Real-Time Network Change Detection

Unauthorized configuration changes can wreak havoc on business continuity, which is why detecting and tracking changes using real-time change detection is a crucial task for network admins. Although changes can be tracked manually, this method tends to be time consuming and often leads to human error, like missing out configurations of critical network devices while tracking.

Real-time change detection must be enabled in the network devices you want to detect changes for. The below events give an in-depth look at how real-time change detection works and how to configure real-time change detection in Network Configuration Manager:

 

To resolve this, Network Configuration Manager, also known as network change monitoring tool, offers real-time configuration change management and detection. Using NCM real-time change detection, admins can track and detect changes in real time with NCM real-time change detection setup, which helps with gaining total control over all the devices in their networking environment.

Monitor Network Changes

  • When an admin, operator, or user logs in and out of a network device, the device generates a syslog message.
  • These syslog messages will be sent to the built-in syslog server in Network Configuration Manager, which looks for the log out message.
  • Upon receiving a log out message, Network Configuration Manager or network change monitoring software triggers the configuration backup of that network device. This is because whenever someone logs out of a device, there's a possibility that person made a change in the config file of that device.
  • This backed-up configuration file is then compared to the latest configuration version of that device and is checked for any changes.
  • If any change is detected, the backed up configuration file is encrypted and stored in Network Configuration Manager's database.
  • If no change is detected, the backed-up file is discarded.

Real-time change notifications for Network devices

Manually checking every configuration to see if a change was made is an impossible task. Network Configuration Manager, using its NCM real-time change detection setup, simplifies manging configurations and monitoring network change by providing real-time notifications via:

Email: Here, you can specify which email you want these notifications to be sent to. You can provide more than one email address. You can also edit the subject as well as the content in the notification. Using distinct subject lines helps with quickly identifying notifications while looking through your inbox.

NCM Real-Time Change Detection - ManageEngine Network Configuration Manager

SNMP traps: To monitor network changes effectively, It's best to alert your network monitoring solution about changes made to your devices. Network monitoring solutions are alerted by network change detection about changes using SNMP traps. Using a network change monitoring tool like Network Configuration Manager, you can send SNMP traps to your network monitoring application. As shown below, you can configure the IP address/hostname, destination port and community (private/public) for the SNMP traps.

NCM Real-Time Change Detection Setup - ManageEngine Network Configuration Manager

Syslog messages: When a change is made in the devices associated, the syslog server triggers syslog messages. If these changes were made to a security device or a core router, then the syslog message has to be sent to SIEM applications. With Network Configuration Manager's real-time change detection setup, you can configure syslog messages to be sent to SIEM applications from the NCM server.

Trouble tickets: Network change monitoring software like Network Configuration Manager sends notifications in the form of trouble tickets to the operator in charge of a particular device or a device group. You can configure trouble tickets to be sent to your ticketing tool, with a custom message.

Rollback: In vulnerable and critical devices such as core routers or firewalls where you do not want any changes to be made, you can set up a rollback mechanism. You can set the device to revert to its previous version or the baseline configuration every time a change is made.

Network Change Monitoring Software - ManageEngine Network Configuration Manager

Benefits of Real-Time change detection in network configurations

Proactive change management: Real-time configuration change management helps the administrator detect changes immediately. It also gives a detailed report about who made the change, whether it's an authorized change or not, and what exactly the change was. This gives admins better visibility into their networks and helps them manage and monitor network changes efficiently.

Monitor Network Changes - ManageEngine Network Configuration Manager

Revert unwanted changes: Real-time change detection allows admins to revert unwanted changes in critical devices before they affect the functioning of that network device. As soon as a change is detected while monitoring network change, the admin can decide on the spot if the change is necessary or not. This helps avoid possible network outages and reduces downtime in network devices.

Color-coded change differentiation: When a change is detected via network change detection, the admin can view what the changes are using the diff-view. Using diff view, the administrator can view the deleted, added, and modified configuration lines which appear in various different colors that make them easy to identify.

Reports on configuration changes: Configure real-time change detection in NCM using configuration change reports that provide the date, time, and other details of a change.  

You can apply filters and view reports on a particular device or a device group. For example, if you want to view changes made in a Cisco device group, you can apply filters and view a change report on Cisco devices alone. Network Configuration Manager also enables users to export reports in PDF format.

Network Change Detection Reports - ManageEngine Network Configuration Manager