![]() It would be setup to run once a day at a specified time.Ĭurrently what I'm trying is saving the current running-config to a file. ! NVRAM config last updated at 00:03:05 EDT Sun by user The only way to get around this would be to remove the below lines from the file: ! Last configuration change at 01:47:20 EDT Sun by user ![]() The problem with something like this, assuming EEM can do it, is that 'false configuration changes' are still possible as when someone enters and exits configuration mode without making changes, the timestamp on the running config is modified. So when EEM runs the next day, it will grab the current running-config, save it to file, and compute the hash. When it runs, how can I check to see if the current running-config is different from the last check? Conceptually, and I don't know if EEM can do this, but I've thought about saving the running-config to a local file and then hashing that file. With EEM, how do you determine if the config has truly changed since the last check? Let's say EEM is configured with a cron timer to run once a day. Once that happens, 'show archive config difference' will show no difference, so I'm not sure how that would work. This solution would determine a difference occurred when it didn't.įor 'show archive config difference', this only works if the running-config hasn't been saved to the startup-config. It's possible for someone to enter configuration mode and then exit without making changes. As mentioned in my original post, this won't detect 'false configuration changes'. In these cases, the environment is airgapped and we don't have any management system within that environment, so some type of script on the device is our only option.įor the example you provided, the issue I see with it is that it keys on the syslog string '%SYS-5-CONFIG_I: Configured from'. However, there are specific use cases where the devices won't have a management system. What I'm trying to get going is a temporary solution until then. Additionally, this would be for around 1,500 devices, so I'd much prefer the devices to push the config than for me to remote to each one.įor option 3, at some point in the future will we have a management system that will archive these configs for us. The biggest is that a majority of these devices are behind a firewall and I have to use my RSA SecurID to get through the firewall. For your option 2, I considered this, but it poses some issues for my environment. Is EEM capable of handling this? If not, is TCL my only option? for your response. So if someone modifies the running configuration, but forgets to write it to memory, the script would still detect this as a configuration change. I'd also like it to be resilient against configuration changes that weren't saved. IOS knows a change didn't occur as issuing 'show archive config diff' does not show any changes. I've noticed if you enter configuration mode and then exit, the running configuration will update the 'Last Configuration' timestamp. Regardless of how this is accomplished, I'd like it to be resilient against false configuration changes. As far as checking whether the configuration changed, I'm not sure if EEM can do that. EEM has cron capability, so it can run once a day. The only other options that I know of are EEM and TCL. It doesn't appear config archive or kron can check if the configuration has actually changed. I'd like this to run once a day and if the configuration has changed since the last check, send it to the server. What I'm looking to do is automatically send the configuration to an FTP server if the configuration has changed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |