Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
947
Views
2
Helpful
2
Replies

Can NSO do compliance reporting?

Go to solution
tail-f_expert
Level 7
Level 7

‎05-29-2017 06:04 AM - edited ‎03-01-2019 03:51 AM

Can NSO do compliance reporting?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
tail-f_expert
Level 7
Level 7

‎05-29-2017 06:04 AM

NSO has built in support for compliance reporting that will check that all devices and services are configured as expected. It also shows details for any discrepancies, such as a misconfigured VPN on an interface. The report also includes details about all changes that have been performed in the network.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
tail-f_expert
Level 7
Level 7

‎05-29-2017 06:04 AM

NSO has built in support for compliance reporting that will check that all devices and services are configured as expected. It also shows details for any discrepancies, such as a misconfigured VPN on an interface. The report also includes details about all changes that have been performed in the network.

0 Helpful

Go to solution
branblac@cisco.com
Level 4
Level 4

‎05-29-2017 10:15 AM

Just to add,

There are several ways to accomplish compliance reporting in NSO.

First: Service Models. NSO can run a native compliance report against all instances of a service model in NSO. This will tell what instances are not compliant and what needs to be resolved. You can also do individual service instance Check-Sync to run compliance for an individual service. Whats nice with this method is you can do native outformat. Personally, I like this and have looped over services getting the outformat in python then exported to CSV for easier sharing than the native reports. Just 2 cents.

Second: Device Templates. You can also define templates and compare device configurations to the templates. for example if you have a static config that you want check you could write a quick template and check devices against it. You can also create templates with variables, how ever I find it cleaner to use service models when you need that capability, however templates are an option.

Third: Code it! To me the beauty of NSO lies in the cDB. You have a full structured database of your network, use it! If templates or services are to much overhead to you, or if you dont want to clutter up your NSO with extra models and templates write a quick script in python that loops over a device group, specific devices, or what ever you want and checks if they are compliant. If you haven't used the python ncs library you should try, its very well written and easy to use.

Hope that helps,

Brandon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the NSO Developer community:

Customers Also Viewed These Support Documents