[c-nsp] Tracking config changes
Peter Rathlev
peter at rathlev.dk
Mon May 24 13:35:54 EDT 2010
On Mon, 2010-05-24 at 09:34 -0700, Mike wrote:
> One approach I might think of would be to poll the devices on my
> normal snmp schedule and include a check for the last date of
> configuration change. I could easilly throw an alert if it's been more
> than an hour since the last config change/write to memory, but I don't
> know which variables I would poll for that.
To answer your specific question, you could compare these two variable:
CISCO-CONFIG-MAN-MIB::ccmHistoryRunningLastChanged.0
CISCO-CONFIG-MAN-MIB::ccmHistoryStartupLastChanged.0
If the latter is less than the former you should commit to NVRAM. Beware
of wraps though, since these are your standard SNMP "jiffies", 32-bit
counter of 0.01 seconds. One possibility is to compare the two with
SNMPv2-MIB::sysUpTime.0 and assume that changes cannot have happened in
the future.
If you want to do more fancy things you can take a look at
CISCO-CONFIG-MAN-MIB::ccmHistoryEventTable, which will give you a table
with timestamps for different configuration events.
An example:
/usr/bin/snmptable -v2c -c $SECRET -Ot -CH -Cf , $DEVICE_NAME CISCO-CONFIG-MAN-MIB::ccmHistoryEventTable
This gives an easily parseable comma seperated table. Fields #3 and #4
are probably the most relevant for a simple setup. They describe the
"source" and "destination" for the configuration event:
running: Running-config
startup: Startup-config
networkTftp: TFTP server
commandSource: The CLI
So "running" -> "commandSource" is "show run". And "commandSource" ->
"running" is manual configuration via CLI. And so on.
--
Peter
More information about the cisco-nsp
mailing list