ciscowoks to send alert when config change

Unanswered Question
Jun 22nd, 2008

Hi,

How can I set ciscoworks to send the notification email to admin when any of devices configuration had been change and change by whom ?


Thank you,

Regards,

Jan.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 06/22/2008 - 23:38

You can do this by configuring an Automated Action to send an email when a config change syslog message is sent from a device. To configure this, go to RME > Tools > Syslog > Automated Actions. The syslog filter strings you want to use to capture config changes for all devices are:


*-*-*-RESTART:* RESTART-*-*-*:* SYS-*-5-ONLINE:* *-*-*-CONFIG_I:* SYS-*-5-RELOAD:* CONFIG-*-*-*:* *-*-*-CONFIG:* OIR-*-6-INSCARD:* Nodemgr-*-5-CE:*REBOOT* CPU_REDUN-*-6-BOOTED_AS_ACTIVE:* CPU_REDUN-*-5-SWITCHOVER:* CPU_REDUN-*-6-RUNNING_CONFIG_CHG :* CPU_REDUN-*-5-RCSF_SYNCED:* CPU_REDUN-*-6-STARTUP_CONFIG_CHG:* CPU_REDUN-*-5-STARTUP_CONFIG_SYNCED:* SNMP-*-5-COLDSTART:* SYS-*-6-CFG_CHG:*telnet* SYS-*-6-CFG_CHG:*Console* *-*-*-OIR:* SYS-*-6-CFG_CHG:*SNMP* SYS-*-6-CFG_CHG:*ssh* SNMP-*-5-CONF:* PORT-*-5-CONF:* CHAS-*-5-CONF:* DIAG-*-5-CONF:* PIX-*-5-111005:*

kanokpan Sun, 06/22/2008 - 23:59

Thanks for your advice. Please also tell me in detail how can I add that filter and email setting.


Thanks,

Jan

Joe Clarke Mon, 06/23/2008 - 00:06

From the screen I mentioned previously, click the Create button to create a new Automated Action. Keep the All Managed Devices radio button selected, then click the Add button and type in the facility, sub-facility, severity, and mnemonics from the list of message filters I specified. The format is:


facility-subfacility-severity-mnemonic

kanokpan Mon, 06/23/2008 - 00:47

If I want to add what device, what config had been changed and who change it to the email message. What should I add ?


Regards,

Jan.


Joe Clarke Mon, 06/23/2008 - 00:54

The syslog message will contain the device name and who made the change (provided the device is using AAA), but it will not contain the actual config change. There are other syslog messages that can be enabled on the device that will show this. If your device supports it, you can enable config change logging (IOS devices only):


config t

archive

log config


The messages will have the header:


PARSER-5-CFGLOG_LOGGEDCMD

kanokpan Mon, 06/23/2008 - 01:20

I created automate action as listed but ciscoworks send email for every syslog message occured. How to correct this ?


Joe Clarke Mon, 06/23/2008 - 09:24

You most likely have made your filter too loose. Please post a screenshot of your action details.

Actions

This Discussion