nanog mailing list archives

Re: configuration sanity check

From: Justin Seabrook-Rocha <xenith () xenith org>
Date: Thu, 29 Oct 2015 07:42:00 -0700

On Oct 29, 2015, at 01:16, marcel.duregards () yahoo fr wrote:


Hi Nanogers,

Any recommendation about a software which check the live config of cisco/juniper devices against some templates ?

The goal is to have a template about different function device, like:
- CORE device must have this bloc and this clock
- PE device must have at least that and that
- CPE must have this and that
- Distrib switch block 1 and block2
- etc...

And the software run once every day to check which device do not comply with those rules and generate an alert.

Thank,
- Marcel


We implemented an in-house solution using Cisco Template Manager (http://www.gelogic.net/cisco-template-manager/). Its 
basically a bunch of bash/perl scripts doing regex matching against the saved configs from RANCID. Works fine for both 
Cisco and Juniper.

It requires some hand tooling, but we have it doing exactly what you want (checking against different device function 
templates).

Justin Seabrook-Rocha
-- 
Xenith || xenith () xenith org || http://xenith.org/
Jabber: xenith () xenith org

Current thread:

configuration sanity check marcel.duregards () yahoo fr (Oct 29)
- Re: configuration sanity check Daniel Corbe (Oct 29)
- Re: configuration sanity check Joe Abley (Oct 29)
- RE: configuration sanity check Naslund, Steve (Oct 29)
- Re: configuration sanity check Chuck Anderson (Oct 29)
- Re: configuration sanity check Jason Lixfeld (Oct 29)
- Re: configuration sanity check Michal Loncek (Oct 29)
- Re: configuration sanity check chip (Oct 29)
- Re: configuration sanity check Justin Seabrook-Rocha (Oct 29)
- Re: configuration sanity check Jesse McGraw (Oct 29)
  - Re: configuration sanity check Paul Ferguson (Oct 29)
- RE: configuration sanity check Andrew Bosch (Oct 29)