Improved configuration change detection

Recommended Posts

The addition of configuration backups in LogicMonitor has been a great feature for our support team and really helps streamline things.  If you like to be aware of people making changes and retain version history is is wonderful, but we have an issue on some of the more modern devices.

Many new devices are intelligent and have subscriptions that pull the latest IPS, AV, malicious IP address lists, etc. from the manufacturer.  There is also a periodic re-hashing of encrypted information for added security and these are expected behaviors - NOT a config change.  We developed our own config backup using SCP for the devices so no passwords are stored in LM either, but the key here is that a login event (human or automated) causes the config version to change.

The suggestion I have is simple - there needs to be a way to ignore these updates (often multiple in a day) and simply key on the first few lines where the config version is referenced -





That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.


Thoughts welcome!

Link to post
Share on other sites
  • LogicMonitor Staff

That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.

 Hi Ray,

As you are no doubt aware you can edit your configsource to ignore certain lines with regex.

So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. 

Make an ignore check, select ignore lines with this regular expression and use the expression !("#conf_file_ver=")

Basically this means ignore every line that does not contain #conf_file_ver=image.thumb.png.7c6eea678f9a6837f7de9f4f26ff75b6.png

You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored.






Edited by David Lee
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.