ciscowoks to send alert when config change

Unanswered Question
Jun 22nd, 2008
User Badges:

Hi,

How can I set ciscoworks to send the notification email to admin when any of devices configuration had been change and change by whom ?


Thank you,

Regards,

Jan.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 06/22/2008 - 23:38
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can do this by configuring an Automated Action to send an email when a config change syslog message is sent from a device. To configure this, go to RME > Tools > Syslog > Automated Actions. The syslog filter strings you want to use to capture config changes for all devices are:


*-*-*-RESTART:* RESTART-*-*-*:* SYS-*-5-ONLINE:* *-*-*-CONFIG_I:* SYS-*-5-RELOAD:* CONFIG-*-*-*:* *-*-*-CONFIG:* OIR-*-6-INSCARD:* Nodemgr-*-5-CE:*REBOOT* CPU_REDUN-*-6-BOOTED_AS_ACTIVE:* CPU_REDUN-*-5-SWITCHOVER:* CPU_REDUN-*-6-RUNNING_CONFIG_CHG :* CPU_REDUN-*-5-RCSF_SYNCED:* CPU_REDUN-*-6-STARTUP_CONFIG_CHG:* CPU_REDUN-*-5-STARTUP_CONFIG_SYNCED:* SNMP-*-5-COLDSTART:* SYS-*-6-CFG_CHG:*telnet* SYS-*-6-CFG_CHG:*Console* *-*-*-OIR:* SYS-*-6-CFG_CHG:*SNMP* SYS-*-6-CFG_CHG:*ssh* SNMP-*-5-CONF:* PORT-*-5-CONF:* CHAS-*-5-CONF:* DIAG-*-5-CONF:* PIX-*-5-111005:*

kanokpan Sun, 06/22/2008 - 23:59
User Badges:

Thanks for your advice. Please also tell me in detail how can I add that filter and email setting.


Thanks,

Jan

Joe Clarke Mon, 06/23/2008 - 00:06
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

From the screen I mentioned previously, click the Create button to create a new Automated Action. Keep the All Managed Devices radio button selected, then click the Add button and type in the facility, sub-facility, severity, and mnemonics from the list of message filters I specified. The format is:


facility-subfacility-severity-mnemonic

kanokpan Mon, 06/23/2008 - 00:47
User Badges:

If I want to add what device, what config had been changed and who change it to the email message. What should I add ?


Regards,

Jan.


Joe Clarke Mon, 06/23/2008 - 00:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The syslog message will contain the device name and who made the change (provided the device is using AAA), but it will not contain the actual config change. There are other syslog messages that can be enabled on the device that will show this. If your device supports it, you can enable config change logging (IOS devices only):


config t

archive

log config


The messages will have the header:


PARSER-5-CFGLOG_LOGGEDCMD

kanokpan Mon, 06/23/2008 - 01:20
User Badges:

I created automate action as listed but ciscoworks send email for every syslog message occured. How to correct this ?


Joe Clarke Mon, 06/23/2008 - 09:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You most likely have made your filter too loose. Please post a screenshot of your action details.

Actions

This Discussion