Be careful with that methodology, though. I use the "archive" function in more recent IOS versions and specify the archive as a TFTP location. This does not work on all device types, but for sure on some. Every time I "wr mem", it uploads a copy of the config to my TFTP server. This is in addition to RANCID.
When using the "archive" functionality, you can tell the system to log commands into syslog. But, let's say you create the following:
access-list 101 permit 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
access-list 101 permit 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
This will cause multiple syslog entries and multiple instances of rancid will be run nearly simultaneously. I foresee problems when triggering off of "User joerootuser executed the command blah blah" in situations like the one above, especially if you ever use cut & paste. Also, when the router first loads, it processes the config file and issues those syslog entries in masse.
Chris
Post by Daniel Schmidt-----Original Message-----
Sent: Friday, September 23, 2011 5:57 AM
To: 'Jens Link'
Subject: Re: [rancid] Change management
Thanks, I'll check it out to see if it will work. We need a change management
system for a certain "Level" IYKWIM. Since we have Rancid that has worked
flawlessly for years, if I can incorporate a method for change management I get
to keep it.
Thanks
Todd Heide
Equivoice Inc.
CCSP CCNA CCDA
847-235-3308
Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand,
Like a drop in the ocean
-----Original Message-----
Sent: Friday, September 23, 2011 4:24 AM
To: Todd Heide
Subject: Re: [rancid] Change management
Post by Todd HeideHi List, is there a way to see who made changes through Rancid? We
use Cisco ACS for AAA.
Depends. ;-) At least some IOS version write who made a change to the
configuration (When using AAA)
If you log to a syslog server you can use something like SEC (
http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger
RANCID to "download" the configuration when a change is logged.
Jens
--
-------------------------------------------------------------------------
| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 |
| |
-------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.