This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Can I expand compliance capabilities with perl?

andy99 over 11 years ago

Hi, I have an installation of NCM on Windows. The config compliance reporting features are very useful, but I was wondering how easy it would be to add some of my own compliance checks via a perl script. For example, suppose I wanted to schedule a perl script to check the latest running-config files of 100 cisco devices to make sure that the descriptions on trunks matched up (i.e. the description on a trunk matches the hostname of the peer). The detailed results of the check could be written to a log file, but, at a minimum, I would want a fail alert to be generated to prompt someone to check the log. I guess there are many ways this might be achieved, for example there may be different ways to schedule the script and different mechanisms for alerting.

Anybody have any general advice on different approaches?

Top Replies

0 cvachovecj over 11 years ago

Hi andy99,
As you suggest, you could schedule a perl script that would check the latest running configs. You can find them in Config Archive (by default in NCM installation directory). If you are able to write such a script, I suppose it shouldn't be difficult for you to extend the script so that it sends an e-mail or SNMP trap when a compliance violation is found.
Jiri
Cancel
Vote Up +1 Vote Down

Cancel
0 andy99 over 11 years ago in reply to cvachovecj

Jiri,
thanks. That is what I might do. It would be good if you could trigger some form of user defined script in the NCM rule definition, which would then return a true or false (violate the rule) result - maybe in the future. That way all your device config compliance would be managed by one system.
Just to confirm (as an example), if I have a 24 port cisco device and I want to check that every port has a description, am i right in thinking I cannot achieve that with the NCM Policy Reporter?
Andy.
Cancel
Vote Up 0 Vote Down

Cancel
0 cvachovecj over 11 years ago in reply to andy99

Does help?
Jiri
Cancel
Vote Up +1 Vote Down

Cancel
0 andy99 over 11 years ago in reply to cvachovecj

Jiri,
thanks, yes I think that could help. I've just checked and we are still running NCM 6.0. I think the block feature is in 6.1 and 7 so it looks like we'll have to upgrade.
Thanks, again.
Andy.
Cancel
Vote Up 0 Vote Down

Cancel
0 cvachovecj over 11 years ago in reply to andy99

Andy,
Yes, upgrade would be a good choice. If you have active NCM maintenance, you can upgrade to NCM 7.1 release candidate or wait a few weeks for the final release.
Regards,
Jiri
Cancel
Vote Up 0 Vote Down

Cancel
0 andy99 over 11 years ago in reply to cvachovecj

Jiri,
I believe we have, so will look into it.
Thanks.
Andy.
Cancel
Vote Up 0 Vote Down

Cancel