Unauthorized configuration changes often wreak havoc to the business continuity and hence detecting changes is a crucial task. Detection should be real-time to set things right. DeviceExpert provides real-time configuration change detection and this section explains the steps to be done for enabling change detection.
Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. DeviceExpert leverages this change notification feature of devices to provide real-time change detection and tracking.
This
comes in handy for administrators to
keep track of the changes being made and to detect any unauthorized
changes. By enabling this, you can
You can enable change detection for a single device or for many devices at one go. Change detection can be enabled only for those devices for which you have provided the device credentials.
Go to the "Inventory" tab. Select the device or devices for which you wish to enable change detection
Click the link "Enable Change Detection" available in the drop-down under "More Actions" and fill-in the details
In case, you wish to disable the already enabled configuration tracking, you can do so as follows:
Select the device or devices for which you wish to disable change detection
Click "Enable Change Detection" available in the drop-down under "More Actions".
In the UI that opens, click the option "Disable" for the parameter 'Detecting Config Changes through Syslog'
DeviceExpert
captures username and IP
address when someone opens a telnet console and directly carries out a
configuration change to Cisco
devices.
To
capture this
information, the
following conditions are to be satisfied:
Login name should be enabled for cisco switches and routers and
syslog-based change detection has to be enabled (or)
information on who changed the configuration should be present in the
configuration header
When a user accesses the device via a telnet console and carries out any changes, the username will be captured under the "Changed By" column of the backedup configuration information. The IP address of the user will be printed in the annotation column.
Configuration change tracking can be scheduled through periodic configuration backup tasks. Configuration can be automatically backedup by adding a schedule and configuration versions can be tracked. For more details, refer to the 'Scheduled Tasks' section.
You may sometimes notice the following message in Syslog Configuration for Change Detection: Device(s) not supporting Configuration Detection through Syslog <device1>, <device2>, <device 3> This message is displayed in any of the following scenarios:
|