cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
743
Views
0
Helpful
5
Replies

cisco lms - config collection

Ignacio Freyre
Level 1
Level 1

Hi, i'm looking for a way to collect config's from specific devices periodically, is this possible?

for example, collect configs from firewalls everyday at midnight , and collect routers config once a week.

firewalls: (about 3 devices, config changes every day)

routers: (about 800 devices, rarely change the config)

 

the only config collection schedule i have found so far is too simple:

admin > collection settings > config > config collecion settings > periodic collection

 

second question, is it possible for cisco lms to send via e-mail the diff of the config pulled from devices? i mean the specific commands that have appeared in the new configuration file.

 

 

regards, ignacio

1 Accepted Solution

Accepted Solutions

Vinod Arya
Cisco Employee
Cisco Employee

Yes this is possible in LMS. You have to go under Configuration > Configuration Archive > Synchronization where you can select the device(s) and schedule the job accordingly.

For more details check Scheduling Sync Archive Job in document.

For the second question, their is a LMS feature known as out-of-sync report. You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.

Select Configuration > Compliance > Out-of-Sync Summary to generate an Out-of-sync report.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **

View solution in original post

5 Replies 5

Vinod Arya
Cisco Employee
Cisco Employee

Yes this is possible in LMS. You have to go under Configuration > Configuration Archive > Synchronization where you can select the device(s) and schedule the job accordingly.

For more details check Scheduling Sync Archive Job in document.

For the second question, their is a LMS feature known as out-of-sync report. You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.

Select Configuration > Compliance > Out-of-Sync Summary to generate an Out-of-sync report.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **

great for the first part!

for the second question i was thinking on a feature that alerts via email when someone has made a configuration change on a device, in real-time.

i have configured: admin > network > notification and action settings > changeAudit Automated Actions

Now, i get the email that states that a configuration change has been made, but it doesnt say what changed. i would like to know what changed

Unfortunately, LMS syslog mechanism is very minimalistic and doesn't have a lot of options to it.

However, the feature you're requesting is not very much LMS dependent. As, Ciscoworks depends on the kind of syslog message it receives from device, based on it, it captures some characters to send a notification as automated actions.

So usually it is the device which won't send a lot of information on what changes was done by which user in normal IOS syslog messages.

But, to certain extent, you can try to configure you device for Configuration-Change logger to receive details on what changes were made by users and check it on the syslog report, or configure AA on it for all or important devices.

You can enable a configuration logger to keep track of configuration changes made with the command-line interface (CLI). When you enter the logging enable configuration-change logger configuration command, the log records the session, the user, and the command that was entered to change the configuration. You can configure the size of the configuration log from 1 to 1000 entries (the default is 100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable and reenable logging.

Use the:

show archive log config {all | number [end-number] | user username [session number] number [end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters.

This example shows how to enable the configuration-change logger and to set the number of entries in the log to 500:


 Switch(config)# archive 
 Switch(config-archive)# log config
 Switch(config-archive-log-cfg)# logging enable
 Switch(config-archive-log-cfg)# logging size 500
 Switch(config-archive-log-cfg)# end

So, in all, it depends on the device and the kind of syslogs it send for LMS to react on it.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

 

-Thanks Vinod **Rating Encourages contributors, and its really free. **

ok, i will take those commands into account , very helpful.

so, when the syslog detects a configuration change it automatically triggers a sync and the new conf file is retrieved(this i verified is working), no way to get the diff between the last 2 files automatically?

maybe with a job that's triggered every 30 minutes or so.

or with a script triggered by ChangeAudit Automated Actions, i found this command to work, how could i implement it:

cwcli config compare -u <user> -p <pass> -device <device_name>

 

Oops.. I feel I should have informed you about cwcli before you found it.

The cwcli config command-line tool performs the following core functions on one or more devices and the configuration archive:
•Moves configuration files from the configuration archive to one or more devices.

•Transfers the configuration files from devices to the archive if the configuration running on a device is different from the latest archived version

•Imports configuration files from the file system and pushes them to one or more devices, which updates the configuration archive

•Merges the startup configuration files with the running configuration files

•Copies the running configuration files to the startup configuration files

•Copies a configuration file to the startup configuration files

•Copies the difference between a configuration file and the running configuration to the running configuration files. This makes the configuration in the file available on the running configuration.

•Reboots running devices to load a running configuration with its startup configuration

In addition, cwcli config performs the following core functions on the configuration archive:
•Exports configurations from the archive to the filesystem

•Compares any two configuration files in the archive based on version or date

•Deletes configurations older than a specified date from the configuration archive

In addition to using the graphical-based device configuration functions, you can use the cwcli config command-line utility to perform batch processing tasks on the configuration archive, devices, or on both.

For more details you can check the overview of CWCLI document.

-Thanks

Vinod

**Encourage Contributors. RATE Them.**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: