Re: Real network failure causes Was: What do you want your ISP to block today?

[Joe Abley <jabley () isc org>]

On Thursday, Sep 4, 2003, at 09:59 Canada/Eastern, Ian Mason wrote:

> The best diagnostic tool I've ever had is a script I cobbled together 
> over two hours one night. Once an hour, it simply collected all the 
> router configs across the network, did a 'diff' between the current 
> and last config, and if there were changes, emailed them to me, along 
> with a TACACS+ log summary that showed who had logged into which 
> router when.

There are a couple of tools I know about which will do the first part 
(the config diffing part). Both are easy to extend if you wanted to 
include other bits (such as tac-plus log summaries).

  http://www.shrubbery.net/rancid/
  http://buffoon.automagic.org/dist/ciscoconf-1.1.tar.gz

I wrote ciscoconf. I would recommend that everybody use rancid instead.

> Experience with this quickly taught me to check these summary change 
> logs whenever a problem was escalated to me. Most times the problem 
> was related to a config change, not an external cause. Further 
> experience taught me to look out for one particular engineers name in 
> the logs but that's another story.

Amen to all that.


Joe