nanog mailing list archives
Re: ACL Monitoring
From: "Alexei Roudnev" <alex () relcom net>
Date: Fri, 13 May 2005 00:32:19 -0700
Used in CCR, and adapted for Cisco IOS Cisco Catos Pix OS Cisco VPN 3000 os Really nice thing. ----- Original Message ----- From: "Glynn Stanton" <glynn () paniglynn com> To: <nanog () merit edu> Sent: Thursday, May 12, 2005 3:39 PM Subject: RE: ACL Monitoring
If you anticipate doing a lot of this kind of monitoring in the future you may want to take a look at the "expect" programming language http://expect.nist.gov/ , which has very simple "send"/"expect"
constructs.
E.g. send "show acl 101/r" expect "access-list .." etc. Perl also allows similar although is probably not quite as easy to pick up if you've never done this kind of thing before. Essentially you'd write a quick script to telnet or ssh to the router
"send"
your commands, expect a result and do something based on that result. As I said, its worth the time investment and you'll find once you get the
script
done you can just reuse it for many other tasks. The TACACS+ suggestion is also good.. Not only would it allow you to limit who (authentication) can do what (authorization).. The accounting features would also provide a log entry if an authorized user did do a no
access-list
101.. You could then write a shell script to parse the accounting log. Cheers, Glynn -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Jim
McBurnett Sent: Thursday, May 12, 2005 5:20 PM To: Paul Ryan; nanog () merit edu Subject: RE: ACL Monitoring Paul, I think a better solution maybe to implement TACACS+ and resrict rights on who can do that.. Sounds like you don't trust someone..... I'd try that first... Later, Jim -----Original Message----- From: Paul Ryan [mailto:pryan () rogers wave ca] Sent: Thursday, May 12, 2005 5:15 PM To: nanog () merit edu Subject: ACL Monitoring Importance: High All - I am looking for a solution (open source, scripts) to allow me to monitor ACL's on Cisco routers. So if for example a line dissapears from an ACL or the entire ACL is removed - I am alerted via pager/e-mail etc. regards, Paul R
Current thread:
- ACL Monitoring Paul Ryan (May 12)
- Re: ACL Monitoring joshua sahala (May 12)
- Re: ACL Monitoring Alexei Roudnev (May 13)
- Re: ACL Monitoring Christopher L. Morrow (May 12)
- <Possible follow-ups>
- RE: ACL Monitoring Jim McBurnett (May 12)
- RE: ACL Monitoring Glynn Stanton (May 12)
- Re: ACL Monitoring Alexei Roudnev (May 13)
- RE: ACL Monitoring Glynn Stanton (May 12)
- Re: ACL Monitoring joshua sahala (May 12)