This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NCM Real-Time Change Detection

Hi,

We are "new" to the Solarwinds family and have tripped up already !! , How do you configure Real-time Change Detection ?. We have mulitple manufacturers devices , Cisco, Juniper etc but cannot any of them to work.

I've tried following the readme but its confusing at best.

We just want to turn it on I dont have the time to start hand cranking individual scripts for 100 plus devices (our existing platform does this by default).

Any help appreciated 

  • The default settings for RTCD should do the majority of Cisco devices. Does it work for any of your cisco devices? For me, I only had to custom write a RTCD rule for the Cisco Nexus devices.

    I do it via the Syslog Viewer. (you can also do it via SNMP)

    Do your devices send the appropriate config update syslog to Solarwinds? If yes, then just go into Syslog Viewer on your Solarwinds server and make sure the rule is turned on. All the rule does is look for syslog messages containing *Configured from console* and if it sees one, it triggers an external program to copy the current running config.

    To get RTCD working for my Cisco Nexus device, I just copied the current rule and modified the Syslog Message Pattern to *Configured form vty*.

    So with your other device, just see how they alert Solarwinds that the config has been updated. Then write your rule according to that.

  • These commands are for Cisco IOS (minimum of 12.3 train) and are more advanced than what is in the NCM Admin Guide.  This enables the device to log any commands given while in config mode but it only generates a syslog after someone has made a change and left or closed their session (the logging discriminator is what does the filtering):

    enable

    configure terminal

    archive

    log config

    logging enable

    logging size entries

    hidekeys

    notify syslog

    login on-failure log every 1

    login on-success log every 1

    end

    logging discriminator LOGTHIS msg-body includes ^Configured|(Login Suc)|(Login failure)

    logging host x.x.x.x discriminator LOGTHIS

    ! Change “XXX’s” to the IP of SolarWinds server

    As superfly99 said you should check your syslog viewer for what messages you are receiving.  It is likely just a syntax adjustment that needs to be made.

  • We have the Cisco stuff down fairly well, but I will be looking at improving it with the above !!.

    Our big issue is that we were told that NCM RTC would support

    Juniper SSG Firewalls

    Juniper SRX Firewalls

    Cisco ASA (x and non x) Firewalls

    and yet this does NOT appear to be the case , I can find nothing about how to configure (specifically) the Juniper's , in fact I would go so far as to say there is NO support for Juniper SRX/SSG in NCM RTCwhat so ever.

  • For the ASA you should be able to use syslog messages 111005-111010 to accomplish what you want.  It comes down to what syslog message you want to use to trigger the RTCN script.

  • So nobody in the known world uses NCM/RTC for Cisco Firewalls  and or Juniper Firewalls ?......So far Device Expert from Adventnet blows this into the weeds......

  • I personally don't but it will be easy enough to setup. As I mentioned above, just check the syslog message that's created when the config has changed. Then use that on your RTCD rule in Syslog viewer.

    I don't know anything about the Junipers but I assume they'd also 'log' some sort of message when the config has changed. Either syslog or setup a snmp trap for it.