[j-nsp] email from commit or op script?
Bill Marquette
bill.marquette at ucsecurity.com
Wed Feb 17 08:39:04 EST 2010
----- "Bill Blackford" <BBlackford at nwresd.k12.or.us> wrote:
> Hopefully not far off topic:
>
> Some of us pull our config changes into RANCID which in turn emails
> the NOC/Ops email address accordingly. I find receiving these emails
> quite useful.
RANCID is too slow for an exact audit trail (or specifically, our requirements), although not a bad choice for many. I need the diffs of each commit as they happen, not later (and I need to enforce that people put in a change comment) - I'm working through an op script now to prompt for the info and do the commit.
Off topic of this thread, but since I brought it up, the workflow I keep referencing is:
User makes change
User runs commit script (op script in this case)
Commit script asks for change log (requires change log)
Commit script shows change diff (having issues here - will post new thread later today if I can't figure it out)
Commit script asks user if this is what they want to commit
Commit script attempts to commit change
JUNOS commit scripts run and sanity check config
Diff of change is emailed to our tracking database with a commit log in subject line, thus allowing for email processing to add to ticket system
The device in question is an SRX and it's feasible (and probable given our change windows) that multiple technicians could be making changes on it in rapid fire - anything that pulls the current config and rollback 0, will run the risk of getting a second change, not the original one. And since I have the diff already generated, I just need to get it offbox. For reference, this is a workflow we've used for years on our existing firewalls (non-commercial) and the flexibility JUNOS brought to the table is what allowed us to start the migration to the SRXs.
--Bill
More information about the juniper-nsp
mailing list