Tuesday, January 20, 2009

Enable alerting for configuration change in the critical CISCO Network Devices.

Recently one of the requirement came in picture when people are discussing about the investment to monitor the Configuration Changes in the CISCO network devices. Discussion was so hot and expensive to get an only alert.
I worked out the cheaper solution which is quite useful. I am describing the method by which we can get an alert and also implement the authorization process to have a robust control for any network changes.
This solution is simple and can be used for change Management.
Some of the component involved:
1.) Any CRM having mail based ticket raising capability. (Unicenter or HPPC most of the organization are already having it).
2.) Kiwi Syslog Daemon (It's freeware and is available at nominal charges with extended capability)
So solution goes like thisConfigure the CISCO Devices to log the events in syslog (Where kiwi syslog daemon is working)
# To send syslogs to the server
logging syslog.keekar.com
# To Log failed login attempts
login on-failure log
# To Log successful login attempts
login on-success log
# To Log Config changes
archive
log config
logging enable
logging size 200
hidekeys
notify syslog

Configure the mail alert in Kiwi for corresponding event's (It's quite easy and gui based easily configurable).
Send mail alert to your CRM mail ID.
Create a CRM rulebase to send the authorization request to concern parties.
That's it Congratulation your alerting and authorization control is in place.
Isn't quite simple and cost effective solution ?