[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

configuration sanity check

Subject: configuration sanity check
From: xenith at xenith.org (Justin Seabrook-Rocha)
Date: Thu, 29 Oct 2015 07:42:00 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

On Oct 29, 2015, at 01:16, marcel.duregards at yahoo.fr wrote:
> 
> Hi Nanogers,
> 
> Any recommendation about a software which check the live config of cisco/juniper devices against some templates ?
> 
> The goal is to have a template about different function device, like:
> - CORE device must have this bloc and this clock
> - PE device must have at least that and that
> - CPE must have this and that
> - Distrib switch block 1 and block2
> - etc...
> 
> And the software run once every day to check which device do not comply with those rules and generate an alert.
> 
> Thank,
> - Marcel

We implemented an in-house solution using Cisco Template Manager (http://www.gelogic.net/cisco-template-manager/). Its basically a bunch of bash/perl scripts doing regex matching against the saved configs from RANCID. Works fine for both Cisco and Juniper.

It requires some hand tooling, but we have it doing exactly what you want (checking against different device function templates).

Justin Seabrook-Rocha
-- 
Xenith || xenith at xenith.org || http://xenith.org/
Jabber: xenith at xenith.org

References:
- configuration sanity check
  - From: marcel.duregards at yahoo.fr (marcel.duregards at yahoo.fr)

Prev by Date: configuration sanity check
Next by Date: DDoS mitigation for ISPs
Previous by thread: configuration sanity check
Next by thread: configuration sanity check
Index(es):
- Date
- Thread