Re: [Activity logging archiving tool]
If ACS and CiscoWorks are too costly and CVS and RANCID too unwieldy, SourceForge has 2 alternatives that you might want to consider... tool http://tool.sourceforge.net/ and NCAT http://ncat.sourceforge.net/ both of which can be sufficiently tweaked to meet your device audit needs. (A SourceForge loyalist, but I'm a RANCID kind of girl, myself...) And, of course, remember the least costly and most oft overlooked practice of establishing solid policies. Tools should be deployed to enforce a well-defined policy, including guidelines and procedures laying down the law when it comes to change management and change control of production devices. You mentioned an outlet for _manual_ recording/documentation of laying on of hands befalling the nodes, so define a must-have and must-do list holding dominion over such activity, requiring that appropriate backups occur, backouts are ready to go when things burst into flames, and that all work be delineated and documented explicitly ex post facto. Then, sit back and enjoy the grumbling of your paperwork-hating associates, and be prepared to crack skulls if they flake on updating the change control machanisms, as set forth in the unbudging monolith that is your change management policy. Still liking TACACS-RANCID though, as you can lead a horse to water, but you can't make him think... --ra On Tue, Nov 25, 2003 at 03:54:34PM -0700, guy said something to the effect of: Don't forget that TACACS can log all commands entered into a router. When used in combination with rancid and cvs/cvs-web, it's very useful. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) -- K. Rachael Treu, CISSP rara at navigo dot com ..sic itur ad astra..
RE: Activity logging archiving tool
I've now got several options. Let me think and select one. Thanks a lot for all your quick responses. Regards, Priyantha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Priyantha Sent: Tuesday, November 25, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: Activity logging archiving tool In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010
Re: Activity logging archiving tool
Priyantha writes on 11/25/2003 2:15 PM: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. Any help in this regard is appreciated, Sounds like a job for CVS. And when did you move to Canada from the univ of Moratuwa (if you are the same guy)? :) -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: [Activity logging archiving tool]
Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. I think CW is more of the CVS-like approach whereas ACS is sort of a simple logging method. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Lockwood Sent: Tuesday, November 25, 2003 3:54 PM To: joshua sahala; Priyantha; [EMAIL PROTECTED] Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [RE: [Activity logging archiving tool]]
[EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. or if you cannot afford cisco works (or would rather spend the money on other things...), you can do something similar with swatch. just look for the syslog string: %SYS-5-CONFIG_I: Configured from console by $user then trigger a rancid run on that device /joshua [cut] Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
RE: [Activity logging archiving tool]
CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath On Tue, 25 Nov 2003 [EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. I think CW is more of the CVS-like approach whereas ACS is sort of a simple logging method. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Lockwood Sent: Tuesday, November 25, 2003 3:54 PM To: joshua sahala; Priyantha; [EMAIL PROTECTED] Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [RE: [Activity logging archiving tool]]
On 25 Nov 2003, at 16:28, joshua sahala wrote: [EMAIL PROTECTED] wrote: Or Ciscoworks. A config change sends a syslog event to CW which in turn knows to go grab the latest copy of the config. I believe there are some reporting capabilities too, simple diff routines and archives of past configs. or if you cannot afford cisco works (or would rather spend the money on other things...), you can do something similar with swatch. just look for the syslog string: %SYS-5-CONFIG_I: Configured from console by $user then trigger a rancid run on that device I once wrote a rancid-like tool that did that (scripted config gets triggered by syslog). I haven't touched it since I met rancid, but some people tell me that they like it: ftp://ftp.isc.org/isc/ciscoconf/ciscoconf-1.1.tar.gz Joe
Re: [Activity logging archiving tool]
Don't forget that TACACS can log all commands entered into a router. When used in combination with rancid and cvs/cvs-web, it's very useful. I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/)
RE: [Activity logging archiving tool]
On Tue, 25 Nov 2003, Scott McGrath wrote: CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. Be cautious that some of the EMS systems will grab configs through snmp WRITE initiated tftp writes, this could be dangerous if your routers are publicly accessible :) -Chris
RE: [Activity logging archiving tool]
If you are really just looking for changes and change comparison's check out Kiwi Cat tools.. www.kiwisyslog.com This software can connect via SSH, Telnet etc, and even do non-Cisco, Linux etc.. Works good as a backup for configs... Later, Jim CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath
RE: [Activity logging archiving tool]
I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. While we're being Cisco-centric, 12.3(4)T has a new feature by which the router can keep a configuration audit log: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_ guide09186a00801d1e81.html -Terry
Re: [Activity logging archiving tool]
I created _Cisco repository_ about 1 year ago, using Expect, cvs and CVSWEB, for free, and since this, we did a few installation and are really happy with it (we save all Cisco configs, including routers, 6509 switches, PIX-es and this crazy VPN devices...). This is a simple tool, with the web interface, allowing to save config (1 click and passphrase), save many configs in 1 click, see change log, compare configs, send changes to manager (I do not use it -:)) and so on. It consists of: - FreeBSD (which is main monitoring system - it is easierst system to manage) - Expect (port) - standard FreeBSD tftpd in 'chroot IP' mode - very simple web script - webcvs (port) - apache (I use part of snmpstat installation) (I am thinking about getting all our staff together as some kind of priofessional service or consulting, with all components _opensource_, and using knowledge _how to get it all together_). - Original Message - From: Dan Lockwood [EMAIL PROTECTED] To: joshua sahala [EMAIL PROTECTED]; Priyantha [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 12:53 PM Subject: RE: [Activity logging archiving tool] If you are in a Cisco shop you might consider Secure ACS. We use ACS to log all of our changes and have very good success with it. Unfortunately it is not free. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joshua sahala Sent: Tuesday, November 25, 2003 11:45 AM To: Priyantha; [EMAIL PROTECTED] Subject: Re: [Activity logging archiving tool] Priyantha [EMAIL PROTECTED] wrote: In my company, there are several technical guys make changes to the existing network and it's very difficult to keep track of what we did when, etc. i feel your pain - except when it was happening, they weren't as technical as they thought they were... I'm looking for a simple tool, in which each and every one has to manually record whatever (s)he has done or any incident (s)he observed so that the tool archives that data someway. Later, in case if someone needs, (s)he should be able to search for that archive by date, by person, by a random phrase, etc. rancid (http://www.shrubbery.net/rancid) and cvs-web (http://stud.fh-heilbronn.de/~zeller/cgi/cvsweb.cgi/) rancid does nice proactive checking of device configs, and cvs-web is a pretty front end to look through change history for tracking: request tracker (http://www.bestpractical.com/rt/) - it is a ticketing system, but you could probably customize it to fit your needs netoffice (http://sourceforge.net/projects/netoffice/) - haven't used it personally, but it looks like it might work too track+ (http://sourceforge.net/projects/trackplus/) - same as netoffice of course, nothing will work unless everyone uses it, so you have to have clear, concise policies for change management, and then enforce them. hth /joshua Any help in this regard is appreciated, Priyantha Pushpa Kumara --- Manager - Data Services Wightman Internet Ltd. Clifford, ON N0G 1M0 Fax: 519-327-8010 Walk with me through the Universe, And along the way see how all of us are Connected. Feast the eyes of your Soul, On the Love that abounds. In all places at once, seemingly endless, Like your own existence. - Stephen Hawking -
Re: [Activity logging archiving tool]
This is not dngerous - I do not expect any idiot, opening SNMP from outside (SNMP is excellent protocol, which can crash ANY device in the world; I crashed 6509 switch and PIX firewall in a few days, when debugged new 'snmpstat' system). And moreover, Cisco allows o lock IP and file name for SNMP/TFTP. On the other hand, using 'expect' is not difficult and is much more flexible. Most problems are with PIX-es with their paranoya, which cause a nececity to know enable password for any simple action... I'll send my old expect script here tomorrow, if someone want (it is not big). New script uses cryptography to remember a passwords, so it became more secure, but idea is the same... - Original Message - From: Christopher L. Morrow [EMAIL PROTECTED] To: Scott McGrath [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 1:51 PM Subject: RE: [Activity logging archiving tool] On Tue, 25 Nov 2003, Scott McGrath wrote: CiscoWorks also polls the devices for configuration changes and generates a diff if you so desire. If you have set up AAA you will have an audit log of when changes were applied and who applied them. Scott C. McGrath I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. Be cautious that some of the EMS systems will grab configs through snmp WRITE initiated tftp writes, this could be dangerous if your routers are publicly accessible :) -Chris
Re: [Activity logging archiving tool]
It is excellent, but _too late. Such features are useless, if you do not have them on all devices, and no one can update all network gear to this new version at once. So, it will be useful in 2 - 3 years -:). - Original Message - From: Terry Baranski [EMAIL PROTECTED] To: 'Christopher L. Morrow' [EMAIL PROTECTED]; 'Scott McGrath' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 7:03 PM Subject: RE: [Activity logging archiving tool] I'm fairly certain that the tacacs standard implementations available on the cisco routers log out changes to the config made by users... That and a little log parsing magic and you have this data also. While we're being Cisco-centric, 12.3(4)T has a new feature by which the router can keep a configuration audit log: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_ guide09186a00801d1e81.html -Terry
