration do not log to the LEM appliance (or any other appliance) by default. These configuration changes also do not log locally on the router or switch itself. Enabling configuration change monitoring on your Cisco routers and switches allows you to monitor unauthorized changes to the network devices responsible for your organization’s connectivity. 

Setting the commands described in this article tells the router to log every command that changes the router’s configuration. (Show commands, for example, are not logged, because they don’t change the router’s configuration.) 
 

Environment

LEM with Cisco devices

 

Steps

 

Perform the following steps to enable configuration change monitoring on Cisco devices:

  1. Access the Cisco device via SSH.
     
  2. Configure the Cisco device for sylogging to the LEM appliance. See the SolarWinds knowledgebase article Integrate Cisco network devices with SolarWinds LEM for instructions on setting up the device to log to your LEM appliance. 
  3. Configure the Cisco device to monitor configuration changes using the following commands:

enable

Enters Privilege-Exec mode on the router. Some routers put you in Privilege-Exec mode by default. You can tell if you are there if there is a # next to the router name. For example: routername# instead of <routername>

configure terminal 

Enters Global Configuration Mode. You must enter this mode to make any changes to a router or a switch.

archive 

Enters the archive’s sub menu.

log config 

Goes into the logging configuration sub-mode. This is where you specify the logging options for the running configuration.

logging enable 

Enables logging for the running configuration.

logging size 

Specifies how many logs to keep on the local system. For example the command logging size 200 keeps 200 logs on the cisco device itself as well as sends those logs where you tell it to.

hidekeys 

Enables more secure logging by making sure passwords are not sent in the clear.

syslog 

Sends the log files to syslog.

end 

Sends you back to Privilege-Exec mode.

 

Note: These events will most likely show up in LEM as PolicyModify events.

 

Last modified

Tags

Classifications

Public