This solution would determine a difference occurred when it didn't.įor 'show archive config difference', this only works if the running-config hasn't been saved to the startup-config. It's possible for someone to enter configuration mode and then exit without making changes. As mentioned in my original post, this won't detect 'false configuration changes'. In these cases, the environment is airgapped and we don't have any management system within that environment, so some type of script on the device is our only option.įor the example you provided, the issue I see with it is that it keys on the syslog string '%SYS-5-CONFIG_I: Configured from'. However, there are specific use cases where the devices won't have a management system. What I'm trying to get going is a temporary solution until then. Additionally, this would be for around 1,500 devices, so I'd much prefer the devices to push the config than for me to remote to each one.įor option 3, at some point in the future will we have a management system that will archive these configs for us. The biggest is that a majority of these devices are behind a firewall and I have to use my RSA SecurID to get through the firewall. For your option 2, I considered this, but it poses some issues for my environment. Is EEM capable of handling this? If not, is TCL my only option? for your response. So if someone modifies the running configuration, but forgets to write it to memory, the script would still detect this as a configuration change. I'd also like it to be resilient against configuration changes that weren't saved.
IOS knows a change didn't occur as issuing 'show archive config diff' does not show any changes.
#BACKUP CISCO SWITCH CONFIG UPDATE#
I've noticed if you enter configuration mode and then exit, the running configuration will update the 'Last Configuration' timestamp. Regardless of how this is accomplished, I'd like it to be resilient against false configuration changes. As far as checking whether the configuration changed, I'm not sure if EEM can do that. EEM has cron capability, so it can run once a day. The only other options that I know of are EEM and TCL. It doesn't appear config archive or kron can check if the configuration has actually changed. I'd like this to run once a day and if the configuration has changed since the last check, send it to the server. What I'm looking to do is automatically send the configuration to an FTP server if the configuration has changed.
0 kommentar(er)
