How to be notified when you Cisco router configuration has changed

Posted on January 8, 2009 by David Davis in Cisco with 0 Comments

Traditionally, to be notified if your Cisco router configuration has changed, you had to use a configuration management and monitoring tool like Tripwire. Applications like that have their use but if you just want a simple email when someone modifies your Cisco router configuration, there is a much easier route.

Using SNMP to alert your NMS of Cisco IOS configuration changes

To get alerted whenever someone changes your Cisco IOS router configuration, all it takes is a few simple commands. These commands alert your network management system (NMS) of this and your NMS must alert you, or your group, in some form (cell, email, SMS, or whatever).

First, your Cisco router will need to be configured to point to your NMS. To do this, enter this command:

The x.x.x.x is the IP address of your NMS. The community string, configured for this device, on your NMS, and the router must match.

If you don’t yet have a NMS, stay tuned for the section section of this article and you can come back to the step above.

Next, you need to tell the router what you want it to alert you about. In our case, we want to be alerted to router configuration changes so we use the “trap config” option, like this:

For more information on how to configure these SNMP management traps, see this link: Cisco IOS SNMP Traps Supported and How to Configure them.

Configuring your SNMP Network Management Station (NMS)

So now that your Cisco router is sending your NMS an alert that the configuration has changed, the NMS needs to alert you of that somehow. The point of the NMS is to be the “middle man” and be the place where you dispatch all these alert to various individuals or groups and through various methods like email, SMS, pager, or cell.

As there are so many different NMS options available. I cannot begin to tell you how to configure the one that you already have in place to do this. If you don’t have a NMS yet, I recommend either Whatsup or OpenNMS. Whatsup is relatively inexpensive compared to a large enterprise NMS like HP Openview and you can get a free demo of Whatsup. OpenNMS is free but not quite as intuitive as Whatsup. Still, OpenNMS is a fully capable network management station. I recommend starting with either the Whatsup demo or the OpenNMS virtual appliance for VMware Player (virtual appliances are available at the VMware Virtual Appliance Marketplace). Either one will allow you to configure your NMS to alert you when your router’s configuration has changed.

Here is the basic action I setup inside Whatsup to tell it what to do when it received an SNMP trap for a configuration change from this particular router:

Sponsored

Sponsored

Once I had this all setup and working, if I logged into my router did a config terminal, when into global configuration mode, then exited, I would get an email from my Whatsup NMS that my configuration had changed, like this:

Cisco IOS new feature: Configuration Change Notification and Logging

If you want to take this a step further, you can actually log every command that is entered on the router and then be notified of those command changes. This is a new feature in the Cisco IOS, beginning with IOS 12.2(25)S and 12.3(4)T. This method uses the archive logging feature and you can view all commands performed on the router with the show archive log config command. It will even record the username of the logged in user who entered that command.

For more information on how you can record all router configuration commands, see this link.

There is a long list of optional SNMP traps that can be sent.  I highly recommend that you use the snmp-server enable traps command to tweak your router to alert your NMS of only the traps that you want to be informed of. If you just use this command by itself, you will get alerted via SNMP of just about every possible event on the router.

Here are some of the more common traps that I have configured:

  • bgp – sends notification for BGP state changes
  • envmon – sends notifications if the router has an environmental monitoring issue like a power supply has gone out or the router is overheating
  • snmp – to be notified of router reboots, linkup, linkdown, or SNMP authentication failures

You can find many more at this URL:  snmp-server enable traps

Summary

If you didn’t yet have a NMS, you will certainly need it for other network management functions as your network grows so you might as well implement one now. If you want full scale configuration monitoring and alerting, I suggest either the new Cisco feature or try out the free open-source version of Tripwire that runs on Linux. In conclusion, being notified of configuration changes on your router helps you to know what is going on and it helps to keep your network more secure. I suggest you give it a try today!

Got a question? Post it on our Cisco Forum!

Sponsored