Courseiva
SystemGlobal Config

archive log config

The 'archive log config' command enables logging of configuration changes on a Cisco IOS device, allowing administrators to track who made what changes and when for auditing and troubleshooting purposes.

Syntax·Global Config
archive log config

When to Use This Command

  • Tracking configuration changes made by multiple network engineers to identify who introduced a misconfiguration.
  • Complying with security audit requirements that mandate logging of all configuration changes on network devices.
  • Rolling back to a previous configuration by reviewing logged changes before a known good state.
  • Monitoring unauthorized configuration changes in a production network to quickly detect and respond to security breaches.

Command Examples

Enable Configuration Change Logging

archive log config logging enable logging size 200 notify syslog hidekeys
Router(config-archive-log-cfg)# logging enable
Router(config-archive-log-cfg)# logging size 200
Router(config-archive-log-cfg)# notify syslog
Router(config-archive-log-cfg)# hidekeys
Router(config-archive-log-cfg)# exit
Router(config)# end
Router# show archive log config all

 idx   sess      user@line      Logged commands
 ---- ---------- -------------- ------------------------------------------------
   1    1        admin@console  logging enable
   2    1        admin@console  logging size 200
   3    1        admin@console  notify syslog
   4    1        admin@console  hidekeys
   5    2        admin@vty0     interface GigabitEthernet0/1
   6    2        admin@vty0     ip address 192.168.1.1 255.255.255.0
   7    2        admin@vty0     no shutdown

The output shows the configuration change log. 'idx' is the sequence number of the logged command. 'sess' is the session ID (increments per login session). 'user@line' shows the username and connection type (console or vty). 'Logged commands' lists the exact commands entered. This example shows admin making changes via console (sessions 1) and later via Telnet/SSH (vty0, session 2).

View Configuration Change Log Summary

show archive log config summary
Configuration log is enabled
Maximum logging buffer size: 200
Current logging buffer size: 7
Number of config log entries: 7
Logging to syslog: enabled
Hidekeys: enabled

This output provides a summary of the logging configuration. 'Maximum logging buffer size' is the configured limit. 'Current logging buffer size' shows how many entries are currently stored. 'Number of config log entries' is the total logged commands. 'Logging to syslog' indicates if syslog notifications are enabled. 'Hidekeys' shows whether sensitive commands (like passwords) are hidden from the log.

Understanding the Output

When you use 'show archive log config all', the output displays a table with columns: idx (sequential index of each logged command), sess (session identifier that increments with each new login session), user@line (username and connection type, e.g., admin@console for console or admin@vty0 for remote access), and Logged commands (the exact configuration commands entered). The log helps track who made changes and in what order. A high number of entries from a single session might indicate bulk changes. If 'hidekeys' is enabled, commands containing passwords (like 'username secret' or 'enable secret') are replaced with '***' for security. The syslog notification sends these logs to a syslog server for centralized monitoring. In a real network, you would use this to audit changes, especially after an outage or security incident. Good values include consistent user entries and expected changes; bad values include unknown users, unexpected changes, or a sudden spike in log entries indicating possible unauthorized activity.

CCNA Exam Tips

1.

CCNA exam tip 1: Remember that 'archive log config' is used to log configuration changes, not to archive configurations (that's 'archive path' and 'archive' commands).

2.

CCNA exam tip 2: The 'hidekeys' option is critical for security; it prevents passwords from being displayed in the log. The exam may test that this is enabled by default or recommended.

3.

CCNA exam tip 3: Know that 'logging enable' must be issued under 'archive log config' to start logging; without it, no changes are recorded.

4.

CCNA exam tip 4: The 'notify syslog' command sends logs to a syslog server; the exam might ask how to integrate with centralized logging.

Common Mistakes

Mistake 1: Forgetting to issue 'logging enable' after entering 'archive log config' mode, resulting in no changes being logged.

Mistake 2: Not using 'hidekeys' and exposing sensitive passwords in the log output, which can be a security risk.

Mistake 3: Setting the logging buffer size too small, causing older entries to be overwritten before they are reviewed.

Related Commands

show logging

Displays the state of system logging (syslog) on the device, including buffer contents, logging configuration, and statistics, used for troubleshooting and monitoring system events.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions