2 Replies Latest reply on Oct 17, 2019 3:59 PM by tigerr

    Compliance Or Job to Make Changes to Interface Settings

    tigerr

      Hi all,

       

      I'm looking for a why to have Solarwinds look for a certain setting on Cisco switches interfaces and if that setting is found, change it to something else, there are several hundred devices and the setting could be present on several interfaces on all these devices, how do I write something like that?

       

      For example (Just an example):

      Look in all devices for interfaces that have "switchport port-security maximum 3" and change it to "switchport port-security maximum 5". Has anyone done this before? Perhaps with compliance and remediation reports? I'm just not sure how to write such a thing.

       

      Thanks!

        • Re: Compliance Or Job to Make Changes to Interface Settings
          tony.johnson

          NCMs Compliance Reports feature is the best solution for what you have described. Using this approach allows you to remediate all nodes in violation or just an individual node. Remediation scripts can also be run as part of the job.

           

          The process of creating the rules, policies and reports can be found here Ensure compliance to policy rules

            • Re: Compliance Or Job to Make Changes to Interface Settings
              tigerr

              Thank you Tony, indeed that's what I did yesterday, I figured out how to do this with compliance reports, I just wish Solarwinds had more detailed guides on how to write those logical statements and different useful RegEx statements. This is what I did and I'm gonna apply it for the example in my original post:


              • Under "String Matching", I checked "String is found", then checked "Advanced Config Search" right under
              • I did "must contain" >> "RegEx expression" >> "switchport port-security maximum 3\b(\r)?\n"  (without the quotation marks!)
              • Under "SEARCH CONFIG FILE/BLOCK", checked "Config block" that way we're looking at all interfaces
              • I defined the start block as: "^interface .*Ethernet" (without the quotation marks!) that way I could have all interfaces be it Gig, TenGig and so on
              • The config block end is just a "!" (without the quotation marks!)
              • Then I checked the "Regular Expression (RegEx) underneath and "Do NOT trigger this alert if config block is not found"
              • Under "REMEDIATION", I checked the following:
              • CLI
                • Run Script on each config block in violation
                • Execute script in Config Mode
                • And finally this is how the box would be populated:
                  • ${ConfigBlockStartLine}
                  • switchport port-security maximum 5

               

              I guess I answered my own question, hopefully, this will help somebody else as well one day!