Using the Cisco IOS Archive Command

Using the Cisco IOS Archive Command

The Cisco IOS archive command is not only very useful in keeping configuration archives, but it can also be used to log commands entered into the router, along with their user name. As with most technologies, their options can be rather extensive so we will just be covering the basics here.

Configuration Archive

In IOS 12.3, Cisco introduced the archive, and archive config commands. At a bare minimum, you can start archiving configs with a 2 line setup! Here we’ve simply defined an archive path, and manually told the router to make two archives of the configuration using the archive config command.

Router#conf t
Router(config)# archive 
Router(config-archive)#?
Archive configuration commands:
  default       Set a command to its defaults
  exit          Exit from archive configuration mode
  log           Logging commands
  maximum       Maximum number of backup copies
  no            Negate a command or set its defaults
  path          Path for backups
  rollback      Rollback parameters
  time-period   Period of time in minutes to automatically archive the running-config
  write-memory  Enable automatic backup generation during write memory

Router(config-archive)# path flash:backup_config
Router(config-archive)#^Z
Router# archive config
Router#
Router# archive config
Router#
Router# show archive 
There are currently 3 archive configurations saved.
The next archive file will be named flash:mybackup-3
 Archive #  Name
   0
   1       flash:backup_config-1
   2       flash:backup_config-2 <- Most Recent
   3
   4
...

It would be a much better idea to keep your configuration archive off the router in case of flash failure. Most common protocols are supported. (TFTP, FTP, HTTP, RCP)

You can view your archived configurations via the show archive config with the differences or incremental-diffs argument.

Router# show archive config ?

  differences              Display the differences between two config files
  incremental-diffs        Display lines in config file which will be added to running-config

Other archive configuration options include

  • maximum - Set a maximum number of backup copies
  • time-period - Automagicly archive your configuration at set time intervals
  • write-memory - Automagicly archive your configuration when you do a wr mem

Logging CLI Commands

Configuration Command logging can be used to maintain a log of configuration changes. Commands with syntax errors or partial commands that invoke the help system are not logged. For each configuration command that is executed, the following information is logged.

  • The command that was executed
  • The configuration mode in which the command was executed
  • The name of the user that executed the command
  • The time at which the command was executed
  • A configuration change sequence number
  • Parser return codes for the command

Here is a sample configuration.

Router#conf t
Router(config)#archive 
Router(config-archive)#log config 
Router(config-archive-log-cfg)#?
commands for controlling config logging:
  default   Set a command to its defaults
  exit      Exit from the log config submode
  hidekeys  suppress output (e.g. passwords) when displaying logged commands
  logging   Modify config logging parameters
  no        Negate a command or set its defaults
  notify    Send logged commands to target applications
  record    What to record in the config logger

Router(config-archive-log-cfg)#logging enable
Router(config-archive-log-cfg)#logging size 500
Router(config-archive-log-cfg)#hidekeys

To view your configuration log, simply execute the show command show archive log config all - although you can also filter by user, or user + session number.

Router#show archive log config all
 idx   sess           user@line      Logged command
    1     1          tonhe@vty1     |  logging enable 
    2     1          tonhe@vty1     |  logging size 500
    3     1          tonhe@vty1     |  hidekeys 
    4     0          tonhe@vty0     |!exec: enable
    5     2          tonhe@vty0     |interface l0 
    6     2          tonhe@vty0     | no ip address

Conclusion

For those of us that worry what happens to our network when were not around, these tools could be more than invaluable. The could certainly provide us with the peace of mind that some of us need. As usual, if you have any questions or comments, please leave them below and I’ll do my best to get back to you as soon as possible.

Tags :
comments powered by Disqus

Related Posts

Using Regular Expressions on Cisco IOS

Using Regular Expressions on Cisco IOS

As a followup to my previous post on Regular Expression Basics , I wanted to give a few examples on using them on Cisco …

Read More
Netcat – secret weapon

Netcat – secret weapon

Netcat or nc, is a forgotten tool in too many arsenals these days. It lays dormant waiting at the command line to make connections across the globe for you. Knowing how to use it, …

Read More
Petition Cisco for Educational IOS Licensing

Petition Cisco for Educational IOS Licensing

Greg Ferro of Etheralmind.com has started a petition asking Cisco to embrace those who pursue Cisco’s certifications a …

Read More