Looking for help on getting solarwinds to stop saving the config when the RTCD kicks off.

Anyone at all?

By default Solarwinds doesn't save configs when it logs in to download a config.  So that is quite odd.  You should make sure you don't have any other triggered jobs that go save a config when it   Maybe someone set up something like that in the past, or have only you worked on this server?  Places I would look would include the "Device Templates", make sure someone didn't include a "write" command in the login process somewhere.  Also, make sure you don't have an alert set up to trigger an NCM job (not even 100% sure that can be done) that logs in and writes out the config.

As far as stopping the downloading loop, you might try setting up your comparison criteria to ignore new configs that have the "last modified by" line changed.  Go to "Settings" and "NCM Settings". 

In the "Configs" section, go to "Comparison Criteria".    Add a new one, give it a title that makes sense to you, and in the "RegEx pattern" put in something that identifies what you want to ignore.   ie: if the line starts with "! Last modified by", you might want to put in "^! Last modified by.*".   The initial "^" anchors it to the beginning of a line, the ".*" says match anything after that.

By ignoring this line, if no other lines are different in the config it will reject it as being the same as a previous one...

HTH!

Thanks so much for the help Craig!

I'm the only one that has worked on this server - I'm using the built in template that can't be modified (if you try to modify it, it tells you to have to copy the template first before changes can be made)

There aren't any alert triggers that I have put into the system for saving the configs...

here's the default template

<!--SolarWinds Network Management Tools--> <!--Copyright 2007 SolarWinds.Net All rights reserved--> <Configuration-Management Device="Cisco ASA" SystemOID=" 1.3.6.1.4.1.9.1.669">   <Commands>   <Command Name="RESET" Value="terminal pager 0"/>   <Command Name="Reboot" Value="reload noconfirm"/>   <Command Name="EnterConfigMode" Value="config terminal"/>   <Command Name="ExitConfigMode" Value="quit"/>   <Command Name="Startup" Value="startup"/>   <Command Name="Running" Value="running"/>   <Command Name="DownloadConfig" Value="Show ${ConfigType}"/>   <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>   <Command Name="DownloadConfigIndirect" Value="write net ${StorageAddress}:/${StorageFilename}"/>   <Command Name="UploadConfigIndirect"/>   <Command Name="EraseConfig" Value="write erase${CRLF}Yes"/>   <Command Name="SaveConfig" Value="write memory"/>   <Command Name="Version" Value="show version"/>   </Commands> </Configuration-Management>

I noticed the DownloadConfigIndirect says "write net .........."

Think that's it?

For comparison the IOS template is:

<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by () --> <!--SolarWinds Network Management Tools--> <!--Copyright 2005 SolarWinds.Net All rights reserved--> <Configuration-Management Device="Cisco Devices" SystemOID=" 1.3.6.1.4.1.9">   <Commands>   <Command Name="RESET" Value="terminal width 0${CRLF}terminal length 0"/>   <Command Name="Reboot" Value="reload${CRLF}y${CRLF}y"/>   <Command Name="EnterConfigMode" Value="config terminal"/>   <Command Name="ExitConfigMode" Value="end"/>   <Command Name="Startup" Value="startup"/>   <Command Name="Running" Value="running"/>   <Command Name="DownloadConfig" Value="Show ${ConfigType}"/>   <Command Name="UploadConfig" Value="${EnterConfigMode}${CRLF}${ConfigText}${CRLF}${ExitConfigMode}"/>   <Command Name="DownloadConfigIndirect" Value="copy ${ConfigType} ${TransferProtocol}://${StorageAddress}/${StorageFilename}${CRLF}${CRLF}${CRLF}"/>   <Command Name="UploadConfigIndirect" Value="copy ${TransferProtocol}://${StorageAddress}/${StorageFilename}  ${ConfigType}${CRLF}${CRLF}"/>   <Command Name="DownloadConfigIndirectSCP" Value="copy ${ConfigType} ${TransferProtocol}://${SCPServerUserName}@${SCPStorageAddress}/${StorageFilename}${CRLF}${CRLF}${CRLF}${CRLF}${SCPServerPassword}"/>   <Command Name="UploadConfigIndirectSCP" Value="copy ${TransferProtocol}://${SCPServerUserName}@${SCPStorageAddress}/${StorageFilename}  ${ConfigType}${CRLF}${CRLF}${SCPServerPassword}"/>   <Command Name="EraseConfig" Value="write erase${CRLF}Y"/>   <Command Name="SaveConfig" Value="write memory"/>   <Command Name="Version" Value="show version"/>   </Commands> </Configuration-Management>

The DownloadConfigIndirect is a copy command in IOS

Hmm...  Its possible.  I found this note on a posting on a Cisco site:  "Note: When the tftp-server command and the filename are defined, every time the write net command is issued, the current configuration file is always overwritten.

That would hint that maybe it does that.  I've never used the command personally.  The copy commands work just fine on ASA's too I believe...

I've tried playing with the command, but don't see it doing that - but the behavior might be IOS specific... 

Here is a thought, are you using a TACACS server?   If so, maybe configure up command accounting so you know exactly what is going on?   Something like

aaa accounting command privilege 15 AAAServerGroup

You might have to do it for level 1 and any other levels you might have defined.  That way it will log what commands are being issued on the ACS/TACACS server and you can see what is coming from where?

If you aren't using one, maybe try a freebie one like TACACS.net to find out?

We have TACACS installed and running but I haven't added the line above like you mentioned yet.

I Switched the device template from Cisco Adaptive Security Appliance to Cisco IOS.

It seems to download the config just fine using the copy command instead of write net (yay) but it still seems to be writing to the config.  I turned off the "ignore commented lines" section of my and RTCD immediately sent these:

Note: solarwinds is the service account:

How is your ignore commented lines configured?   I think the "out of the box" configuration for that doesn't work right.  My regex pattern is "^:" which seems to work for me I believe...  I might have other lines to compensate though...

It's the same, i have a ^! and a ^: line to get both times of commenting!

Just double checking, in the Comparison Criteria table of what you're ignoring, the Enabled column is set to "Yes" by both of these rules?  Your sure there are no spaces or anything after the "^:" that could be causing it to not find it?

In looking a little closer I do have another rule that could fit that, which means maybe I was having problems with that one also.  Try a rule with this RegEx in it...

"^:Written by*"

Yep by default i have it set.  It properly ignores the lines while active but my concern was with the fact solarwinds keeps writing the config - even when using the copy command.  I'm not sure at this point if I can even fix that.

Reaching a bit here, not sure what is going on.  It almost sounds as if you have it set up to keep copies of configs whether or not if they've changed or not.  That is assuming your "Comparison Criteria" rules are working.   I found something that might matter, but not sure as I've never used it.

Under "Settings" / "NCM Settings" / "Real Time Change Detection" / "Config Downloads & Notifications", do you have it set to "Last downloaded config file" or "Baseline config file".   If set to Baseline, change it to Last Downloaded....