Log configuration changes to syslog on Nexus 7000?

Similar Messages

• Can the ACE be configured for logging configuration changes to syslog server ?

  Hi,
  On all our routers, switches and firewalls we've configured syslog so we get logs when configuration changes occur.
  Is this possible on the ACE too ?
  regards,
  Sebastian  

  Hi Sebastian,
  Yes it is possible but depends upong the logging level you have set. So logging trap 5 should be able to get you the configuration changes or command execution logs.
  Nov  1 2013 11:20:33 : %ACE-5-111008: User 'admin' executed the 'logging buffered 6' command.
  Nov  1 2013 11:20:48 : %ACE-5-111008: User 'admin' executed the 'no rserver testlog' command.
  So you should see these level 5 logs on syslog if logging trap 5 is configured.
  Let me know if you have any questions.
  Regards,
  Kanwal

• Configuration Changes in Syslog

  can I configure Cisco Routers/switches to send syslog the IOS commands that are entered on Cisco Device? My objective is to keep a record of changes that are/were made to the network devices.

  Hello!
  It is possible scince last 12.3T. Look in cisco.com for archive command:
  archive
  log config
  logging enable
  hidekeys
  With best regards

• Syslog. Include IP address of VTY in every message (configuration changes)

  Hello guys,
  I have discovered that Huawei has a different syslog messages format when it comes to logging configuration changes in external syslog, however if in Cisco you are using a universal login for many users, it is impossible to know what IP address logged what command..
  I know, a solution would be to let every user use its own login, however, I wanted to know is there a way for a Cisco router to associate the vty of the "logged command" originator and include this information in Syslog.
  Here is the example for Huawei:
  %%10SHELL/5/CMD(l):-DevIP=10.219.3.2- 2 -task:vt0 ip:10.200.7.138 user:** command:display logbuffer
  Cisco kind of includes the final message where is tells what was the IP address of the VTY, however, this IP address is not present in every syslog message as in Huawei.
  68954: 168799: Sep 22 14:29:21.839: %PARSER-5-CFGLOG_LOGGEDCMD: User:XXXXX logged command:no logging host 10.200.100.10 transport udp port 515
  68952: 168796: Sep 22 14:18:25.341: %PARSER-5-CFGLOG_LOGGEDCMD: User:XXXXX logged command:exit
  68953: 168797: Sep 22 14:18:26.053: %SYS-5-CONFIG_I: Configured from console by XXXXX on vty5 (10.200.7.138)
  Is it possible to do something similar in Cisco

  If you have Splunk or another enterprise log reporting server you can correlate those events by building a transaction whenever you see a %SYS-5-CONFIG_I event. I have support for this in my Cisco Networks app for Splunk: https://apps.splunk.com/app/1352/ & https://apps.splunk.com/app/1467/
  Have a look and see what you think.

• Nexus 7000 Platform Logging

  Hello,
  We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
  syslog from default VDC -
  2013 Mar 18 23:10:34  %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
  ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
  nothing in the VDC where I would like to get the logging
  default VDC logging level -
  xxx7K02# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx7K02#
  loggging from the specific VDC where we have management tools.
  xxx-LOW# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx-LOW#

  Hello Carl,
  What version of code are you running on your Nexus 7k?
  The expected behavior is:
  "When a hardware issue occurs, syslog messages are sent to all VDCs."
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
  Dave

• ASA send syslog messages for configuration changes

  On a router you can send configuration changes to the syslog server by doing,
  conf t
  archive
  log config
  logging enable
  notify syslog
  Then the router will send something like,
  .Aug  3 13:12:00.776 PACIFIC: %PARSER-5-CFGLOG_LOGGEDCMD: User:admin  logged command:no interface Loopback76
  if I had typed at the command line, "no int lo76"
  How do you do this on the ASA?
  Goal:  I want to know when anybody does any kind of config on my ASA.

  The syslog number 111008 and 111010 will log the command that is entered by user.
  111010 is for configuration changes.
  Here is the syslog for your information:
  111008:
  http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769400
  111010:
  http://www.cisco.com/en/US/docs/security/asa/asa84/system/message/logmsgs.html#wp4769410
  You need to enable syslog, and severity level 5, and if you don't want to see any other logging, you can only log the above 2 syslog numbers.

• Logging CRS configuration changes

  Hallo,
  in a 10.1 RAC environment,
  is there a file which logs CRS configuration changes, like issuing a oifcfg -setif command?
  Thx

  Yes

• Error: while configuring logs for changes in infotype data

  Hi All,
  I am configuring the following Tables for maintain logs for changes in infotype data.
  V_T585A, V_T585B and V_T585C
  While configuring V_T585B, when i input * in 'field name' column it gives me an warning message " All data fields in **** infotype 31 will be deleted.
  Please let me know, what does this warning message means?
  Also, How is the report RPUAUD00 read?
  Regards
  Simran

  Hi Simran,
  you are not suppose to give the IT 0031-Reference Personnel Numbers in these tables. why because this will done at the time of Employee hiring only and we don't change this. if you change you will lost the old data in the IT.
  Normally we assign only the IT which we change frequently for the master data. example like 0 1 2 7 8 9 27 582 - 589 2001 2006.
  if you are configuring today means from today on-wards any changes had made to these IT's you can see in the report. before changes will not be seen. in the report you have to choose either long-term document / short-term document and remaining fields as per the requirement.
  Regards,
  Praneeth kumar

• RME (LMS 3.2) No detect Change Configuration automatically by Syslog Messages

  Hi,
  I have a problem with the "change audit" for Syslog messages trigger. I set all my devices to send Syslog messages to the CiscoWorks server. When I make any changes to syslog message is sent correctly for the CiscoWorks server, but it does not start automatically collects configuration (config fetch).
  Only when I start manually "sync archive" the configuration is stored and detected the change in configuration.
  Has not changed anything in config fetch "to" Automated actions Syslog ".
  Thanks

  Hi,
  You an check RME  > Tools > Syslog > Automated Actions to verify nothing was changed.
  Then display 'Config Fetch'. There is contextual help available:
  http://:1741/help/rme/fundamentals/index.html?syslog_Defining_Automatd_Actions.html#wp1211314
  Nick

• Configuration Change log in Production

  Hi all
      Some configuration changes have been directly made in production at our client. How can we find out what changes are made? Going into SCC4 > Change logs, I could find out who made all the changes. But it does not show what configuration changes are made.
  Thanks
  Vamsi

  Dear Vamsi,
  I'm not sure whether in a single report you can fetch all the changes related to configuration for a particular module.
  But I'm sure in most of the nodes the configuration change logs gets recorded.Check these links,
  Re: How to find when a new Material type is created
  Configuration change Log
  Regards
  Mangalraj.S

• Nexus 7000 with VPC and HSRP Configuration

  Hi Guys,
  I would like to know how to implement HSRP with the following setup:
  There are 2 Nexus 7000 connected with VPC Peer link. Each of the Nexus 7000 has a FEX attached to it.
  The server has two connections going to the FEX on each Nexus 7k (VPC). FEX's are not dual homed as far as I now they are not supported currently.
  R(A)              R(S)
  |                     |
  7K Peer Link 7K
  |                     |
  FEX              FEX
  Server connected to both FEX
  The question is we have two routers connected to each of the Nexus 7k in HSRP (active and one is standby). How can I configure HSRP on the nexus switches and how the traffic will routed from the Standby Nexus switch to Active Nexus switch (I know HSRP works differently here as both of them can forward packets). Will the traffic go to the secondary switch and then via the peer link to the active switch and then to the active router ? (From what I read the packet from end hosts which will go via the peer link will get dropped)
  Has anyone implemented this before ?
  Thanks

  Hi Kuldeep,
  If you intend to put those routers on a non-vpc vlan, you  may create  a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
  HTH
  Jay Ocampo

• Logging of commands on syslog server (Cisco Nexus 7010)

  Please help.
  How to set up logging of commands on syslog server ? (cisco nexus 7010)

  Hi Igor
  Nexus has internal accounting log: sh accouting log
  But it can be sent only to the accounting server, not to a syslog server.
  If you want - you man manually export it to some log.
  HTH,
  Alex

• Configuration change Log

  Hi,
    I need to find the configuration change log in development system. Do we have any transaction/report/program from which we can track all the configuration changes for a perticular object.
  Thanks,
  Vijay

  for almost all customizing you can find the change history in menu tools within the cuistomizing.

• Configuration archive after configuration change

  Hello,
  I'm assuming this can work with switches, routers, and controllers. I'm running PI 2.1 and am trying to get the configuration archive functionality working. I have both of these options checked under System Settings > Configuration Archive:
  :: Archive configuration out-of-box
  :: Archive configuration on receiving configuration change events
  On the IOS device, these settings were configured for syslog/snmp:
  logging buffered 100000
   no logging event link-status
  logging trap notifications
  logging facility local6
  logging source-interface Loopback0
  logging <Prime IP>
  snmp-server community ***** RW 13
  snmp-server enable traps config
  snmp-server enable traps syslog
  snmp-server host <Prime IP> version 2c *****
  I do not see any syslog messages in PI under alarms/alerts and the configuration never gets archived. I haven't run tcpdump yet to determine if PI is receiving these traps but I was hoping it was something simple I was overlooking. Thanks for any assistance that can be provided.

  Thank you for the reply. To answer your question, yes. Community information matches with PI credentials.
  I actually did get it to work yesterday. I did original testing on a 1921 router which is still not working, but when I tried configuring the same information on some switches (3750's) it worked. I thought routers would be configured the same - are there hardware limitations to this?
  I look in the built-in CLI template 'Configure Logging' in PI and it only has switches and WLCs as available devices to push out to but I don't know what to make of it.

• BGP Notification received, configuration change

  Hi,
  We are  monitoring a BGP peering flap for a fraction of seconds approximately every three days for a particular neighbor. We are seeing this behavior consistently for a Month.
  Jun 10 08:55:15.566 NST: bgp[1041]: %ROUTING-BGP-5-ADJCHANGE : neighbor x.x.x.x Down - BGP Notification received, configuration change (VRF: default)
  Jun 10 08:55:15.565 NST: bgp[1041]: %ROUTING-BGP-5-NBR_NSR_DISABLED_STANDBY : NSR disabled on neighbor x.x.x.x on standby due to BGP Notification received (VRF: default)
  Would like to know what does the error messge indicates  "BGP Notification received, configuration change"

  There might be a clue in the bgp trace on the device that experienced this condition:
  show bgp trace and look around the time of the notification down.
  Depending on what is on the other side, I think that hte investigation is better done on that node as that was the originator of the change hence bringing the peer down.
  This can be as simple as an address family add or remove, things like that. When capabilities of a peer change, they have to bring down the peering since they are only sent in the OPEN message.
  IF it is very periodic, I would also verify and check what might be happening during those time windows, especially on the peer. Maybe there is a config script that could induce things.
  If that peer is an XR device, the bgp trace will be very helpful in that regard.
  If itis an IOS device, then maybe you need to keep running some debug bgp event for around the time that you expect this flap, and a syslog analysis (sh log) around that time for clues.
  xander