[rancid] Re: Who made changes?

Kristian Larsson kristian at spritelink.net
Thu Jul 23 19:13:28 UTC 2009

On Wed, Apr 01, 2009 at 10:05:06PM +0000, john heasley wrote:
> Wed, Apr 01, 2009 at 11:42:11PM +0200, Geert Jan de Groot:
> > On Tue, 31 Mar 2009 13:07:47 -0500  K K wrote:
> > > > There is only one thing I want to know: is it possible to show who made the
> > > > changes in telnet? 
> > > If Paul makes one change at noon, then Peter logs in at 4PM and makes
> > > two more, and then Rancid finally runs at 6PM, you'll get one change
> > > email, showing the sum of all changes and (usually) showing that Peter
> > > was the last one to make a change.
> > 
> > At the place where I hope to implement rancid (restrictions are
> > political, not technical, as usual), the network is set up
> > in such a way that operators do not have passwords of the devices
> > they manage. They log in (with their own password) in a subsystem
> > which, if allowed, will log in the operator automatically.
> > 
> > Advantage is that if persons leave the company, they don't know passwords
> > and no passwords need to be changed.
> you can do that, at least for ciscos, with AAA and automate the change of
> the in-configuration/failsafe passwords, since the "in-config" passwords
> are only used when the AAA server is inaccessible.
> > Current line of thought is to have the logout event trigger a rancid run
> > on the device people just logged into.
> folks have done that; I think I mentioned it in the FAQ

Just a headsup.. your rancid user will log in to..
and then log out, so be sure not to trigger the
config fetch on when the rancid user logs out ;)

A lot of platforms instead have something to tell
when the device was configured, IOS has
"Configured from console by ...", JUNOS has a
syslog message for when the configuration was
commited and the same goes for IOS XR. I've built
a system where we use that syslog message to
trigger a config fetch and we thus get very
granular configuration backups / diff mails.

Kristian Larsson                                        KLL-RIPE
+46 704 910401			              kll at spritelink.net

More information about the Rancid-discuss mailing list