Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Config Comparisons - Cisco Fwsm's

Hi Folks,

I just wanna place this up here on Thwack first before I open a ticket just in case it turns out to be a quick fix. Has anyone one else experienced the following when running a config comparison on Cisco Fwsm's?

I have a scheduled config download job that should only download a config if a change has been detected. This works great on all of my networking devices and on most of my Firewalls except for a handful of Cisco Fwsm's.

Everytime the job runs it downloads a copy of the config whether a change has been made or not. Now at first I just thought that I could just change the comparison criteria and that would fix it.

But once I started to investigate it I noticed something unusual was happening.

If I download 2 configs manually from the same Fwsm and compare them I see no differences between them if no changes have been made; this is how it should work.

If I download another 2 configs from a single Fwsm; this time one is downloaded manually and the other is downloaded as a result of a Scheduled job. Again there has been no change to the Fwsm, yet when I compare the 2 configs the comparison tool finds differences in the configs.

These differences are in the form of blank lines/carraige returns in various places in the config file downloaded via the scheduled job. I have taken multiple copies of files using the scheduled job and have noticed that the blank lines never show up in the same location within the file.

This atleast explains why the scheduled job is pulling down the config files on these devices everytime regardless.

But why are these blank lines appearing and why only on scheduled jobs?

Is it due to some command being entered on the device during the scheduled job?

might it be corrected by editing or creating a command template?

I have attached an image highlighting the bahaviour using an example scenario.

Cheers

Comfig comparison issue.JPG

Find more posts tagged with

Accepted answers

All comments

christineb

Hi Ciag - I would suggest going ahead and opening a support ticket.

--Christine

Ciag

- Solution -

Ok So I got to the bottom of this by using the excellent session tracing tool. Thanks for the tip SW support.

I had created custom command templates for the devices in question. The reason for this was that the command line on these boxes/instances does not accept a few of the commands used in Cisco IOS (Mainly Term len 0).

I had created a command template that used the System OID of the Fwsm's and all of the appropriate command line syntax needed by NCM on the Fwsm.

I was able to use the session tracing tool to confirm that the command template I had created was not being used. My mistake it seems was that I had only used the system OID inside the command template and not included it in the name. I updated the filename to include the system OID and its been working great since then.

Downloads and comparisons are all behaving as expected.

Thanks

christineb

Ciaran - thank you very much for posting the followup.

--Christine

swack

What session tracing tool are you referring to? I am also having a problem with blank lines showing up comparing ASA configs.

Ciag

Hi Swack,

Apologies for no elaborating about the session trace. This is a tool available within the NCM app. If you go to 'Settings' in the file menu. In the settings window scroll the left-hand window scroll down to the bottom, under the advanced section there is the Session tracing tool. (see attached file)

If you select this tool you will be presented with 2 bits of info in the right side of the window.

1. The option to turn session tracing on and off

2. The location of the Session tracing log file which you can use to view the results of the trace.

Remember to turn off session tracing when you are finished testing!!!!

This is a very handy tool. For example when tracing is enabled, if you execute a command script in the log files you will be able to see the complete sequence of transactions in the coversation between the NCM server and the host such as :-

Passwords

command templates

system OIDs

and timestamps

It's an excellent tool for analysing the inner working of NCM just remember to turn it off when you're finished using it.

HTH

Session Tracing.jpg

prenticet

Do you mind sharing your Custom template? thanks.

Ciag

Unfortunatley I now work for another company and no longer have access to the custom templates. From memory I think all I did was make a copy of the existing FWSM templates or something simliar and remove and or replaced the commands that weren't working with the those accepted in the FWSM CLI. Sory I can't be of much more help than that

Regards

Ciaran