[c-nsp] 12.2SXH 'archive' / Configuration Management

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sun Jun 8 16:10:18 EDT 2008


Hi,
> Try kiwi cattools works well and will send you a detailed list of 
> changes.not very expensive

I've also heard good things about this tool.


we also run RANCID - but also have our own suite
of config harvesting tools that use telnet/SSH
with 'expect' - to grab various things - running-config,
environment, version etc into different directories.
very nice and trivial to then check for any end devices
that dont have a particular option enabled etc.

we also use TACACS+ on all our devices (switches, routers,
ASAs) so that all user logins are recorded and all user
actions on the devices are logged.  was working on a way
of grabbing the config from a device after a 'configure
terminal' had been run (caught by TACACS+) - otherwise
we really only operate on the coarse grain of one hour
between each poll. load isnt too bad for this sort of thing..
far far lower than SNMPing them for the traffic stats.

we also have a manually entered changelog system (one
reason why i wanted some other backend auto-log system)
which must be used. changes without changelog entry are
not tolerated.

alan



More information about the cisco-nsp mailing list