今天早上碰到客戶的LACP其中一Port有狀況,隨後到公司檢查,發現是Transceiver數值異常,因此更換。更換後發現連不到管理IP,之後發現在排除狀況時加入了同網段IP,去回不同路而導致連不上。
之前也有發生設定被改過而出事,所以最好使用者下的指令都記錄在syslog中,便能方便追蹤是誰下了關鍵指令。
在Cisco中,此項功能稱為「Archive」。
Chapter: Configuration Change Notification and Logging
The Configuration Change Notification and Logging (Config Log Archive) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing an archive function. This archive saves configuration logs that track each configuration command that is applied, who applied the command, the parser return code (PRC) for the command, and the time the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes.
Before the introduction of the Configuration Change Notification and Logging feature, the only way to determine if the Cisco software configuration had changed was to save a copy of the running and startup configurations to a local computer and do a line-by-line comparison. This comparison method can identify changes that occurred, but does not specify the sequence in which the changes occurred, or the person responsible for the changes.
如何設定?
參照官方文件流程
DETAILED STEPS
enable configure terminal archive log config logging enable logging size 200 hidekeys notify syslog end
其中最關鍵的指令是「notify syslog」,這將使用者下的指令會通知給syslog。如此讓我們能從syslog追蹤到過去使用者所送出的指令。