[61754] in North American Network Operators' Group
Re: Real network failure causes Was: What do you want your ISP to block today?
daemon@ATHENA.MIT.EDU (Joe Abley)
Thu Sep 4 10:58:03 2003
Date: Thu, 4 Sep 2003 10:56:55 -0400
Cc: Rob Thomas <robt@cymru.com>,
Johannes Ullrich <jullrich@euclidian.com>, NANOG <nanog@merit.edu>
To: Ian Mason <nanog@ian.co.uk>
From: Joe Abley <jabley@isc.org>
In-Reply-To: <5.2.1.1.0.20030904144907.03478b48@imbolc.ian.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
On Thursday, Sep 4, 2003, at 09:59 Canada/Eastern, Ian Mason wrote:
> The best diagnostic tool I've ever had is a script I cobbled together
> over two hours one night. Once an hour, it simply collected all the
> router configs across the network, did a 'diff' between the current
> and last config, and if there were changes, emailed them to me, along
> with a TACACS+ log summary that showed who had logged into which
> router when.
There are a couple of tools I know about which will do the first part
(the config diffing part). Both are easy to extend if you wanted to
include other bits (such as tac-plus log summaries).
http://www.shrubbery.net/rancid/
http://buffoon.automagic.org/dist/ciscoconf-1.1.tar.gz
I wrote ciscoconf. I would recommend that everybody use rancid instead.
> Experience with this quickly taught me to check these summary change
> logs whenever a problem was escalated to me. Most times the problem
> was related to a config change, not an external cause. Further
> experience taught me to look out for one particular engineers name in
> the logs but that's another story.
Amen to all that.
Joe
