Configuring configuration discrepancy notification

The following example procedures, which are specific to an environment consisting of Cisco IOS routers contain steps that can be performed to configure a policy for monitoring configuration discrepancies, and then verify that it is working:

Configuring the Send Discrepancy Notification policy

The following example procedure enables a factory-installed policy to send a notification when any configuration discrepancies (that is, differences) are detected between the current configuration and the trusted configuration.

1. Open the Policies page.
2. Find the Send Discrepancy Notification policy in the list, and click Edit.
3. In the Details tab of the Edit Policy page, select the Enabled option.
4. Click the Actions tab, and remove any actions that are currently in the list by selecting the action and clicking Delete.
5. Open the Send Trap pop-up by clicking Add Action, and selecting Notifications > Send Trap.
   1. In the Annotation field, enter Discrepancy Detected.
   2. In the Trap Type field, select Discrepancy Discovered.
   3. In the SNMP Manager field, select the host name of your SNMP manager.
   4. Click OK to add the action to the list that will be carried out when the policy runs.
6. (Optional) Add another action that sends an email notification by doing the following:
   1. Open the Send Email pop-up by clicking Add Action, and selecting Notifications > Send Email.
   2. In the Annotation field, enter Discrepancy Detected.
   3. In the To field, select the email recipients.
   4. In the Report field, select Discrepancy Summary Report.
   5. Select the format the report is delivered:
      • Select Include Link to send a report URL link in the email.
      • Select Include Attachment to may attach a report to the email and select the delivery format (CSV, HTML, PDF, or RTF).
   6. In the Network Span field, select Same as Triggering Device.

   7. Click OK to add this action to the list.

      Scalability Note

      Once the policies are enabled the system runs on auto-pilot, notifying you when unexpected change occurs or if outages have occurred due to change. You can use keywords and conditions to be more selective on when change notifications are sent (for example, for a specific device group) See Managing policies.

7. Click Save.

   Important

   Policies spawn jobs when they run. You can view them from the Jobs page (filtering by clicking Filter and selecting Policy in the Originator field).

Back to top

Making a change to the router configuration

From a computer other than the BMC Network Automation application server, log on directly to the Cisco Router and enter the following commands to make a change to the Cisco Router configuration:

cisco1720-01> enable
 Password: privileged_password
 cisco1720-01# config terminal
 cisco1720-01(config)# banner motd "Tester Banner"
 cisco1720-01(config)# Ctrl+z
 cisco1720-01# exit

Back to top

Confirming discrepancy notifications

Check on your system to determine whether you received an email or SNMP trap notification indicating the discrepancy on the Cisco Router. If you received an email notification, view the Discrepancy report for an indication of what changed.

Using the Dashboard to roll back a discrepancy

The following example procedure shows how to use the Dashboard to roll back a discrepancy.

1. In the BMC Network Automation UI, click on the Home tab and confirm that a Discrepancy exists for the Cisco Router in the Running vs Startup and Running vs Trusted Running columns.

2. Open the Discrepancy Details Report page by clicking Discrepancy  in the Running vs Trusted Running column.

   Note

   This report tells you what has changed from Trusted.

3. In the Dashboard page, click the Cisco Router device name. A pop-up box is displayed containing information about the device and options.
4. Click the View Running Change Summary report link, and the Change Summary Report page displays.
   
   This report shows all changes since the discrepancy and interleaves the report with events. This report also tells you what has changed, who made the change and when the change was made. You can view the Change Summary Report for any set of devices and time period from the Reports tab as well.
5. Return to the Dashboard page, click the Cisco Router device name again, and click the Deploy to Active action link.
6. In the Deploy to Active page, enter the following information, and click OK:
   1. In the Annotation field, enter Banner Changes Denied.
   2. In the Configuration field, select Trusted Running.
   3. Select the Mark As Trusted option.
7. In the Actions tab in the Add Job page, note the following options on the Deploy to Active entry:
   • By clicking Report , you can compare the configuration running on the device with the one you are about to deploy.
   • By clicking Preview , you can view the rollback script to return the configuration to the Trusted configuration. The script built by SmartMerge Technology is how the system backs out changes without requiring a full configuration restore and reboot, or manual back out procedure.
8. In the Details tab in the Add Job page, enter the following:
   1. In the Run At field, select the Now or When Approved option.
   2. Click Save and Submit.

Once the job has completed running, the Discrepancy icon for the Cisco Router disappears from the Dashboard.

Back to top