Header Only - DO NOT REMOVE - Extreme Networks

config audit


Userlevel 4
Create Date: Sep 26 2013 4:29PM

I have a set of X450e switches in a stack. I believe that the log config changes under the management section is in a disabled state. I believe that changes may have been made to the stack. Although I have SNMP monitoring in place, I do not have track of any configuration changes. The logs are not indicating anything. Also it is possible that the logs may have been periodically overwritten. Is there anything I can do to see if a command execution or change has taken place. Appreciate the help. (from Anush_Santhanam)

1 reply

Userlevel 4
Create Date: Sep 26 2013 5:05PM

You can audit config if you enable cli-config-logging. It will log all commands with the corresponding user.
It is also a good practice to export syslog to a secure server or Ridgeline, so it cannot be deleted by switch commands.
configure syslog add vr VR-Default local0
enable log target syslog vr VR-Default local0
configure log target syslog vr VR-Default local0 filter DefaultFilter severity Debug-Data
configure log target syslog vr VR-Default local0 match Any
You could change VR and severity according to your needs.

If you didn't enable cli-config-logging, I don't know how to tell if something has changed.
You can try looking at the date of "primary.cfg" file, typing ls, it will tell the last time the config was saved.

(from Luis_Coelho)

Reply