Re: [Activity logging & archiving tool]

["Alexei Roudnev" <alex () relcom net>]

This is not dngerous - I do not expect any idiot, opening SNMP from outside
(SNMP is excellent protocol, which can crash ANY device in the world; I
crashed 6509 switch and PIX firewall in a few days, when debugged new
'snmpstat' system). And moreover, Cisco allows o lock IP and file name for
SNMP/TFTP.

On the other hand, using 'expect' is not  difficult and is much more
flexible. Most problems are with PIX-es with their paranoya, which cause a
nececity to know enable password for any simple action...

I'll send  my old expect script here tomorrow, if someone want (it is not
big). New script uses cryptography to remember a passwords, so it became
more secure, but idea is the same...





----- Original Message ----- 
From: "Christopher L. Morrow" <chris () UU NET>
To: "Scott McGrath" <mcgrath () fas harvard edu>
Cc: <nanog () merit edu>
Sent: Tuesday, November 25, 2003 1:51 PM
Subject: RE: [Activity logging & archiving tool]


> On Tue, 25 Nov 2003, Scott McGrath wrote:
>
> > CiscoWorks also polls the devices for configuration changes and
generates
> > a diff if you so desire.  If you have set up AAA you will have an audit
> > log of when changes were applied and who applied them.
> >
> >                             Scott C. McGrath
>
> I'm fairly certain that the tacacs standard implementations available on
> the cisco routers log out changes to the config made by users... That and
> a little log parsing magic and you have this data also. Be cautious that
> some of the EMS systems will grab configs through snmp WRITE initiated
> tftp writes, this could be dangerous if your routers are publicly
> accessible :)
>
> -Chris