[rancid] Re: cisco Last configuration change by
Sam Munzani
smunzani at comcast.net
Thu Sep 4 17:55:30 UTC 2008
I haven't done this my self but one of guy during my last training class
mentioned that they developed something in house that does following.
1. On rancid box, load and configure net-snmp trap receiver.
2. Configure snmptrapd.conf with proper trap-handler like below.
traphandle OID-of-config-change-trap /usr/local/bin/rancid-run-wrapper.sh
What this did is whenever he received a config trap it triggered rancid
wrapper script that just executes rancid-run to that perticular device
only. I don't have such needs so I never tried it my self but he claimed
it worked well for him.
Catch-22: If somebody goes "config t" and exits, it will generate a trap
and trigger rancid regardless of if he made any changes or not. However
he didn't care about it because his environment was pretty static and
rarely people logged in.
Something to think about.
Sam
> On Thu, Sep 04, 2008 at 06:13:17PM +0400, Smirnoff Alexander wrote:
>
>> I track with AAA, but in case with rancid I will receive changes and who
>> made it in one place.
>>
>
> This is the problem:
>
> 1. Dan makes a change, X, wr mem
>
> 2. Bogdan makes a change, Y, wr mem
>
> 3. rancid runs, collects the configs, mails the diffs
>
> - you see changes X + Y
>
> - you see a line that says the config and NVRAM was last changed by Bodgan
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080904/8ad61d43/attachment.html
More information about the Rancid-discuss
mailing list