Hi Joe,

    Can I do something else to track the changes rather than depend on syslog message. As the changes will tell me only if an interface is brought down/up only and not when a sub-interface is created. Can I have any other mechanism to track the interfaces changes particularly like changes happening on ifIndex value of any routers as well apart of interface status( up/down).

Thanks,

ramanan

You misunderstand what I am suggesting.  I am suggesting you check for config change syslog messages (i.e. SYS-5-CONFIG_I).  When you see one of those, use the "show archive config differences" command to diff the current running configuration to the previous archive revision.  If the commands found in the diff pertain to an interface, then do what you need to do.

Hi Joe,

    Thanks but is there a way we can make router trigger or send a message if there is any interface related configuration change done rather than me triggering based on syslog message. As there could be lot of configuration changes that could be done on router apart from Interface related configurations, it will unnecessary trigger EEM everytime some other change is done. Is there any other way out to check this out.

Thanks,

ramanan

Tracking interfaces configuration changes alone is not possible.  That's why I suggested you further process the running config with "show archive config differences".  In this way, you'll be able to determine if the config change was interface-related before triggering further notifications.  For example, the output of "show archive config differences" may look something like:

!Contextual Config Diffs:
-event manager policy cl_show_run.tcl type user
+interface Loopback7
 +ip address 14.32.172.1 255.255.255.255 secondary
 +ip address 14.32.171.1 255.255.255.255

In this case, a new interface Loopback7 was added, so you could then fire off another notification (or do whatever you need to do).

Hi Joe,

    "Show archieve config differences" doesn't list me any changes if someone has done a "wr mem".  If there a way to track changes happening for ifIndex values on the router ( this would help me to identify new interfaces configured  and I can check the status changes for all ifIndex entries as well ), as ifIndex is always created for any type of interfaces

Can i compare output of "show snmp mib ifmib ifindex"  value by storing it in router for checking IfIndex for finding the new interfaces created?

Thanks,

ramanan

It won't list changes between startup and running config, but that is not what I'm talking about.  I am suggesting you enable config archive services, then track changes between archive revisions (i.e. the running-config to the latest archive version).

Yes, you can track changes to the ifTable.  You could have an EEM policy which periodically wakes up and scans the ifTable (via "show snmp mib ifmib ifindex") to see if any interfaces has been added or removed, but that would not tell you if an interface's configuration changed.  Based on your previous descriptions, it sounds like you need to track new interfaces as well as configuration changes to existing interfaces.

Hi,

I guess this should somewhat help:

http://www.manageengine.com/products/device-expert/

There  seems to be options to track config changes.

Regards,

Don

Hi Joe,

    You are right. I am looking for a way to track configuration changes related to interface and also for new interface creations done to router. I don't think there is simple way to do it apart from the methods you had suggested.

Do let me know if you have any ideas.

Don,

   Does NCM not have this option? Or should i depend only on Device Expert ? Or is there any other tools available ?

Thanks,

ramanan

As an embedded solution, no, the ways I outlined using EEM are probably your best (or only) choices.  Certainly external NMSes like CiscoWorks Resource Manager Essentials can track configuration changes, and you can view diffs on interface sub-groups.  But if you want email alerts only on interface changes, some scripting will be required there as well.

Hi Ramanan,

NCM and DeviceExpert as basically the same. DeviceExpert is the stand alone version and NCM is the Plug-In for ManageEngine OpManager which allows a tight integration between the products.

As far as I know, the product can alert on device level changes but interface specific changes are not available in real time. This can be tracked through complaince reports which have to be generated manually. As for link up and down status, OpManager can do this.

I guess a combination of OpManager and NCM will let you achieve your needs to a certain exend except for maybe the change in ifindex values and alert for interface specific changes. Then again, for ifindex values, giving the ifindex persist command should avoid any changes. Not sure if that is a workaround or unusable idea.

Regards,

Don