[rancid] Change management

Chris Gauthier cgauthier at mapscu.com
Fri Sep 23 16:30:22 UTC 2011


Be careful with that methodology, though.  I use the "archive" function in more recent IOS versions and specify the archive as a TFTP location.  This does not work on all device types, but for sure on some.  Every time I "wr mem", it uploads a copy of the config to my TFTP server.  This is in addition to RANCID.

When using the "archive" functionality, you can tell the system to log commands into syslog.  But, let's say you create the following:

access-list 101 permit 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255
access-list 101 permit 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255

This will cause multiple syslog entries and multiple instances of rancid will be run nearly simultaneously.  I foresee problems when triggering off of "User joerootuser executed the command blah blah" in situations like the one above, especially if you ever use cut & paste.  Also, when the router first loads, it processes the config file and issues those syslog entries in masse.

Chris


> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-
> bounces at shrubbery.net] On Behalf Of Todd Heide
> Sent: Friday, September 23, 2011 5:57 AM
> To: 'Jens Link'
> Cc: 'rancid-discuss at shrubbery.net'
> Subject: Re: [rancid] Change management
> 
> Thanks, I'll check it out to see if it will work. We need a change management
> system for a certain "Level" IYKWIM.  Since we have Rancid that has worked
> flawlessly for years, if I can incorporate a method for change management I get
> to keep it.
> 
> Thanks
> Todd Heide
> Equivoice Inc.
> 
> CCSP CCNA CCDA
> 847-235-3308
> 
> Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand,
> Like a drop in the ocean
> 
> 
> -----Original Message-----
> From: Jens Link [mailto:lists at quux.de]
> Sent: Friday, September 23, 2011 4:24 AM
> To: Todd Heide
> Cc: 'rancid-discuss at shrubbery.net'
> Subject: Re: [rancid] Change management
> 
> Todd Heide <Todd at equivoice.com> writes:
> 
> > Hi List, is there a way to see who made changes through Rancid?  We
> > use Cisco ACS for AAA.
> 
> Depends. ;-) At least some IOS version write who made a change to the
> configuration (When using AAA)
> 
> If you log to a syslog server you can use something like SEC (
> http://simple-evcorr.sourceforge.net/) to analyze your log files an trigger
> RANCID to "download" the configuration when a change is logged.
> 
> Jens
> --
> -------------------------------------------------------------------------
> | Foelderichstr. 40   | 13595 Berlin, Germany    | +49-151-18721264     |
> | http://blog.quux.de | jabber: jenslink at guug.de | -------------------
> | |
> -------------------------------------------------------------------------
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.


More information about the Rancid-discuss mailing list