Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Auditing of Configuration Changes

    This sample code audits all changes to the configuration secret data and sends the logs to a file named Audit-File:

    [edit system]
    syslog {file Audit-File {authorization info;change-log info;interactive-commands info;}}

    This sample code expands the scope of the minimum audit to audit all changes to the configuration, not just secret data, and sends the logs to a file named Audit-File:

    [edit system]
    syslog {file Audit-File {any any;authorization info;change-log any;interactive-commands info;kernel info;pfe info;}}

    Example: System Logging of Configuration Changes

    This example shows a sample configuration and makes changes to users and secret data. It then shows the information sent to the audit server when the secret data is added to the original configuration and committed with the load command.

    [edit system]
    location {country-code US;building B1;}
    ...
    login {message "UNAUTHORIZED USE OF THIS ROUTER\n\tIS STRICTLY PROHIBITED!";user admin {uid 2000;     class super-user;authentication {encrypted-password “$1$pRxmZhC0$5F.ysqVL4Z5G67yg4Af4L.”; # SECRET-DATA }}password {format md5;}}
    radius-server 10.10.10.10 {secret “$9$jCkfz3nC0ORmfEyKvN-ikqPz39Ap” # SECRET-DATA}
    services {ssh;}
    syslog {user *{any emergency;}file messages {any notice;authorization info;}file interactive-commands {interactive-commands any;}}
    ......

    The new configuration changes the secret data configuration statements and adds a new user.

    user@host# show | compare[edit system login user admin authentication]–    encrypted-password “$1$pRxmZhC0$5F.ysqVL4Z5G67yg4Af4L.”; # SECRET-DATA+    encrypted-password “$1$4iTht8rmdlfKJdMMmdU03nd0skKwdj”; # SECRET-DATA[edit system login]+    user admin2 {+        uid 2001;+        class operator;+        authentication {+            encrypted-password “$1$hJP42n6Q$6twaOvyLAjfkFvZ6ELKxpGW”;                    # SECRET-DATA+        }+     }[edit system radius-server 10.10.10.10]–    secret “$9$jCkfz3nC0ORmfEyKvN-ikqPz39Ap”; # SECRET-DATA+    secret “$9$99ZiCORrlMXNbvWbb2oGq.Fn/C0BrHs”; # SECRET-DATA

    Published: 2013-12-10