Improved configuration change detection

Question

The addition of configuration backups in LogicMonitor has been a great feature for our support team and really helps streamline things.&nbsp; If you like to be aware of people making changes and retain version history is is wonderful, but we have an issue on some of the more modern devices.

Many new devices are intelligent and have subscriptions that pull the latest IPS, AV, malicious IP address lists, etc. from the manufacturer.&nbsp; There is also a periodic re-hashing of encrypted information for added security and these are expected behaviors - NOT a config change.&nbsp; We developed our own config backup using SCP for the devices so no passwords are stored in LM either, but the key here is that a login event (human or automated) causes the config version to change.

The suggestion I have is simple - there needs to be a way to ignore these updates (often multiple in a day) and simply key on the first few lines where the config version is referenced -

#config-version=FWF60D-5.02-FW-build742-161129:opmode=0:vdom=0:user={redacted}

#conf_file_ver=17742419038372504090

#buildno=0742

&nbsp;

That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.

&nbsp;

Thoughts welcome!

david_lee · Answer

Quote

That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.

&nbsp;Hi Ray,

As you are no doubt aware you can edit your configsource to ignore certain lines with regex.

So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head.&nbsp;

Make an ignore check, select ignore lines with this regular expression and use the expression&nbsp;!("#conf_file_ver=")

Basically this means ignore every line that does not contain&nbsp;#conf_file_ver=

You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored.

David

&nbsp;

Forum Discussion

Improved configuration change detection

Related Content

Datapoints configuration Discussion

Support Portal Improvements: We’ve Been Listening!

Spanning tree/loop detection alerts

New UI Impact Series - Alert Tuning Improvements

Feature Request: Improved LogicModule IDE

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards