Real-time Configuration Change Detection



Unauthorized configuration changes often wreak havoc to the business continuity and hence detecting changes is a crucial task. Detection should be real-time to set things right. DeviceExpert provides real-time configuration change detection and this section explains the steps to be done for enabling change detection.

How does real-time change detection work?

Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. DeviceExpert leverages this change notification feature of devices to provide real-time change detection and tracking.

How does real-time detection benefit me?

This comes in handy for administrators to keep track of the changes being made and to detect any unauthorized changes. By enabling this, you can

    1. Capture configuration as and when changes happen
    2. Get real-time notifications on change detection
    3. Find information on who carried out the change and from where (the IP address)
    4. Detect unauthorized changes on real-time

How do I enable real-time change detection?

You can enable change detection for a single device or for many devices at one go. Change detection can be enabled only for those devices for which you have provided the device credentials.

To detect configuration changes through syslog,

To disable configuration change detection,

In case, you wish to disable the already enabled configuration tracking, you can do so as follows:

How do I capture information on 'who changed' the configuration?

DeviceExpert captures username and IP address when someone opens a telnet console and directly carries out a configuration change to Cisco devices.

To capture this information, the following conditions are to be satisfied:

When a user accesses the device via a telnet console and carries out any changes, the username will be captured under the "Changed By" column of the backedup configuration information. The IP address of the user will be printed in the annotation column.


Automated Change Detection through Schedules

Configuration change tracking can be scheduled through periodic configuration backup tasks. Configuration can be automatically backedup by adding a schedule and configuration versions can be tracked. For more details, refer to the 'Scheduled Tasks' section.

Troubleshooting Tips


Important Note


You may sometimes notice the following message in Syslog Configuration for Change Detection:

Device(s) not supporting Configuration Detection through Syslog

<device1>, <device2>, <device 3>

This message is displayed in any of the following scenarios:

  • Device does not generate syslog messages; so syslog-based change detection is not possible

  • Device generates syslog messages for configuration change events but DeviceExpert has not yet added change detection support for this device. If this is the case, contact

  • In the case of Cisco IOS routers and switches, if SNMP protocol is used for communicating with the device, auto configuration for "syslog based change detection" is not supported. In such a case, you need to manually configure the router/switch to forward syslog messages to the DeviceExpert syslog server. Change Detection will then be enabled. Alternatively, you can choose Telnet as the protocol for communication


Copyright © 2010, ZOHO Corp. All Rights Reserved.
Network Monitoring Software from ManageEngine