DeviceExpert Home | Online Demo | Prev << | Next >>

Configuration Change Detection

Contents

 

Overview

One of the ways to detect configuration changes in a device is by monitoring syslog messages. Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. This comes in handy for administrators to keep track of the changes being made and to detect any unauthorized changes.

 

DeviceExpert leverages this change notification feature of devices to provide real-time change detection and tracking. A syslog server comes in-built with DeviceExpert. It occupies port 514.

 

Besides the real-time change detection, configuration changes could also be tracked through scheduled, periodic backup of device configuration.

Real-time Configuration Change Detection

To detect configuration changes through syslog,

 

Note: If a logging level different from the ones listed in the box is set, the device will not generate configuration change notification messages.

   

 

In case, you wish to disable the already enabled configuration tracking, you can do so as follows:

To disable configuration change detection,

Capturing information on 'who changed' the configuration

DeviceExpert captures username and IP address when someone opens a telnet console and directly carries out a configuration change to Cisco IOS switches and routers.
 

To capture this information, the following conditions are to be satisfied:
 

When a user accesses the device via a telnet console and carries out any changes, the username will be captured under the "Changed By" column of the backedup configuration information. The IP address of the user will be printed in the annotation column.
 

 

Important Note

 

You may sometimes notice the following message in Syslog Configuration for Change Detection:

 

Device(s) not supporting Configuration Detection through Syslog

<device1>, <device2>, <device 3>

 

This message is displayed in any of the following scenarios:

 

  • Device does not generate syslog messages; so syslog-based change detection is not possible

  • Device generates syslog messages for configuration change events but DeviceExpert has not yet added change detection support for this device. If this is the case, contact support@deviceexpert.com

  • In the case of Cisco IOS routers and switches, if SNMP protocol is used for communicating with the device, auto configuration for "syslog based change detection" is not supported. In such a case, you need to manually configure the router/switch to forward syslog messages to the DeviceExpert syslog server. Change Detection will then be enabled. Alternatively, you can choose Telnet as the protocol for communication

 

 

Scheduled Change Detection

Configuration change tracking can be scheduled through periodic configuration backup tasks. Configuration can be automatically backedup by adding a schedule and configuration versions can be tracked.

 

For more details, click here.

Configuration Change Management

DeviceExpert provides convenient change management options. Once the configuration change in a device is detected, it is important that notifications are sent to those responsible for change management.

 

DeviceExpert helps in sending notifications in three ways:

 

 

And these notifications can be sent whenever there happens a change in

 

How to set up change notification?

Setting up Change Notification is a simple, four-step process:

 

(1) Provide a name for the Change Management Rule

(2) Choose Change Management condition

(3) Specify the action

(4) Associate devices or groups

 

Providing a name for the Change Management Rule

 

This step deals with just providing a name and description for the intended change management rule. 'Change Management Rule' here refers to the condition based on which you would like to get the notification. As stated above, notification could be triggered when startup and/or running configuration of a device undergoes a change. You may provide names such as "Startup Config Changed', "Running Config Changed". This would be of help in identifying the rule and for reusing it for other devices later.

 

To provide a name,

 

 

Choosing Change Management Condition

 

Click any one of the radio button -

 

 

Specifying the action

 

After defining the condition in the previous step, you can specify any of the following three actions:

 

 

Sending Email Notifications

 

To send email notifications to the desired recipients (based on the change management condition specified earlier),

 

Example: $CONFIGTYPE of $DEVICENAME changed

Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.

 

Sending SNMP Trap

 

SNMP v2 traps could be sent to specific host upon detecting a configuration change. To send SNMP trap to the desired host (based on the change management condition specified earlier),

 

 

Note: The SnmpTrapOid will be .1.3.6.1.4.1.2162.100.4.1.2.1

Varbinds will include the display name of the device whose configuration has been changed, its IP address, the type of configuration that underwent change - startup or running and the login name of the user who changed the configuration.

Refer ADVENTNET-DEVICEEXPERT-MIB present under <DeviceExpert Home>/protocol/mibs directory

 

Generating Trouble Tickets

 

Upon detecting changes in configuration, you have the option to generate trouble tickets to your Help Desk. To generate trouble tickets,

 

Example: $CONFIGTYPE of $DEVICENAME changed

Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.

Associating rules with device/groups

After creating change management rule, the next step is associating the rule with devices or device groups. This is done to specify the device or devices whose configuration has to be monitored for changes.

 

To associate a single device with the rule

 

 

To associate rule with device group

 

 

Important Note:

 

(1) Change Management Rule can be added from the Device Details page & Device Group page also. When you do so, the rule will automatically get associated with that device or device group.

 

(2) If a rule is modified, the change takes effect for all the devices/groups associated with it.

 

Disabling, Enabling & Removing a Rule

After adding a change management rule, you will find the status of the device marked as "Enabled". You can temporarily disable the execution of a rule and enable it again later.

To disable a rule,

To enable a disabled rule,

To remove a rule,

 

Warning: When you click "Remove", it removes the rule permanently from the database.

 

 

Next Section covers ....

 

 


Copyright © 2005-2006, AdventNet Inc. All Rights Reserved.