Forum Discussion

Ray_Scholl's avatar
Ray_Scholl
7 years ago

Improved configuration change detection

The addition of configuration backups in LogicMonitor has been a great feature for our support team and really helps streamline things.  If you like to be aware of people making changes and retain version history is is wonderful, but we have an issue on some of the more modern devices.

Many new devices are intelligent and have subscriptions that pull the latest IPS, AV, malicious IP address lists, etc. from the manufacturer.  There is also a periodic re-hashing of encrypted information for added security and these are expected behaviors - NOT a config change.  We developed our own config backup using SCP for the devices so no passwords are stored in LM either, but the key here is that a login event (human or automated) causes the config version to change.

The suggestion I have is simple - there needs to be a way to ignore these updates (often multiple in a day) and simply key on the first few lines where the config version is referenced -

#config-version=FWF60D-5.02-FW-build742-161129:opmode=0:vdom=0:user={redacted}

#conf_file_ver=17742419038372504090

#buildno=0742

 

That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.

 

Thoughts welcome!

configsource

1 Reply

Sort By
Replies have been turned off for this discussion
  • David_Lee's avatar
    David_Lee
    7 years ago
    Quote

    That conf_file_version (line 2 above) would be the trigger and ignoring everything else would be perfect.

     Hi Ray,

    As you are no doubt aware you can edit your configsource to ignore certain lines with regex.

    So you can add an ignore change for lines that contain builldno for example. But stipulating every line except one would be a nightmare and you never know what the lines contain all the time. So flip it on its head. 

    Make an ignore check, select ignore lines with this regular expression and use the expression !("#conf_file_ver=")

    Basically this means ignore every line that does not contain #conf_file_ver=

    You can see in my example above I have changed the file version and it is shows and is alerted on, but I have also changed the buildno and that is ignored, also added a newline which is ignored.

    David