I would like to track all the changes that any user makes to a router which is related to the interface. This will include addition or deletion of any new sub-interface or shutting down/up an interface or creation of any loopback interface or physical insertion of any new interface.
I would like to track the above changes done to a router. I did check Cisco EEM but not sure if I can use that. Do let me know if it does help? and if so can someone help with configurations too.
You could use EEM for this. For example, you could react to a configuration change notification on the device (i.e. a syslog message), then check the configuration changes made against the device's configuration archive. If interface-related changes were made, then perform additional tasks.
There is a script on Cisco Beyond which does the config diff check already. See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 . You would need to modify this to detect your specific changes, then take the actions you need to take.
Can I do something else to track the changes rather than depend on syslog message. As the changes will tell me only if an interface is brought down/up only and not when a sub-interface is created. Can I have any other mechanism to track the interfaces changes particularly like changes happening on ifIndex value of any routers as well apart of interface status( up/down).
You misunderstand what I am suggesting. I am suggesting you check for config change syslog messages (i.e. SYS-5-CONFIG_I). When you see one of those, use the "show archive config differences" command to diff the current running configuration to the previous archive revision. If the commands found in the diff pertain to an interface, then do what you need to do.
Thanks but is there a way we can make router trigger or send a message if there is any interface related configuration change done rather than me triggering based on syslog message. As there could be lot of configuration changes that could be done on router apart from Interface related configurations, it will unnecessary trigger EEM everytime some other change is done. Is there any other way out to check this out.
Tracking interfaces configuration changes alone is not possible. That's why I suggested you further process the running config with "show archive config differences". In this way, you'll be able to determine if the config change was interface-related before triggering further notifications. For example, the output of "show archive config differences" may look something like:
!Contextual Config Diffs:
-event manager policy cl_show_run.tcl type user
+ip address 18.104.22.168 255.255.255.255 secondary
+ip address 22.214.171.124 255.255.255.255
In this case, a new interface Loopback7 was added, so you could then fire off another notification (or do whatever you need to do).
"Show archieve config differences" doesn't list me any changes if someone has done a "wr mem". If there a way to track changes happening for ifIndex values on the router ( this would help me to identify new interfaces configured and I can check the status changes for all ifIndex entries as well ), as ifIndex is always created for any type of interfaces
Can i compare output of "show snmp mib ifmib ifindex" value by storing it in router for checking IfIndex for finding the new interfaces created?
It won't list changes between startup and running config, but that is not what I'm talking about. I am suggesting you enable config archive services, then track changes between archive revisions (i.e. the running-config to the latest archive version).
Yes, you can track changes to the ifTable. You could have an EEM policy which periodically wakes up and scans the ifTable (via "show snmp mib ifmib ifindex") to see if any interfaces has been added or removed, but that would not tell you if an interface's configuration changed. Based on your previous descriptions, it sounds like you need to track new interfaces as well as configuration changes to existing interfaces.
I guess this should somewhat help:
There seems to be options to track config changes.
You are right. I am looking for a way to track configuration changes related to interface and also for new interface creations done to router. I don't think there is simple way to do it apart from the methods you had suggested.
Do let me know if you have any ideas.
Does NCM not have this option? Or should i depend only on Device Expert ? Or is there any other tools available ?
As an embedded solution, no, the ways I outlined using EEM are probably your best (or only) choices. Certainly external NMSes like CiscoWorks Resource Manager Essentials can track configuration changes, and you can view diffs on interface sub-groups. But if you want email alerts only on interface changes, some scripting will be required there as well.
NCM and DeviceExpert as basically the same. DeviceExpert is the stand alone version and NCM is the Plug-In for ManageEngine OpManager which allows a tight integration between the products.
As far as I know, the product can alert on device level changes but interface specific changes are not available in real time. This can be tracked through complaince reports which have to be generated manually. As for link up and down status, OpManager can do this.
I guess a combination of OpManager and NCM will let you achieve your needs to a certain exend except for maybe the change in ifindex values and alert for interface specific changes. Then again, for ifindex values, giving the ifindex persist command should avoid any changes. Not sure if that is a workaround or unusable idea.