Looking for suggestions of how others track config changes: who made the change and what changed; similar to config audit but for every change made over time. The goal is training and accountability.
I’m aware of Rancid, which may or may not work as it’s intended for Cisco configs, and looks to only provide diff output. Syslog is an option but it’s very atomic, and would require reassembling atoms to provide a meaningful perspective. What other options?
We use Prisma SD-WAN, which triggers it’s own config changes regularly (_cloud-services) so the default 100 config changes roll by fairly quickly, limiting the usefulness of Config Audit tools, and provide no historic reference.
We have a requirement to review changes on a monthly basis. What we do is use the 'Config Audit' feature and select the change closest to the beginning and end of the month and compare the two. Then we have to use justifications of each change, in our case the change control number and subject of the change. Just click and drag the select and paste into excel. Works and satisfies the auditors. If you have a lot of changes, just adjust the 'Number of Versions for Config Audit' number higher than the default.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!