Product Documentation

Auditing Configuration Changes Across NetScaler Devices

Dec 18, 2015

You can use the change management feature to monitor configuration changes across managed NetScaler devices, troubleshoot configuration errors, and recover unsaved configurations upon a sudden system shutdown.

The typical workflow for auditing configuration changes consists of the following tasks:

  • Create audit templates with a set of valid NetScaler commands for auditing device configurations and detecting conflicts that result from configuration changes on a device.
  • Add audit policies and map them to the corresponding audit templates.
  • Generate audit reports from the policies to analyze and resolve configuration mismatches and conflicts.

This topic includes the following details:

Configuring Audit Templates

Updated: 2015-05-28

Audit templates contain a set of valid NetScaler commands for auditing device configurations and reporting conflicts that result from configuration changes. These configuration conflicts can be between the running and saved configurations of a device or among the devices in the device list or network.

You need to create audit policies to map the running configuration of the devices to the configuration specified in the audit templates, and then generate an audit report that compares the differences between the two configurations.

After adding the audit templates, you can also modify and delete the audit templates.

In this section:

  • Adding Audit Templates
  • Modifying Audit Templates
  • Deleting Audit Templates

Adding Audit Templates

Audit templates contain a set of valid NetScaler commands for detecting configuration conflicts on a device.

To add audit templates

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Templates.
  2. In the right pane, under Audit Templates, click Add.
  3. Under Add Audit Template, in Name, type the name of the audit template that you want to create.
  4. In Audit Template Commands, type the commands that you want to be part of the new template, and then click OK.

Modifying Audit Templates

You can modify audit templates to change the commands included in them.

To modify audit templates

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Templates.
  2. In the right pane, under Audit Templates, select the audit template you want to modify, click Add.
  3. Under Modify Audit Template, make the changes you want, and then click OK.

Deleting Audit Templates

You can delete one audit template or bulk delete multiple audit templates.

To delete audit templates

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Templates.
  2. In the right pane, under Audit Templates, select the check boxes corresponding to the audit templates you want to delete, and then click Delete.
  3. Click OK on the confirmation message box.

Configuring Audit Policies

Use Command Center Audit Policies to generate change management reports based on your requirements. You can either use built-in policies or add user-defined policies.

Reports are generated by the following two built-in audit policies:

  • RunningVsSavedConfiguration: Results from this report compare the running and saved configuration on a device and highlights specific differences or mismatches between the configurations. If a system shuts down unexpectedly, you can use this report to recover and save configuration changes that were executed but not saved.
  • ConfigurationChangeHistory: Results from this report track configuration changes that take place over a period of time. The default period is seven days.

You can add a user-defined audit policy and map it to corresponding audit templates. You must execute an audit policy on one or more devices or device lists to generate an audit report that compares the running configuration of a device with the selected audit templates. You can schedule both built-in and user-defined audit policies to run at any time. You can modify the existing audit policies and you can delete user-defined audit policies. However, you cannot delete the two built-in audit policies.

In this section:

  • Adding User-Defined Audit Policies
  • Executing Built-in and User-Defined Audit Policies
  • Scheduling Built-in and User-Defined Audit Policies
  • Modifying User-Defined Audit Policies
  • Deleting User-Defined Audit Policies

Adding User-Defined Audit Policies

You can create a user-defined audit policy that generates a report that compares the running configuration of a device with the selected audit templates. This type of report is called Running vs.Chosen audit templates report.

To add audit policies

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Policies.
  2. In the right pane, under Audit Policies, click Add.
  3. Under Add Audit Policy, in Name, type the name of the audit policy you want to create.
  4. Under Choose report(s) to be generated, select one or more of the following:
    • Running vs. Chosen Audit templates: Results from this report compare the running configuration of a device with audit templates chosen. Select the audit templates that you want to use for the report from the Available Audit Templates list, and then click the right arrow.
    • Running vs. Saved Configuration: Results from this report compare the running and saved configuration on a device. After a system restarts, this option helps you recover and save the configuration changes that are executed but not saved.
  5. Click OK.

Executing Built-in and User-Defined Audit Policies

You can execute an audit policy on one or more devices and device lists. Executing an audit policy generates a report.

To execute audit policies

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Policies.
  2. In the right pane, under Audit Policies, click the audit policy you want to execute, and then click Execute
  3. Under Execute Policy, select one of the following:
    • Devices: Select a device from Available Devices and click the right arrow.
    • Device Lists: Select a device list name from Device Lists. If you do not have a device list, click Add Device List to add one.

Scheduling Built-in and User-Defined Audit Policies

You can schedule both built-in and user-defined audit policies to run at a later date and time. You can schedule the policies to run daily at specified hours or to run on specific days of a week or month at specified hours.

To schedule audit policies

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Policies.
  2. In the right pane, under Audit Policies, click the audit policy, and and click Schedule.
  3. Under Schedule Policy, choose one of the following:
    • Devices: Select one or more devices from the Available Devices list, and then click the right arrow.
    • Device Lists: Select a device list name. If you do not have a device list, click Add Device List to add one.
  4. Under Schedule Details, choose one of the following:
    • Daily: Specifies that policies run daily. In Scheduled Hours, specify the hour(s) when you want the policy to run. For example, if you specify 2, the audit policy runs at 2 AM. Note that this follows the 24-hour clock.
    • Day(s) of week: Specifies that policies run on certain days of the week. In Day(s) of week, select the day(s) when you want to run the policy, and in Scheduled Hours, specify the hour(s) at which you want the policy to run. For example, if you specify Monday and 15, the audit policy runs every Monday at 3 PM.
    • Day(s) of month: Specifies that policies run monthly. In Day(s) of month, specify the dates when you want to run the policy, and in Scheduled Hours, specify the hour(s) at which you want the policy to run. For example, if you specify 4, 14, and 24 as the days of month and 15 as the scheduled hour, the audit policy runs at 3 PM on 4th, 14th, and 24th of every month.
  5. Optionally, you can choose to send a report of the changed configuration by selecting the Email the report check box. Enter the From, To, and Server Name details. Select the Attach the generated report(s) check box if you wish to receive the configuration report as an attachment in CVS file format. If there are configuration changes, you will receive an email with the changes after the policy is executed at the scheduled time. Click Test Mail to check if the mail server credentials provided are accurate and if the mail server is accessible from command center server. If the connection to the mail server is successful, a test mail is sent to the specified email and the settings are saved.

Modifying User-Defined Audit Policies

After creating audit policies, you can modify them to change the settings of the type of reports to be generated.

Note: You cannot modify built-in audit policies.

To modify audit policies

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Policies.
  2. In the right pane, under Audit Policies, click the audit policy you want to modify, and then click Modify.
  3. Under Modify Audit Policy, make the changes you want to, and then click OK.

Deleting User-Defined Audit Policies

You can delete a single user-defined audit policy or bulk delete multiple user-defined audit policies.

Note: You cannot delete the two built-in audit policies RunningVsSavedConfiguration and ConfigurationChangeHistory.

To delete audit policies

  1. On the Configuration tab, in the left pane, under Change Management, click Audit Policies.
  2. In the right pane, under Audit Policies, select the audit policies you want to delete, and then click Delete.
  3. Click OK.

Generating Audit Reports

Audit reports are generated when you execute audit policies. Using these reports, you can monitor the configuration change events for each device on which an audit policy is executed. You can also resolve configuration mismatches and conflicts. You can monitor the following types of audit reports:

  • Running vs. Saved Configuration: Generated when you execute the RunningVsSavedConfiguration audit policy. Specifies specific instances of difference or mismatch between the running configuration and the saved configuration of the device.
  • Running vs. Audit Templates: Generated when a user-defined audit policy, which maps running configuration to audit templates is executed. Specifies specific instances of syntactical differences or mismatches between the commands in a running configuration and the assigned templates. Displays these differences or mismatches and the corrective commands that must be executed to resolve the conflicts. You can create a custom task to resolve this conflict. If there are no conflicts, the following message appears: “The audited configurations are in sync.
  • Configuration change events: Generated when you execute the ConfigurationChangeHistory audit policy. Specifies configuration change events generated for a given device for the specified period (age). This facilitates troubleshooting of configuration errors by enabling the administrator to view all the commands executed over a period of time and also the exact date and time when a command was run.

You can view a list of all the reports generated. You can export a report as a CSV file to your local system or to the Command Center server. You can also set an interval for automatically updating the audit reports that you monitor. If you do not want to use a report, you can delete it

This topic includes the following details:
  • Viewing Audit Reports
  • Exporting Audit Reports
  • Deleting Audit Reports

Viewing Audit Reports

You can view a list of all the generated reports. You can also monitor the configuration change events or configuration conflicts for each device on which an audit policy is executed.

To view audit reports

  1. On the Configuration tab, in the left pane, under Change Management, click Reports.
  2. Under Reports, you can view the following:
    • Name: Specifies the name of the audit report. Click the report name to display the IP address of the device(s) for which the report is generated, the start and end times of report generation for each device, and the status of the report.
    • Start Time: Specifies the time when the report generation started.
    • End Time: Specifies the time when the report generation ended.
    • Audit By: Specifies the user who executed the policy that generated the audit report.
    • Status: Specifies the status of the report (for example, changes exist, no changes, in progress, and failed).

Exporting Audit Reports

You can export a report as a CSV file to your local system or to the Command Center server.

To export audit reports

  1. On the Configuration tab, in the left pane, under Change Management, click Reports.
  2. Under Reports, click the report name for which you want to monitor the configuration mismatches.
  3. Under Device Level, click the IP address of the device for which you want to view the report.
  4. On the report that appears, click Export, and in the File Save dialog box, click Save.

Deleting Audit Reports

You can delete one audit report or bulk delete multiple audit reports.

To delete audit reports

  1. On the Configuration tab, in the left pane, under Change Management, click Reports.
  2. Under Reports, select the reports you want to delete, and then click Delete.
  3. Click OK on the confirmation message box.