I am running Cisco Prime LMS 4.2 and Cisco Prime Infrastructure 2.2 in parallel. I just exported the device list and credentials from LMS and imported them into Infrastructure. LMS has syslog alerts set up to notify the boss when "Configured from console by ..." messages get logged. These messages typically come out whenever someone exits config mode, whether any actual changes were made or not.
Basically, the boss got alerts from LMS for every device imported into Infrastructure, caused by something that Infrastructure itself did. The only thing that I can see that Infrastructure did was collect the configs. I haven't found that any changes were actually made. So apparently Infrastructure uses config mode to collect the configs? What in the world for?
Thanks for any insight.
More information. I have a few old devices that are still using telnet instead of ssh, and also have a packet capture appliance that captured all of this discovery traffic from PI. I filtered out the trace from one of these telnet devices and found the following sequence among a bunch of different show commands:
ip nbar ?
In the particular case of this device, the responses to the ip nbar config commands indicated that the device is not capable of doing nbar. Your mileage may vary.
I would love to have an option to shut off this particular test because the large volume of these events caused by exiting config mode obfuscates the tracking and auditing of real config events, which could also be done by PI.
This has been identified as the following bug & the fix will be available in the next release.
Bug ID: CSCut31699 - "conf t" sent although configuration is not changed
It shouldn't be. I'd recommend you open a TAC case and hold them accountable for it.
I just checked one of my systems being managed by Prime Infrastructure 2.2.2 with all available patches installed and I see that same "Configured from console..." message once a day.
We have support on that PI so I opened a case as well.
UPDATE: My TAC engineer called and explained that the fix will actually be in Prime Infrastructure 3.0 (due out later this summer). I asked him to please update the bug details to indicate that this is the case and that the status should be "release pending" and not "fixed".
We'll see if they do that - it takes a couple of days to get sign off for changing that customer-facing bug data.
Me too. This seems to create a loop condition where the config trap makes CPI do a new Inventory Collection, which creates a new config trap and it all continues.
This in practice stops traffic on our client's 2800 and 2900 routers with 9 port HWIC EtherSwitch cards for some reason. Could be a combination of CPI + bad IOS version.
TAC case opened.
A possible workaround would be to disable Inventory Collection on config change traps (in CPI configuration somewhere).