Cisco IOS Software Releases 12.3 T

Table Of Contents

Configuration Change Notification and Logging

Contents

Restrictions for Configuration Change Notification and Logging

Information About Configuration Change Notification and Logging

Configuration Log

Configuration Change Notifications and Config Change Logging

Config Logger Enhancements for EAL4+ Certification [12.3(14)T]

How to Configure the Configuration Change Notification and Logging Feature

Configuring the Configuration Change Notification and Logging Feature

Displaying Configuration Log Entries and Statistics

Clearing Configuration Log Entries

Clearing the Configuration Log by Reducing the Log Size

Clearing the Configuration Log by Disabling the Configuration Log

Configuration Examples for the Configuration Change Notification and Logging Feature

Configuring the Configuration Change Notification and Logging Feature: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

archive

hidekeys

log config

logging enable

logging size

notify syslog

show archive log config

Feature Information for Configuration Change Notification and Logging

Configuration Change Notification and Logging

---

First Published: November 3, 2003

Last Updated: May 30, 2006

Releases of Cisco IOS software prior to 12.3(4)T and 12.2(25)S lack the ability to track the origin of changes to the running configuration. The only way to determine if a Cisco IOS software configuration has changed is to pull the running and startup configurations offline and do a line-by-line comparison. This comparison identifies all changes that occurred between the two configurations, but it does not specify the sequence in which the changes occurred or the person responsible for the changes.

The Configuration Change Notification and Logging (Configuration Logging) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing a configuration log. The configuration log tracks each configuration command that is applied, who applied the command, the parser return code for the command, and the time the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Configuration Change Notification and Logging" section.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Restrictions for Configuration Change Notification and Logging

•Information About Configuration Change Notification and Logging

•How to Configure the Configuration Change Notification and Logging Feature

•Configuration Examples for the Configuration Change Notification and Logging Feature

•Additional References

•Command Reference

•Feature Information for Configuration Change Notification and Logging

Restrictions for Configuration Change Notification and Logging

•Only complete commands input in a configuration mode are logged.

•Commands that are part of a configuration file applied with the copy command are not logged.

Information About Configuration Change Notification and Logging

To configure the Configuration Change Notification and Logging feature, you must understand the following concepts:

•Configuration Log

•Configuration Change Notifications and Config Change Logging

Configuration Log

The Configuration Change Notification and Logging feature tracks changes made to the Cisco IOS software running configuration by maintaining a configuration log. This configuration log tracks changes initiated only through the command-line interface (CLI) or HTTP. Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:

•Commands that result in a syntax error message

•Partial commands that invoke the router help system

For each configuration command that is executed, the following information is logged:

•The command that was executed

•The configuration mode in which the command was executed

•The name of the user that executed the command

•The time at which the command was executed

•A configuration change sequence number

•Parser return codes for the command

You can display information from the configuration log through the use of the show archive log config command, with the exception of the parser return codes, which are for use by internal Cisco IOS applications only.

Configuration Change Notifications and Config Change Logging

You can configure the Configuration Change and Notification Logging feature to send notification of configuration changes to the Cisco IOS software system logging (syslog) process. Syslog notifications allow monitoring of the configuration log information without performing polling and information gathering tasks.

The Configuration Change Notification and Logging feature allows the tracking of configuration changes entered by users on a per-session and per-user basis. This tool allows administrators to track any configuration change made to the Cisco IOS software running configuration, and identify the user that made that change.

Config Logger Enhancements for EAL4+ Certification [12.3(14)T]

Further enhancements to the Configuration Change Logging process were implemented in Cisco IOS Release 12.3(14)T. These enhancements support an effort to ensure the logging process meets the requirements set forth in the Conformance to Common Criteria, Evaluation Assurance Level 4+ (EAL4+) Firewall Protection Profiles. These enhancements include changes to meet the following requirements:

•If you change any logging parameters, those changes are logged. This is effected by the sending of a syslog message for each change to the running-config from a copy operation (for example, on copy source running-config).

•Modifications to the Group of Administrative Users are logged; failure attempts for access to privileged EXEC mode ("enable" mode) are logged.

---

Note EAL Certification is not claimed by Cisco for Cisco IOS Release 12.3(14)T. These enhancements provide the groundwork for future Certification.

---

The above logging actions are disabled by default. To enable these logging characteristics, perform the task described in the "Configuring the Configuration Change Notification and Logging Feature" section.

How to Configure the Configuration Change Notification and Logging Feature

This section contains the following procedures:

•Configuring the Configuration Change Notification and Logging Feature

•Displaying Configuration Log Entries and Statistics

•Clearing Configuration Log Entries

Configuring the Configuration Change Notification and Logging Feature

Perform this task to enable the Configuration Change Notification and Logging feature.

SUMMARY STEPS

1. enable

2. configure terminal

3. archive

4. log config

5. logging enable

6. logging size entries

7. hidekeys

8. notify syslog

9. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	archive Example: Router(config)# archive	Enters archive configuration mode.
Step 4	log config Example: Router(config-archive)# log config	Enters configuration change logger configuration mode.
Step 5	logging enable Example: Router(config-archive-log-config)# logging enable	Enables the logging of configuration changes. •Logging of configuration changes is disabled by default.
Step 6	logging size entries Example: Router(config-archive-log-config)# logging size 200	(Optional) Specifies the maximum number of entries retained in the configuration log. •Valid values for the entries argument range from 1 to 1000. The default value is 100 entries. •When the configuration log is full, the oldest entry is deleted every time a new entry is added. Note If a new log size is specified that is smaller than the current log size, the oldest log entries is immediately purged until the new log size is satisfied, regardless of the age of the log entries.
Step 7	hidekeys Example: Router(config-archive-log-config)# hidekeys	(Optional) Suppresses the display of password information in configuration log files. Note Enabling the hidekeys command increases security by preventing password information from being displayed in configuration log files.
Step 8	notify syslog Example: Router(config-archive-log-config)# notify syslog	(Optional) Enables the sending of notifications of configuration changes to a remote syslog.
Step 9	end Example: Router(config-archive-log-config)# end	Exits to privileged EXEC mode.

Displaying Configuration Log Entries and Statistics

Perform this task to display entries from the configuration log or statistics about the memory usage of the configuration log.

To display configuration log entries and to monitor the memory usage of the configuration log, the Configuration Change Notification and Logging feature provides the show archive log config command.

SUMMARY STEPS

1. enable

2. show archive log config number [end-number]

3. show archive log config all provisioning

4. show archive log config statistics

5. exit

DETAILED STEPS

---

Step 1 enable

Use this command to enable privileged EXEC mode. Enter your password if prompted. For example"

Router> enable

Step 2 show archive log config number [end-number]

Use this command to display configuration log entries by record numbers. If you specify a record number for the optional end-number argument, all log entries with record numbers between the values entered for the number and end-number arguments are displayed. For example:

Router# show archive log config 1 2

idx   sess   user@line        Logged command

 1     1     user1@console    logging enable

 2     1     user1@console    logging size 200

This example displays configuration log entry numbers 1 and 2. Valid values for the number and end-number argument range from 1 to 2147483647.

Step 3 show archive log config provisioning

Use this command to display all configuration log files as they would appear in a configuration file rather than in tabular format. For example:

Router# show archive log config all provisioning

archive

 log config

  logging enable

  logging size 200

This display also shows the commands used to change configuration modes, which are required to correctly apply the logged commands.

Step 4 show archive log config statistics

Use this command to display memory usage information for the configuration. For example:

Router# show archive log config statistics

Config Log Session Info:

   Number of sessions being tracked: 1

   Memory being held: 3910 bytes

   Total memory allocated for session tracking: 3910 bytes

   Total memory freed from session tracking: 0 bytes

Config Log log-queue Info:

   Number of entries in the log-queue: 3

   Memory being held in the log-queue: 671 bytes

   Total memory allocated for log entries: 671 bytes

   Total memory freed from log entries:: 0 bytes

Step 5 exit

Use this command to exit to user EXEC mode. For example:

Router# exit

Router>

---

Clearing Configuration Log Entries

Entries from the configuration log can be cleared in one of two ways. The size of the configuration log can be reduced using the logging size command, or the configuration log can be disabled and then reenabled with the logging enable command.

This section contains the following procedures:

•Clearing the Configuration Log by Reducing the Log Size

•Clearing the Configuration Log by Disabling the Configuration Log

Clearing the Configuration Log by Reducing the Log Size

Perform this task to clear entries from the configuration log using the logging size command.

SUMMARY STEPS

1. enable

2. configure terminal

3. archive

4. log config

5. logging size entries

6. logging size entries

7. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	archive Example: Router(config)# archive	Enters archive configuration mode.
Step 4	log config Example: Router(config-archive)# log config	Enters configuration change logger configuration mode.
Step 5	logging size entries Example: Router(config-archive-log-config)# logging size 1	Specifies the maximum number of entries retained in the configuration log. Note Setting the size of the configuration log to 1 results in all but the most recent entry being purged.
Step 6	logging size entries Example: Router(config-archive-log-config)# logging size 200	Specifies the maximum number of entries retained in the configuration log. Note The size of the configuration log should be reset to the desired value after clearing the configuration log.
Step 7	end Example: Router(config-archive-log-config)# end	Exits to privileged EXEC mode.

Examples

The following example shows how to clear the configuration log by reducing the log size to 1, then resetting the log size to the desired value:

Router# configure terminal

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# logging size 1

Router(config-archive-log-config)# logging size 200

Router(config-archive-log-config)# end

Clearing the Configuration Log by Disabling the Configuration Log

Perform this task to clear entries from the configuration log using the logging enable command.

SUMMARY STEPS

1. enable

2. configure terminal

3. archive

4. log config

5. no logging enable

6. logging enable

7. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	archive Example: Router(config)# archive	Enters archive configuration mode.
Step 4	log config Example: Router(config-archive)# log config	Enters configuration change logger configuration mode.
Step 5	no logging enable Example: Router(config-archive-log-config)# no logging enable	Disables the logging of configuration changes. Note Disabling the configuration log results in all records being purged.
Step 6	logging enable Example: Router(config-archive-log-config)# logging enable	Enables the logging of configuration changes.
Step 7	end Example: Router(config-archive-log-config)# end	Exits to privileged EXEC mode.

Examples

The following example clears the configuration log by disabling and then reenabling the configuration log:

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# no logging enable

Router(config-archive-log-config)# logging enable

Router(config-archive-log-config)# end

Configuration Examples for the Configuration Change Notification and Logging Feature

This section provides the following configuration example:

•Configuring the Configuration Change Notification and Logging Feature: Example

Configuring the Configuration Change Notification and Logging Feature: Example

The following example shows how to enable configuration logging with a maximum of 200 entries in the configuration log. In the example, security is increased by suppressing the display of password information in configuration log records, and syslog notifications are turned on.

configure terminal

archive

 log config

 logging enable

 logging size 200

 hidekeys

 notify syslog

Additional References

The following sections provide references related to the Configuration Change Notification and Logging. feature:

Related Documents

Related Topic	Document Title
Information about managing configuration files	"Managing Configuration Files" chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3
Commands for managing configuration files	Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3T

Standards

Standards	Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.	—

MIBs

MIBs	MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFCs	Title
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.	—

Technical Assistance

Description	Link
The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

Command Reference

This section documents modified commands only.

•archive

•hidekeys

•log config

•logging enable

•logging size

•notify syslog

•show archive log config

archive

To enter archive configuration mode, use the archive command in global configuration mode.

archive

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example shows how to place the router in archive configuration mode:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# 

Related Commands

Command	Description
log config	Enters configuration change logger configuration mode.
logging enable	Enables the logging of configuration changes.
maximum	Sets the maximum number of archive files of the running configuration to be saved in the Cisco IOS configuration archive.
path	Specifies the location and filename prefix for the files in the Cisco IOS configuration archive.
time-period	Sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive.

hidekeys

To suppress the display of password information in configuration log files, use the hidekeys command in configuration change logger configuration mode. To allow the display of password information in configuration log files, use the no form of this command.

hidekeys

no hidekeys

Syntax Description

This command has no arguments or keywords.

Command Default

Password information is displayed.

Command Modes

Configuration change logger configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Enabling the hidekeys command increases security by preventing password information from being displayed in configuration log files.

Examples

The following example shows how to prevent password information from being displayed in configuration log files:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# hidekeys

Router(config-archive-log-config)# end

Related Commands

Command	Description
archive	Enters archive configuration mode.
log config	Enters configuration change logger configuration mode.
logging enable	Enables the logging of configuration changes.
logging size	Specifies the maximum number of entries retained in the configuration log.
notify syslog	Enables the sending of notifications of configuration changes to a remote syslog.
show archive log config	Displays entries from the configuration log.

log config

To enter configuration change logger configuration mode, use the log config command in archive configuration mode.

log config

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Archive configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example shows how to place the router in configuration change logger configuration mode:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# 

Related Commands

Command	Description
archive	Enters archive configuration mode.
hidekeys	Suppresses the display of password information in configuration log files.
logging enable	Enables the logging of configuration changes.
logging size	Specifies the maximum number of entries retained in the configuration log.
notify syslog	Enables the sending of notifications of configuration changes to a remote syslog.
show archive log config	Displays entries from the configuration log.

logging enable

To enable the logging of configuration changes, use the logging enable command in configuration change logger configuration mode. To disable the logging of configuration changes, use the no form of this command.

logging enable

no logging enable

Syntax Description

This command has no arguments or keywords.

Command Default

Configuration change logging is disabled.

Command Modes

Configuration change logger configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Use this command if you want to log configuration changes. If you disable configuration logging, all configuration log records that were collected are purged.

Examples

The following example shows how to enable configuration logging:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# logging enable

Router(config-archive-log-config)# end

The following example shows how to clear the configuration log by disabling and then reenabling the configuration log:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# no logging enable

Router(config-archive-log-config)# logging enable

Router(config-archive-log-config)# end

Related Commands

Command	Description
archive	Enters archive configuration mode.
hidekeys	Suppresses the display of password information in configuration log files.
log config	Enters configuration change logger configuration mode.
logging size	Specifies the maximum number of entries retained in the configuration log.
notify syslog	Enables the sending of notifications of configuration changes to a remote syslog.
show archive log config	Displays entries from the configuration log.

logging size

To specify the maximum number of entries retained in the configuration log, use the logging size command in configuration change logger configuration mode. To reset the default value, use the no form of this command.

logging size entries

no logging size

Syntax Description

entries

The maximum number of entries retained in the configuration log. Valid values range from 1 to 1000. The default value is 100 entries.

Command Default

100 entries

Command Modes

Configuration change logger configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

When the configuration log is full, the oldest log entry will be removed every time a new entry is added.

---

Note If a new log size is specified that is smaller than the current log size, the oldest entries will be immediately purged until the new log size is satisfied, regardless of the age of the log entries.

---

Examples

The following example shows how to specify that the configuration log may have a maximum of 200 entries:

Router(config-archive-log-config)# logging size 200

The following example shows how to clear the configuration log by reducing the log size to 1, then resetting the log size to the desired value. Only the most recent configuration log file will be saved.

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# logging size 1

Router(config-archive-log-config)# logging size 200

Related Commands

Command	Description
archive	Enters archive configuration mode.
hidekeys	Suppresses the display of password information in configuration log files.
log config	Enters configuration change logger configuration mode.
logging enable	Enables the logging of configuration changes.
notify syslog	Enables the sending of notifications of configuration changes to a remote syslog.
show archive log config	Displays entries from the configuration log.

notify syslog

To enable the sending of notifications of configuration changes to a remote system message logging (syslog), use the notify syslog command in configuration change logger configuration mode. To disable the sending of notifications of configuration changes to the syslog, use the no form of this command.

notify syslog

no notify syslog

Syntax Description

This command has no arguments or keywords.

Command Default

Notifications are not sent to the syslog.

Command Modes

Configuration change logger configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Enable the notify syslog command if you use the syslog to monitor your router. Syslog monitoring prevents the need to gather configuration log information manually.

Examples

The following example shows how to enable the router to send notifications to the syslog:

Router# configure terminal

!

Router(config)# archive

Router(config-archive)# log config

Router(config-archive-log-config)# notify syslog

Router(config-archive-log-config)# end

Related Commands

Command	Description
archive	Enters archive configuration mode.
hidekeys	Suppresses the display of password information in configuration log files.
log config	Enters configuration change logger configuration mode.
logging enable	Enables the logging of configuration changes.
logging size	Specifies the maximum number of entries retained in the configuration log.
show archive log config	Displays entries from the configuration log.

show archive log config

To display entries from the configuration log, use the show archive log config command in privileged EXEC mode.

show archive log config {all | record-number [end-number] | user username [session session-number] record-number [end-number] | statistics} [provisioning]

Syntax Description

all	Displays all configuration log entries.
record-number [end-number]	Displays the log entry by record number. If you specify a record number for the optional end-number argument, all log entries with record numbers between the values entered for the record-number and end-number arguments are displayed. Valid values for the record-number and end-number arguments range from 1 to 2147483647.
user username	Displays log entries attributed to a particular user.
session session-number	(Optional) Displays log entries attributed to a particular session. Valid values for the session-number argument range from 1 to 1000.
statistics	Displays memory usage information for the configuration log.
provisioning	(Optional) Displays configuration log file information as it would appear in a configuration file, rather than in tabular format.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you do not specify the all keyword, you must specify a record number with the record-number argument. You can optionally specify an end record number with the end-number argument to display a range of records. If you specify a record number that does not exist with the end-number argument, all records after the starting record number with a record number lower than that specified with the end-number argument are displayed.

Specifying the provisioning keyword results in the display appearing as it would in a configuration file, rather than in tabular format. This output includes commands used to change configuration modes and logged configuration commands. This output can be used to set up another router if desired.

Examples

The following is sample output from the show archive log config command, which displays configuration log entry numbers 1 and 2:

Router# show archive log config 1 2

idx   sess   user@line        Logged command

 1     1     user1@console    logging enable

 2     1     user1@console    logging size 200

Table 1 describes the fields shown in the display.

Table 1 show archive log config Field Descriptions 

Field	Description
idx	The record number of the configuration log entry.
sess	The session number associated with the configuration log entry.
user@line	The username of the user who executed the command that generated the configuration log entry.
Logged command	The command that was executed.

The following example results in the display of all configuration log files as they would appear in a configuration file rather than in tabular format. In addition to displaying logged commands, the example shows the commands used to change configuration modes, which are required to correctly apply the logged commands.

Router# show archive log config all provisioning

archive

 log config

  logging enable

  logging size 200

The following example results in the display of memory usage statistics for the configuration log:

Router# show archive log config statistics

Config Log Session Info:

   Number of sessions being tracked: 1

   Memory being held: 3910 bytes

   Total memory allocated for session tracking: 3910 bytes

   Total memory freed from session tracking: 0 bytes

Config Log log-queue Info:

   Number of entries in the log-queue: 3

   Memory being held in the log-queue: 671 bytes

   Total memory allocated for log entries: 671 bytes

   Total memory freed from log entries:: 0 bytes

The output is self-explanatory.

Feature Information for Configuration Change Notification and Logging

Table 2 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

---

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

---

Table 2 Feature Information for Configuration Change Notification and Logging 

Feature Name	Releases	Feature Information
Configuration Change Notification and Logging	12.3(4)T, 12.2(25)S, 12.3(14)T, 12.2(27)SBC, 12.2(33)SRA	The Configuration Change Notification and Logging (Configuration Logging) feature allows the tracking of configuration changes entered on a per-session and per-user basis by implementing a configuration log. The configuration log tracks each configuration command that is applied, who applied the command, the parser return code for the command, and the time the command was applied. This feature also adds a notification mechanism that sends asynchronous notifications to registered applications whenever the configuration log changes. In 12.3(4)T, this feature was introduced. In 12.2(25)S, support was added for a Cisco IOS 12.2S release. in 12.2(14)T, The "Config Logger Enhancements for EAL4+ Certification" feature was introduced. In 12.2(27)SBC, support was added for a Cisco IOS 12.2SB release. In 12.2(33)SRA, support was added for a Cisco IOS 12.2SR release. The following sections provide information about this feature: •Configuration Change Notifications and Config Change Logging •Configuring the Configuration Change Notification and Logging Feature •Displaying Configuration Log Entries and Statistics The following commands were modified by this feature: archive, hidekeys, log config, logging enable, logging size, notify syslog, show archive log config.
Config Logger Enhancements for EAL4+ Certification	12.3(14)T, 12.2(28)SBC	Further enhancements to the Configuration Change Logging process were implemented in Cisco IOS Release 12.3(14)T. These enhancements support an effort to ensure the logging process meets the requirements set forth in the Conformance to Common Criteria, Evaluation Assurance Level 4+ (EAL4+) Firewall Protection Profiles. The following section provide information about this feature: •Config Logger Enhancements for EAL4+ Certification [12.3(14)T]

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2003 - 2006 Cisco Systems, Inc. All rights reserved.