Revisiting old topic - Custom Alerts for ConfigSources
At this time I have a need for a custom ConfigSource that would compare 2 textual files and report on Any Change. Nothing fancy and the new ConfigSource with defaultsettings indeed works just fine IF you only want to get an alert that a change was detected. However I would like to pass the actual lines that were modified in the alert. In searching for this topic I found anarchived post from 5 years ago. Custom Alerts for ConfigSources In that post Nick is asking if it is possible to do the following; Being able to put what lines were added or removed right in the alert. For simple configs you can then tell right away if you need to take action or not. That’s exactly what I am after. The archived post was posted 5 years ago…. does anybody know if there was any progress on this feature? I have a sinking feeling this is not possible today, or at least it’s not any easier than it was 5 years ago. Back to custom scripting?Solved81Views6likes3CommentsCan LM Config Monitor and Alert on Palo Firewall Rules Changes ?
Hi ! My customer wants to be able to generatea weekly report on any changes made in the rules of their Palo Alto firewalls (hundreds) whether this is done as part of a template push or a one-off. Is this something that LM Config can provide ? Cheers, Scott H87Views2likes1CommentTraceroute ConfigSources
Update: A ConfigSource, for use with LM Config, to monitor and alert on changes of route from the collector to any of a list of destinations.This isnow combined a single ConfigSource that will run for both Windows and Linux collectors: v1.1.0: JGZ7GK If you really want to have a different ConfigSource per OS, the original two OS-specificConfigSources are at:EK4HEG (Windows v1.5.0);HCPCXA (Linux v1.2.0). To use, you'll need to add a property 'traceroute.list' to the Windows or Linux collector device* you want to use to check the route from, with the value being a comma separated list of destinations, e.g. '8.8.8.8,www.logicmonitor.com' *You can modify the AppliesTo such that this datasource could apply to any device, however it will always be the collector running the script and doing the traceroute / tracert. The ConfigSource will run the trace and print a summary of the results in a way that can easily be alerted on (if you really want to) in the event of a route change, plus a full dump of the route information including hop timings for information, in a way that is excluded from alerting. Credit to @Jake Cohenfor the basis of the script these are built from. :)/emoticons/smile@2x.png 2x" title=":)" width="20">261Views1like17Commentslmconfig control at device/group level
I have raised this numerous times with my CSM, account manager, etc. but it does not seem to be getting traction. It is a lawsuit waiting to happen, so it really deserves attention. Right now, the trigger for LMConfig is entirely arbitrary depending on who wrote which code. Most often it is based on ssh.user and ssh.pass being defined in a device. The problem with this is there are other reasons to have those properties (e.g., Err-Disabled port detection), so you can enable LMConfig across many devices and incur a large cost (especially with the new contract terms) without intent. It should be required to check off an "Enable LMConfig" option at the device or group level, and similarly for any other premium feature. Minimally, all the configsources should be changed to have a"enable_lmconfig" or similar property required in the Applies To logic.2Views0likes0CommentsConfigSource to compare to a known template (PoC)
LM Config is awesome - but until now you've not been able to compare a config to a "known good" template. Now you can... Edit for v1.4.0+: Now gives a MUCH cleaner output (in my humble opinion) - see comments below for details.v1.4.0:2GTW7W If you really want the earlier version with its more expansive output,v1.3.0 as detailed in this first post is atXHDDP4 Edit for v1.3.0+: The groovy check that picks up on the change-from-template flags is now more flexible, in that it looks at each line in turn (rather than the entire config object) so you can more carefully identify matches to be alerted on. This is very much only a proof-of-concept, which will show the method to use. As written it will do nothing in your account as it looks for a couple of test files I created specifically for this in my account. Suppose you have this template file (configTestTemplate.txt) for a config: # Config test file:# Here's a config test fileSetting1=1Setting2=2Setting3=3# The above must never be changed Now, suppose the actual config (in configTestConfig.txt)is like this: # Config test file:# Here's a config test fileSetting1=1Setting2=2Setting3=4# The above must never be changed If you can't see it, 'Setting3' has been changed... This ConfigSource will read in both the config (from file in this example, but it could be from SSH, etc) and the template from file, then run through the template and compare each line to the equivalent line in the config. Where it finds a discrepancy between the two, these are listed in the output after the actual config, marked with 'DISCREPANCY', as in the screenshot below. The template used for comparison is also returned: Config Checks then pick up on changes as you'd normally expect, and also if the output contains 'DISCREPANCY'. Notes: You must have LM Config to use this The template file must contain the EXACT same text in the EXACT same format as the config will be produced, because this PoC only checks line 1 against line 1, line 2 against line 2, etc. If your template contains'DISCREPANCY' you'll have to come up with some other keyword to print and alert on, obviously.63Views1like5CommentsLMConfig and Reporting on ConfigSources
Hi Guys, Wejust implemented LMConfig and I'm trying to run a report to see what devices do not have the IOS configuration successfully downloaded. We have some legacy equipment still not Configured for SSH and TACACS accounts.soI'm trying to get out of having to manually hunting through all our devices to determine what ones need SSH configured and what ones need the TACACS account added.Even justbeing able to pull a report on all devices and whatones have the ConfigSources - IOS Configs field would be a big help. See attached pic for a visual Cheers and Thanks in advance Joel24Views0likes2CommentsLMConfig View Config rights
Currently, users need Manage rights to access the Config view. We need our junior sys admins to be able to view configurations without having the Manage rights. Please add a View onlyright for Config. The View Config right should only allow viewing of already collected configurations, but not permit Collect Now.7Views0likes1CommentLMConfig - Enhanced config alerting
Currently the only option available is to alert each time a configretrieval fails. I would like to be able to say "only alert if config retrieval fails n number of times in a row". For some of my devices, I'm not so concerned if daily config retrieval fails, but I'd like to know about it if it was failing for 3 or more days in a row.3Views0likes0Comments