Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3725
Views
0
Helpful
7
Replies

Is There a Tool to Track Config Changes?

Chris Lhamon
Level 1
Level 1

‎11-07-2013 05:29 AM

I am looking for a tool or a way to track the configuration changes that I make to my devices.  I have tried everything from looking for a program that will help to track the changes to just using an Excel file.  There has to be a better way...

I know that Putty offers the ability to log the output, but I don't want to do that and possibly have to search through a bunch of output to see what I actually changed.

I have a Nexus 7004, 4 stacks of 2960s, a few 3560s, and a few 2811 routers.

Anyone know of an easy way of tracking config changes?  Thanks!

Labels:
0 Helpful
7 Replies 7

dredlord44
Level 1
Level 1

‎11-07-2013 05:39 AM

Ciscoworks can take configuration backups if this is wat your looking for. It keeps a copy of changes made and allows you to view historic config files.

0 Helpful

Chris Lhamon
Level 1
Level 1
In response to dredlord44

‎11-07-2013 05:54 AM

That might be what I'm looking for.  I know very little about it.  I've never had the opportunity to work with Ciscoworks though and my courses never talked about it in detail.

I've done searches for it before, but haven't found a very useful page yet.  If you have a link that help to explain the functions, that would be great.  Also, is it free or do they charge?  I still haven't been able to figure that one out.

If there are any other tools out there, I'd probably give them a shot before Ciscoworks if there is a free one out there.

0 Helpful

Karsten Iwen
VIP
VIP

‎11-07-2013 05:50 AM

If you are also looking at open-source-tools, RANCID is something like a standard for config diffs:

http://www.shrubbery.net/rancid/

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

dredlord44
Level 1
Level 1

‎11-07-2013 05:57 AM

Its a payed product, I use it for this exact same reason, Cisco hosts a number of presentations about the product on a weekly bases, might be a good idead to spaek to your Vendor for a demo etc.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to dredlord44

‎11-07-2013 06:21 AM

I have two solutions which might be helpful. If you are looking for products that will archive copies of configurations and help monitor changes I have used that capability in the product NetMRI from Infoblox and found it pretty effective.

If you are looking for something that is not product based I will mention that I have a customer that configures aaa accounting for level 15 commands which allows them to send log records that contain all of the config commands that were entered (or at least all config commands entered when the device was on line).  That have given us the ability to go back and look and see exactly what was changed. The effectiveness of this is dependent, of course, on whether you use aaa accounting and on whether your log records are searchable.

HTH

Rick

HTH

Rick
0 Helpful

david.tran
Level 4
Level 4
In response to Richard Burts

‎11-07-2013 12:00 PM 

Richard Burts wrote:
I have two solutions which might be helpful. If you are looking for products that will archive copies of configurations and help monitor changes I have used that capability in the product NetMRI from Infoblox and found it pretty effective.

I have used NetMRI from Infoblox and I found the product to be not as good and flexible as RANCID.  RANCID is the best solution for archiving configuration of Cisco, Juniper and Checkpoint devices, bar NONE.  The difference between RANCID and NetMRI is that NetMRI is very rigid whereas RANCID is customizable.  If you know linux well and scripting, you will be much happier with RANCID than NetMRI

If you are looking for something that is not product based I will mention that I have a customer that configures aaa accounting for level 15 commands which allows them to send log records that contain all of the config commands that were entered (or at least all config commands entered when the device was on line).  That have given us the ability to go back and look and see exactly what was changed. The effectiveness of this is dependent, of course, on whether you use aaa accounting and on whether your log records are searchable.

you can do this with either 1) open-source tacacs via aaa accounting or 2) syslog

On the new IOS, syslog will record every commands.  You can also use AAA accounting to track those changes as well.  You can build your own open-source AAA server and tell the router to send AAA acounting log to separate AAA servers.  Again, if you're good with Linux, scripting and/or mysql, you can dump the accounting log into mysql database and you can search whatever you need in seconds

Easy right?

0 Helpful

Chris Lhamon
Level 1
Level 1

‎11-07-2013 07:05 AM

I am currently using a script that I believe is from SolarWinds that I have scheduled through windows to run once a week.  I could make this more frequent, but my main goal is to get just a list of configuration commands that I have used, when I used them, what device I used them on, etc.  Just to refer to for troubleshooting.

CiscoWorks sounds like a good choice obviously.  I never knew about the weekly presentations from Cisco, but the price might be a deal breaker.  I'll definitely look into it though.

RANCID and NetMRI might be good possibilities.  I'll look into these first.

Thanks for the ideas.  I hope one of them works for what I need it for.  I'll post my finding.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents