Configuring configuration discrepancy notification
The following example procedures, which are specific to an environment consisting of Cisco IOS routers contain steps that can be performed to configure a policy for monitoring configuration discrepancies, and then verify that it is working:
A configuration discrepancy occurs when the current router configuration is different from the trusted router configuration. Discrepancy auditing is always performed on each configuration snapshot operation.
Configuring the Send Discrepancy Notification policy
The following example procedure enables a factory-installed policy to send a notification when any configuration discrepancies (that is, differences) are detected between the current configuration and the trusted configuration.
- Open the Policies page.
- Find the Send Discrepancy Notification policy in the list, and click Edit .
- In the Details tab of the Edit Policy page, select the Enabled option.
- Click the Actions tab, and remove any actions that are currently in the list by selecting the action and clicking Delete .
- Open the Send Trap pop-up by clicking Add Action, and selecting Notifications > Send Trap.
- In the Annotation field, enter Discrepancy Detected.
- In the Trap Type field, select Discrepancy Discovered.
- In the SNMP Manager field, select the host name of your SNMP manager.
- Click OK to add the action to the list that will be carried out when the policy runs.
- (Optional) Add another action that sends an email notification by doing the following:
- Open the Send Email pop-up by clicking Add Action, and selecting Notifications > Send Email.
- In the Annotation field, enter Discrepancy Detected.
- In the To field, select the email recipients.
- In the Report field, select Discrepancy Summary Report.
- Select the format the report is delivered:
- Select Include Link to send a report URL link in the email.
- Select Include Attachment to may attach a report to the email and select the delivery format (CSV, HTML, PDF, or RTF).
- In the Network Span field, select Same as Triggering Device.
Click OK to add this action to the list.
Once the policies are enabled the system runs on auto-pilot, notifying you when unexpected change occurs or if outages have occurred due to change. You can use keywords and conditions to be more selective on when change notifications are sent (for example, for a specific device group) See Managing policies.
Policies spawn jobs when they run. You can view them from the Jobs page (filtering by clicking Filter and selecting Policy in the Originator field).
Making a change to the router configuration
From a computer other than the BMC Network Automation application server, log on directly to the Cisco Router and enter the following commands to make a change to the Cisco Router configuration:
Type the text that is in bold, and substitute the italicized variables (for example, privileged_password). Ctrl+z means press z while holding down the Ctrl key.
cisco1720-01> enable Password: privileged_password cisco1720-01# config terminal cisco1720-01(config)# banner motd "Tester Banner" cisco1720-01(config)# Ctrl+z cisco1720-01# exit
Confirming discrepancy notifications
Check on your system to determine whether you received an email or SNMP trap notification indicating the discrepancy on the Cisco Router. If you received an email notification, view the Discrepancy report for an indication of what changed.
Using the Dashboard to roll back a discrepancy
The following example procedure shows how to use the Dashboard to roll back a discrepancy.
- In the BMC Network Automation UI, click on the Home tab and confirm that a Discrepancy exists for the Cisco Router in the Running vs Startup and Running vs Trusted Running columns.
Open the Discrepancy Details Report page by clicking Discrepancyin the Running vs Trusted Running column.
This report tells you what has changed from Trusted.
- In the Dashboard page, click the Cisco Router device name. A pop-up box is displayed containing information about the device and options.
- Click the View Running Change Summary report link, and the Change Summary Report page displays.
This report shows all changes since the discrepancy and interleaves the report with events. This report also tells you what has changed, who made the change and when the change was made. You can view the Change Summary Report for any set of devices and time period from the Reports tab as well.
- Return to the Dashboard page, click the Cisco Router device name again, and click the Deploy to Active action link.
- In the Deploy to Active page, enter the following information, and click OK:
- In the Annotation field, enter Banner Changes Denied.
- In the Configuration field, select Trusted Running.
- Select the Mark As Trusted option.
- In the Actions tab in the Add Job page, note the following options on the Deploy to Active entry:
- By clicking Report , you can compare the configuration running on the device with the one you are about to deploy.
- By clicking Preview , you can view the rollback script to return the configuration to the Trusted configuration. The script built by SmartMerge Technology is how the system backs out changes without requiring a full configuration restore and reboot, or manual back out procedure.
- In the Details tab in the Add Job page, enter the following:
- In the Run At field, select the Now or When Approved option.
- Click Save and Submit.
Once the job has completed running, the Discrepancy icon for the Cisco Router disappears from the Dashboard.