[rancid] Change management

Discussion:

Todd Heide

2011-09-22 13:48:06 UTC

Permalink

Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA.

Daniel Schmidt

2011-09-22 14:34:42 UTC

Permalink

You'd need to search the accounting logs to find the exact user and time
of change. I wrote a quick/dirty CGI to parse the accounting logs of
tac_plus which works well for this purpose, but I don't know about Cisco
ACS. (I find Cisco ACS cumbersome and difficult to use) Can clean up &
post it as example, if anybody exhibits interest.

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Todd Heide
Sent: Thursday, September 22, 2011 7:48 AM
To: 'rancid-***@shrubbery.net'
Subject: [rancid] Change management

Hi List, is there a way to see who made changes through Rancid? We use
Cisco ACS for AAA.

Donovan Fourie

2011-09-22 14:49:14 UTC

Permalink

Hi

I know this might be counter productive but running syslogng on the same box
and using that to collect all the logs from your routers makes it very easy
to take a quick look at who did what when Rancid shows some unexplained
changes.

Regards,
Donovan Fourie

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Daniel Schmidt
Sent: 22 September 2011 04:35 PM
To: Todd Heide; rancid-***@shrubbery.net
Subject: Re: [rancid] Change management

You'd need to search the accounting logs to find the exact user and time
of change. I wrote a quick/dirty CGI to parse the accounting logs of
tac_plus which works well for this purpose, but I don't know about Cisco
ACS. (I find Cisco ACS cumbersome and difficult to use) Can clean up &
post it as example, if anybody exhibits interest.

-----Original Message-----
From: rancid-discuss-***@shrubbery.net
[mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Todd Heide
Sent: Thursday, September 22, 2011 7:48 AM
To: 'rancid-***@shrubbery.net'
Subject: [rancid] Change management

Hi List, is there a way to see who made changes through Rancid? We use
Cisco ACS for AAA.

Jens Link

2011-09-23 09:23:44 UTC

Permalink

Post by Todd Heide
Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA.

--
-------------------------------------------------------------------------
| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 |
| http://blog.quux.de | jabber: ***@guug.de | ------------------- |
-------------------------------------------------------------------------

Todd Heide

2011-09-23 12:57:27 UTC

Permalink

Thanks, I'll check it out to see if it will work. We need a change management system for a certain "Level" IYKWIM. Since we have Rancid that has worked flawlessly for years, if I can incorporate a method for change management I get to keep it.

Thanks
Todd Heide
Equivoice Inc.

CCSP CCNA CCDA
847-235-3308

Nothing ever goes as planned, Its a hell of a notion,
Even pharaohs turn to sand, Like a drop in the ocean

-----Original Message-----
From: Jens Link [mailto:***@quux.de]
Sent: Friday, September 23, 2011 4:24 AM
To: Todd Heide
Cc: 'rancid-***@shrubbery.net'
Subject: Re: [rancid] Change management

Post by Todd Heide
Hi List, is there a way to see who made changes through Rancid? We use Cisco ACS for AAA.

Depends. ;-) At least some IOS version write who made a change to the configuration (When using AAA)

If you log to a syslog server you can use something like SEC (
http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger RANCID to "download" the configuration when a change is logged.

Jens
--
-------------------------------------------------------------------------
| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 |
| http://blog.quux.de | jabber: ***@guug.de | -------------------
| |
-------------------------------------------------------------------------

Chris Gauthier

2011-09-23 16:30:22 UTC

Permalink

Be careful with that methodology, though. I use the "archive" function in more recent IOS versions and specify the archive as a TFTP location. This does not work on all device types, but for sure on some. Every time I "wr mem", it uploads a copy of the config to my TFTP server. This is in addition to RANCID.

When using the "archive" functionality, you can tell the system to log commands into syslog. But, let's say you create the following:

access-list 101 permit 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
access-list 101 permit 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255

This will cause multiple syslog entries and multiple instances of rancid will be run nearly simultaneously. I foresee problems when triggering off of "User joerootuser executed the command blah blah" in situations like the one above, especially if you ever use cut & paste. Also, when the router first loads, it processes the config file and issues those syslog entries in masse.

Chris

Post by Daniel Schmidt
-----Original Message-----
Sent: Friday, September 23, 2011 5:57 AM
To: 'Jens Link'
Subject: Re: [rancid] Change management
Thanks, I'll check it out to see if it will work. We need a change management
system for a certain "Level" IYKWIM. Since we have Rancid that has worked
flawlessly for years, if I can incorporate a method for change management I get
to keep it.
Thanks
Todd Heide
Equivoice Inc.
CCSP CCNA CCDA
847-235-3308
Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand,
Like a drop in the ocean
-----Original Message-----
Sent: Friday, September 23, 2011 4:24 AM
To: Todd Heide
Subject: Re: [rancid] Change management

Post by Todd Heide
Hi List, is there a way to see who made changes through Rancid? We
use Cisco ACS for AAA.

Depends. ;-) At least some IOS version write who made a change to the
configuration (When using AAA)
If you log to a syslog server you can use something like SEC (
http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger
RANCID to "download" the configuration when a change is logged.
Jens
--
-------------------------------------------------------------------------
| Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 |
| |
-------------------------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.

Continue reading on narkive:

Search results for '[rancid] Change management' (Questions and Answers)

replies

i can't find any jokes about change management?

started 2012-08-23 00:24:08 UTC

jokes & riddles

replies

I am looking for material on CHANGE MANAGEMENT with specific reference to NETWORK CENTRIC ENVIRONMENT?

started 2007-08-23 06:22:03 UTC

computer networking

replies

Can someone give me a simple example of "Change Management"?