Forum Discussion

Antony_Hawkins's avatar
7 years ago

ConfigSource to compare to a known template (PoC)

LM Config is awesome - but until now you've not been able to compare a config to a "known good" template.

Now you can...

Edit for v1.4.0+: Now gives a MUCH cleaner output (in my humble opinion) - see comments below for details. v1.4.0: 2GTW7W

If you really want the earlier version with its more expansive output, v1.3.0 as detailed in this first post is at XHDDP4

Edit for v1.3.0+: The groovy check that picks up on the change-from-template flags is now more flexible, in that it looks at each line in turn (rather than the entire config object) so you can more carefully identify matches to be alerted on.

This is very much only a proof-of-concept, which will show the method to use. As written it will do nothing in your account as it looks for a couple of test files I created specifically for this in my account.

Suppose you have this template file (configTestTemplate.txt) for a config:

# Config test file:# Here's a config test fileSetting1=1Setting2=2Setting3=3# The above must never be changed

Now, suppose the actual config (in configTestConfig.txt) is like this:

# Config test file:# Here's a config test fileSetting1=1Setting2=2Setting3=4# The above must never be changed

If you can't see it, 'Setting3' has been changed...

This ConfigSource will read in both the config (from file in this example, but it could be from SSH, etc) and the template from file, then run through the template and compare each line to the equivalent line in the config.

Where it finds a discrepancy between the two, these are listed in the output after the actual config, marked with 'DISCREPANCY', as in the screenshot below. The template used for comparison is also returned:

2317703034f15b7f05b8ddec23e35eb6.png

Config Checks then pick up on changes as you'd normally expect, and also if the output contains 'DISCREPANCY'.

Notes:

  • You must have LM Config to use this
  • The template file must contain the EXACT same text in the EXACT same format as the config will be produced, because this PoC only checks line 1 against line 1, line 2 against line 2, etc.
  • If your template contains 'DISCREPANCY' you'll have to come up with some other keyword to print and alert on, obviously.
  • Compare_Config_To_Template_POC_v1 v1.4.0: 2GTW7W

    So, what's so much better about v1.4.0?

    The output.

    Instead of printing the config, then printing (rather clumsily) all the discrepancies, then printing the template, which could result in a huge output, it now just prints the config, with a marker comment at the end of any line that differs from the template:

    You'll see that the comment consists of a key phrase, and the corresponding line from the template.

    A groovy scripted check alerts on the presence of one of more occurrences of the key phrase (hard coded in as ' <<<<<<<<<< This line differs from template. Template line is: ', but this could be changed or tokenized to suit requirements).

  • There is also another option which may be preferable (and is certainly easier to adapt existing ConfigSources to), and that is to have the Groovy checkpoint itself call the template file and do the line-by-line comparison to the collected config.

    The advantage to this approach is that adding this compare-to-template ability to an existing ConfigSource, which itself may have a very complex collection script, is much easier than with the above POC_v1 script. The collection script itself can remain entirely untouched, with all the additional logic self-contained within a check script. This makes it very clean and easy to keep config collection distinct from logic that does the comparison to a template.

    The downside is that the config stored within LogicMonitor will contain no indication as to any discrepancies from the template - you'll get an alert stating that the collected config doesn't match the template, but no visual indication as to why not. This might not be a concern, of course, depending on the actions you plan to take in this situation - if you'll just put a template back on to the device regardless, it's not a problem; if you want a quick way to see the differences (and maybe indicate that it's your template that's out of date), this option is not so good.

    As above, this is really just another proof of concept showing what can be done - it's up to you how you use those abilities!

    Compare_Config_To_Template_POC_option2, v1.0.0: YX6XND

  • I tried downloading both 2GTW7W  and YX6XND and they aren't working.

    I get this error, "This LogicModule is currently undergoing security review. It will be available for import only after our engineers have validated the scripted elements."

    Is there something you have to do for me to download these?

    Thank you,

  • 40 minutes ago, Jono said:

    I tried downloading both 2GTW7W  and YX6XND and they aren't working.

    I get this error, "This LogicModule is currently undergoing security review. It will be available for import only after our engineers have validated the scripted elements."

    Is there something you have to do for me to download these?

    Thank you,

     

    @Jono we just had to do a quick security review.

    You should now be able to import both of these.