mwilcox

List config changes in config DifferenceTest alerts

Recommended Posts

Our networking team would like to generate email alerts for network device configuration changes. I would like to see the option to add text in the config DifferenceTest alerts that actually shows old vs. new configs to see what changed in the email, especially for road warriors who don't have an option to immediately log into the device or LM to drill down and manually check to see what changed. For example, we use Meraki and in the Meraki portal, and below is an example email alert that shows the old and new values of the device configuration:

  • DeviceName / 25 was changed by John Doe (jdoe@email.com).
    • Old value:
      • Allowed VLANs: all
    • New value:
      • Allowed VLANs: 123,456,789

This would be very beneficial for auditing, troubleshooting, and security response.

Share this post


Link to post
Share on other sites
On 12/20/2018 at 6:25 AM, mwilcox said:

Our networking team would like to generate email alerts for network device configuration changes. I would like to see the option to add text in the config DifferenceTest alerts that actually shows old vs. new configs to see what changed in the email, especially for road warriors who don't have an option to immediately log into the device or LM to drill down and manually check to see what changed. For example, we use Meraki and in the Meraki portal, and below is an example email alert that shows the old and new values of the device configuration:

  • DeviceName / 25 was changed by John Doe (jdoe@email.com).
    • Old value:
      • Allowed VLANs: all
    • New value:
      • Allowed VLANs: 123,456,789

This would be very beneficial for auditing, troubleshooting, and security response.

Yes, actually using monitoring results for...monitoring?  Definitely would be nice. The biggest issue here is the alert system is is extremely basic and can only do the most simple token substitution at best.

I ended up using the API to do this in conjunction with GitLab and email integration for change reports.  I have some pending pull requests to merge on this that someone else requested and a bunch of other updates I have since made locally, but the basics still work:

https://github.com/willingminds/lmapi-scripts

My biggest pain point with this is I have frequently uncovered bugs in the LMConfig modules that cause false change reports.  Much of my code is to detect and skip bogus output (but they still get registered in the portal).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now