Sample Code Audits of Configuration Changes
This sample code audits all changes to the configuration secret data and sends the logs to a file named syslog:
[edit system] syslog { file syslog { authorization info; change-log info; interactive-commands info; } }
This sample code expands the scope of the minimum audit to audit all changes to the configuration, not just secret data, and sends the logs to a file named syslog:
[edit system] syslog { file syslog { any any; authorization info; change-log any; interactive-commands info; kernel info; pfe info; } }
Example: System Logging of Configuration Changes
This example shows a sample configuration
and makes changes to users and secret data. It then shows the information
sent to the audit server when the secret data is added to the original
configuration and committed with the load
command.
[edit system] location { country-code US; building B1; } ... login { message "UNAUTHORIZED USE OF THIS ROUTER\n\tIS STRICTLY PROHIBITED!"; user admin { uid 2000; class super-user; authentication { encrypted-password “$ABC123”; # SECRET-DATA } } password { format md5; } } radius-server 192.0.2.15 { secret “$ABC123” # SECRET-DATA } services { ssh; } syslog { user *{ any emergency; } file syslog { any notice; authorization info; } file interactive-commands { interactive-commands any; } } ... ...
The new configuration changes the secret data configuration statements and adds a new user.
user@host# show | compare [edit system login user admin authentication] – encrypted-password “$ABC123”; # SECRET-DATA + encrypted-password “$ABC123”; # SECRET-DATA [edit system login] + user admin2 { + uid 2001; + class operator; + authentication { + encrypted-password “$ABC123”; # SECRET-DATA + } + } [edit system radius-server 192.0.2.15] – secret “$ABC123”; # SECRET-DATA + secret “$ABC123”; # SECRET-DATA