How to monitor pending commits

Reply
Highlighted
L1 Bithead

How to monitor pending commits

I'm looking for a way to externally check that there are no policy commits pending.

Is there an SNMP OID signalling a commit is pending?

Or, is there a SSH CLI command that shows a commit is pending?

I'm running a PA-3020 with PANOS 5.0.15.


Accepted Solutions
Highlighted
L1 Bithead

Re: How to monitor pending commits

This 'show config diff' method may get me what I want to know.  I'm not interested in the specific details of the candidate changes.  I just want to know if there exist candidate changes waiting to be applied.  I'll have my network monitoring system check every couple hours and raise a warning if changes are waiting that haven't been committed.

'show config diff | match @@' may be what I need.

After a change but before commit:

admin@PN3020> show config diff | match @@

@@ -4156,7 +4156,7 @@

@@ -4174,6 +4174,14 @@

@@ -4253,7 +4261,7 @@

@@ -4271,6 +4279,14 @@

@@ -4424,33 +4440,6 @@

admin@PN3020>


After the commit:

admin@PN3020> show config diff | match @@

admin@PN3020>

View solution in original post

Highlighted
L1 Bithead

Re: Re: How to monitor pending commits

This works and solved my problem!  :smileyhappy:

My network monitoring system (Ipswitch WhatsUp Gold) is running an EXPECT script that logs in via SSH and runs the show config diff | match @@ command.

If there is no output, there are no pending changes.

If there is any output, there are changes waiting to be committed, and I need to be notified.

This is going to help me and my staff make sure we're following through.

Thanks for the advice everyone!  :smileygrin:

View solution in original post


All Replies
Highlighted
L3 Networker

Re: How to monitor pending commits

Hello Mcain

From the CLI you can use the below command to see the pending commits

> show jobs pending

Enqueued ID Type Status Result Completed

--------------------------------------------------------------------------

To check the commit jobs that were processed use the below command. The output is from one of my local device

> show jobs processed

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:19:33        9904         WildFire       FIN     OK 10:19:40

2015/02/03 10:19:26        9903          Install       FIN     OK 10:19:33

2015/02/03 10:18:24        9902           Downld       FIN     OK 10:19:26

2015/02/03 10:04:20        9900         WildFire       FIN     OK 10:04:25

2015/02/03 10:04:13        9899          Install       FIN     OK 10:04:20

2015/02/03 10:03:35        9898           Downld       FIN     OK 10:04:10

2015/02/03 09:49:35        9896         WildFire       FIN     OK 09:49:41

2015/02/03 09:49:28        9895          Install       FIN     OK 09:49:35

2015/02/03 09:48:24        9894           Downld       FIN     OK 09:49:28

2015/02/03 09:34:27        9892         WildFire       FIN     OK 09:34:33

2015/02/03 09:34:21        9891          Install       FIN     OK 09:34:27

Hope that helps!

Note: Please mark any helpful or correct answers.

Regards

Khan

Highlighted
L7 Applicator

Re: How to monitor pending commits

Add to it:

In case of a commit pending or failure, you may also see detail information about the failure reason.

> show jobs all

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:34:24        1900         WildFire       FIN     OK 10:34:28

2015/02/03 10:34:20        1899          Install       FIN     OK 10:34:24

admin@34-PA-3020> show jobs id 1900

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:34:24        1900         WildFire       FIN     OK 10:34:28

Warnings:

Details:Configuration committed successfully

Successfully committed last configuration

Thanks

HULK

Highlighted
L5 Sessionator

Re: How to monitor pending commits

Hi,

Command you are looking for is "> show config diff" ; this will show you all the configs that are modified but are not committed yet.

admin@PA> show config diff

<no changes made, so blank output>

Then added a address group called test_3 along with other changes.

admin@PA> show config diff

@@ -3447,6 +3447,9 @@

             v6-WINSRVR {

               ip-netmask fc00:2:6::242;

             }

+            test_3 {

+              ip-netmask 3.3.3.3;

+            }

           }

           application-filter {

             file-sharing {

Hope this helps. Thank you.

Highlighted
L1 Bithead

Re: How to monitor pending commits

Thanks for the 'show jobs' suggestion, however, that didn't seem to work.  I made a small policy configuration change, and the "Commit" button enabled in the top right of the web UI, but the 'show jobs pending' is empty.

Highlighted
L7 Applicator

Re: How to monitor pending commits

When you have applied the commit button, it was successfully commitedthe changes..?

Thanks

L5 Sessionator

Re: How to monitor pending commits

You will have to run following command to view changes :

admin@PA> show config diff

Highlighted
L7 Applicator

Re: How to monitor pending commits

Follow these steps to see theuncommited changes from GUI:

Config-diff.JPG

Config-diff-1.JPG

Thanks

Highlighted
L1 Bithead

Re: How to monitor pending commits

This 'show config diff' method may get me what I want to know.  I'm not interested in the specific details of the candidate changes.  I just want to know if there exist candidate changes waiting to be applied.  I'll have my network monitoring system check every couple hours and raise a warning if changes are waiting that haven't been committed.

'show config diff | match @@' may be what I need.

After a change but before commit:

admin@PN3020> show config diff | match @@

@@ -4156,7 +4156,7 @@

@@ -4174,6 +4174,14 @@

@@ -4253,7 +4261,7 @@

@@ -4271,6 +4279,14 @@

@@ -4424,33 +4440,6 @@

admin@PN3020>


After the commit:

admin@PN3020> show config diff | match @@

admin@PN3020>

View solution in original post

Highlighted
L1 Bithead

Re: Re: How to monitor pending commits

This works and solved my problem!  :smileyhappy:

My network monitoring system (Ipswitch WhatsUp Gold) is running an EXPECT script that logs in via SSH and runs the show config diff | match @@ command.

If there is no output, there are no pending changes.

If there is any output, there are changes waiting to be committed, and I need to be notified.

This is going to help me and my staff make sure we're following through.

Thanks for the advice everyone!  :smileygrin:

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!