DeviceExpert Home | Online Demo | Prev << | Next >>
Contents
|
One of the ways to detect configuration changes in a device is by monitoring syslog messages. Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. This comes in handy for administrators to keep track of the changes being made and to detect any unauthorized changes.
DeviceExpert leverages this change notification feature of devices to provide real-time change detection and tracking. A syslog server comes in-built with DeviceExpert. It occupies port 514.
Besides the real-time change detection, configuration changes could also be tracked through scheduled, periodic backup of device configuration.
select the device or devices for which you wish to enable change detection
click "Enable Change Detection" available in the drop-down under "More Actions"
in the UI that opens, click the option "Enable" for the parameter 'Detecting Config Changes through Syslog'
the IP address and Port of the in-built syslog server will be listed. On enabling change detection through syslog, the device would be configured by DeviceExpert to forward syslog messages to the in-built Syslog Server. [Generally devices can forward syslog messages to multiple hosts]
Note: If a logging level different from the ones listed in the box is set, the device will not generate configuration change notification messages. |
click "Update"
configuration change detection through syslog is enabled
In case, you wish to disable the already enabled configuration tracking, you can do so as follows:
select the device or devices for which you wish to disable change detection
click "Enable Change Detection" available in the drop-down under "More Actions"
in the UI that opens, click the option "Disable" for the parameter 'Detecting Config Changes through Syslog'
on disabling change detection through syslog, the device would be configured by DeviceExpert to stop forwarding syslog messages to the built-in syslog Server
DeviceExpert captures username and IP address when someone opens a telnet
console and directly carries out a configuration change to Cisco IOS switches and routers.
To capture this information, the following conditions are to be satisfied:
Login name should be enabled for cisco switches and routers and
syslog-based change detection has to be enabled
When a user accesses the device via a telnet console and carries out
any changes, the username will be captured under the "Changed By"
column of the backedup configuration information. The IP address
of the user will be printed in the annotation column.
You may sometimes notice the following message in Syslog Configuration for Change Detection:
Device(s) not supporting Configuration Detection through Syslog <device1>, <device2>, <device 3>
This message is displayed in any of the following scenarios:
|
Configuration change tracking can be scheduled through periodic configuration backup tasks. Configuration can be automatically backedup by adding a schedule and configuration versions can be tracked.
For more details, click here.
DeviceExpert provides convenient change management options. Once the configuration change in a device is detected, it is important that notifications are sent to those responsible for change management.
DeviceExpert helps in sending notifications in three ways:
Sending Email
Sending SNMP Traps
Generating trouble Tickets
And these notifications can be sent whenever there happens a change in
Startup or Running Configuration
Startup Configuration alone
Running Configuration alone
Setting up Change Notification is a simple, four-step process:
(1) Provide a name for the Change Management Rule
(2) Choose Change Management condition
(3) Specify the action
(4) Associate devices or groups
Providing a name for the Change Management Rule
This step deals with just providing a name and description for the intended change management rule. 'Change Management Rule' here refers to the condition based on which you would like to get the notification. As stated above, notification could be triggered when startup and/or running configuration of a device undergoes a change. You may provide names such as "Startup Config Changed', "Running Config Changed". This would be of help in identifying the rule and for reusing it for other devices later.
To provide a name,
Go to "Inventory" tab
Click the link "Change Management" present under the "Device Management" section in the LHS
In the "Change Management" UI that opens up, click the button "Add"
Enter 'Rule Name' and 'Description' in the respective text fields
Choosing Change Management Condition
Click any one of the radio button -
Startup or Running Configuration is changed - to send notification when either Startup or Running configuration of a device is changed
Running Configuration is changed - to send notification when the Running configuration of a device is changed
Startup Configuration is changed - to send notification when the Startup configuration of a device is changed
Specifying the action
After defining the condition in the previous step, you can specify any of the following three actions:
Sending Email - sending Email notifications to the desired recipients
Sending SNMP Traps - sending an SNMP v2 trap to specific host
Generating trouble Tickets - generate a trouble ticket to help desk
To send email notifications to the desired recipients (based on the change management condition specified earlier),
Click the checkbox "Send Email"
Enter the Email ids of the intended recipients. If you want to send the notification to multiple recipients, enter the ids separated by a comma. By default, the Email ids configured through Admin >> Mail Settings page are displayed here. You may add new Email ids if required
Provide a subject for the notification and the actual message in the respective fields. Here, in the subject and message fields, you have the option to provide details such as Device Name, IP, type of configuration that underwent change (startup/running), and who changed the configuration
For this purpose, DeviceExpert provides replaceable tags - $DEVICENAME, $DEVICEIP, $CONFIGTYPE and $CHANGEDBY. You may use these tags to provide exact details in the subject and message fields of the notification.
Example: $CONFIGTYPE of $DEVICENAME changed
Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.
You have the option to append the configuration diff in the message. The difference with the previous version would be pasted in the message field. To enable this option, click "Append Configuration Diff in Message"
Click "Add"
Email notification for change management is added
SNMP v2 traps could be sent to specific host upon detecting a configuration change. To send SNMP trap to the desired host (based on the change management condition specified earlier),
Click the checkbox "Send SNMP Tarp"
Enter hostname or ip address of the recipient
Also, enter SNMP port and community. Default values 162 for port and public for community
Click "Add"
Note:
The SnmpTrapOid will be .1.3.6.1.4.1.2162.100.4.1.2.1 |
Upon detecting changes in configuration, you have the option to generate trouble tickets to your Help Desk. To generate trouble tickets,
Click the checkbox "Generate Trouble Tickets"
Enter the Email id of the help desk. By default, the Help Desk id configured through Admin >> Mail Settings page are displayed here. You may add new Email ids if required
Provide a subject for the notification and the actual message in the respective fields. Here, in the subject and message fields, you have the option to provide details such as Device Name, IP, type of configuration that underwent change (startup/running), and who changed the configuration
For this purpose, DeviceExpert provides replaceable tags - $DEVICENAME, $DEVICEIP, $CONFIGTYPE and $CHANGEDBY. You may use these tags to provide exact details in the subject and message fields of the notification.
Example: $CONFIGTYPE of $DEVICENAME changed
Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.
You have the option to append the configuration diff in the message. The difference with the previous version would be pasted in the message field. To enable this option, click "Append Configuration Diff in Message"
Click "Add"
Trouble Ticket generation for change management is added
After creating change management rule, the next step is associating the rule with devices or device groups. This is done to specify the device or devices whose configuration has to be monitored for changes.
To associate a single device with the rule
Go to the "Inventory" page
Click the "Host Name" of the device with which the rule has to be associated
In the "Device Details" page that opens up, go to "Change Management" tab
Click "Associate Rules"
In the page that opens up, the names of available rules are listed
Select the rule, which is to be associated with the device
Click "Associate"
The rule is associated with the required device
To associate rule with device group
Go to the "Inventory" page
Click the required device group under the tab "Device Group"
In the page that opens up, go to "Change Management" tab
Click "Associate Rules"
In the page that opens up, the names of available rules are listed
Select the rule, which is to be associated with the device group
Click "Associate"
The rule is associated with the device group. The rule applies to all devices that are part of the group
Important Note:
(1) Change Management Rule can be added from the Device Details page & Device Group page also. When you do so, the rule will automatically get associated with that device or device group.
(2) If a rule is modified, the change takes effect for all the devices/groups associated with it. |
After adding a change management rule, you will find the status of the device marked as "Enabled". You can temporarily disable the execution of a rule and enable it again later.
Go to "Inventory" tab
Click the link "Change Management" present under the "Device Management" section in the LHS
Select the rule(s) to be disabled from the list of rules
Click the button "Disable"
You will find the status of the rule changing as "Disabled"
Select the disabled rules(s) in the list
Click the button "Enable"
You will find the status of the device in inventory changing to "Enabled"
Select the rule(s) to be removed from the list
Click the button "Remove"
Warning: When you click "Remove", it removes the rule permanently from the database. |
Next Section covers ....
|
Copyright © 2005-2006, AdventNet Inc. All Rights Reserved.