search

ytti / oxidized

Oxidized is a network device configuration backup tool. It's a RANCID replacement!
Apache License 2.0
2.81k stars 928 forks source link

Capturing Users in Oxidized Diff #1960

Closed usaiat closed 1 year ago

usaiat commented 5 years ago

Got Oxidized working (also integrated with LibreNMS) and want to move to another step that is to capture usernames of admins that make the change. We use RADIUS with AAA so users log in using their active directory account. Two groups of user for admin and operators. Admin can make changes so I want Oxidized to also capture user names when I go through the versions. Once this is working then my next step is to send an email alert to our distribution groups with the change made and the username

I'm a starter so any simple example will really be appreciated

davama commented 5 years ago

I want Oxidized to also capture user names when I go through the versions.

how would oxidized "capture" usernames? Not sure but probably comment this line out, to get some form of username "capture" https://github.com/ytti/oxidized/blob/35bbc62c917a03710140d53108da0a9484b2c3a7/lib/oxidized/model/ios.rb#L99 (idk what model you are using...)

Once this is working then my next step is to send an email alert to our distribution groups with the change made and the username

I think others have asked similar questions about emailing when changes. Might want to search in the issues.

Also: Would a logging server better help with this? Not necessary, what changes happened, but who logged in, when they did and you can correlate that with changes in oxidized.

usaiat commented 5 years ago

Thanks @davama Ive got ios, nxos, procurve, vyatta, edgeos and pfsense oxidized at the moment. All access to these devices are via RADIUS.

ZacharyPuls commented 5 years ago

FYI: we have this working via syslog-triggered updates. Let me know if you'd like a (sanitized) copy of my Logstash config.

I was never able to get it to work parsing the "configuration last modified by" line.

usaiat commented 5 years ago

@ZacharyPuls That'll be really appreciated. So you got syslog integrated with Oxidized ? I've got syslog but on a different server from the server hosting my Oxidized.

ytti commented 5 years ago

https://github.com/ytti/oxidized/blob/master/extra/syslog.rb might be relevant

it monitors syslog and asks oxidized to fetch the box next, passing the committer name and commit message if any.

If you'd run this, then 'git blame' over time will show who made which line.

usaiat commented 5 years ago

@ytti do I have to have syslog installed on the same host hosting my Oxidized ? I've seen the syslog.rb file on my /var/lib/gems/2.5.0/gems/oxidized-0.27.0/extra however my syslog server is on a different server. How do I "If you'd run this, then 'git blame' over time will show who made which line."

usaiat commented 5 years ago

FYI: we have this working via syslog-triggered updates. Let me know if you'd like a (sanitized) copy of my Logstash config.

I was never able to get it to work parsing the "configuration last modified by" line.

Would you be able to send me your (sanitized) copy of Logstash config ? Any help will be really appreciated