[rancid] Re: Who made changes?

[K K]

2009/3/31 Paul Buts <paul at paulbuts.nl>:
> There is only one thing I want to know: is it possible to show who made the
> changes in telnet? At this moment the webpage is telling me that the unix
> user (who runned Rancid) has made the changes. For example, I have more
> telnet accounts. One for Paul and one for Peter. If Paul made one change,
> and Peter made two changes, I want that the webpage is telling me exactly
> who made a change.
>
> Any hints or keywords would be really appreciated. Thanks!

If Paul makes one change at noon, then Peter logs in at 4PM and makes
two more, and then Rancid finally runs at 6PM, you'll get one change
email, showing the sum of all changes and (usually) showing that Peter
was the last one to make a change.

One workaround to this is to enable SNMP traps and/or syslog on each
device, and tie you trapper/syslogger into your rancid server.

I have mine configured such that syslog-ng writes all events related
to Cisco configuration changes to a directory change-events, into
files named for the source device and hour of the day.  Then each hour
a cron job executes, reads the list of these files, and runs Rancid
against the specific devices found.  At the end of the script, it
deletes any file in change-events older than 20 hours.

This still won't catch every change by every user.  For that, at least
on Cisco, you can enable per-command logging.