How to monitor pending commits

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to monitor pending commits

L1 Bithead

I'm looking for a way to externally check that there are no policy commits pending.

Is there an SNMP OID signalling a commit is pending?

Or, is there a SSH CLI command that shows a commit is pending?

I'm running a PA-3020 with PANOS 5.0.15.

2 accepted solutions

Accepted Solutions

This 'show config diff' method may get me what I want to know.  I'm not interested in the specific details of the candidate changes.  I just want to know if there exist candidate changes waiting to be applied.  I'll have my network monitoring system check every couple hours and raise a warning if changes are waiting that haven't been committed.

'show config diff | match @@' may be what I need.

After a change but before commit:

admin@PN3020> show config diff | match @@

@@ -4156,7 +4156,7 @@

@@ -4174,6 +4174,14 @@

@@ -4253,7 +4261,7 @@

@@ -4271,6 +4279,14 @@

@@ -4424,33 +4440,6 @@

admin@PN3020>


After the commit:

admin@PN3020> show config diff | match @@

admin@PN3020>

View solution in original post

This works and solved my problem!  Smiley Happy

My network monitoring system (Ipswitch WhatsUp Gold) is running an EXPECT script that logs in via SSH and runs the show config diff | match @@ command.

If there is no output, there are no pending changes.

If there is any output, there are changes waiting to be committed, and I need to be notified.

This is going to help me and my staff make sure we're following through.

Thanks for the advice everyone!  :smileygrin:

View solution in original post

9 REPLIES 9

L3 Networker

Hello Mcain

From the CLI you can use the below command to see the pending commits

> show jobs pending

Enqueued ID Type Status Result Completed

--------------------------------------------------------------------------

To check the commit jobs that were processed use the below command. The output is from one of my local device

> show jobs processed

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:19:33        9904         WildFire       FIN     OK 10:19:40

2015/02/03 10:19:26        9903          Install       FIN     OK 10:19:33

2015/02/03 10:18:24        9902           Downld       FIN     OK 10:19:26

2015/02/03 10:04:20        9900         WildFire       FIN     OK 10:04:25

2015/02/03 10:04:13        9899          Install       FIN     OK 10:04:20

2015/02/03 10:03:35        9898           Downld       FIN     OK 10:04:10

2015/02/03 09:49:35        9896         WildFire       FIN     OK 09:49:41

2015/02/03 09:49:28        9895          Install       FIN     OK 09:49:35

2015/02/03 09:48:24        9894           Downld       FIN     OK 09:49:28

2015/02/03 09:34:27        9892         WildFire       FIN     OK 09:34:33

2015/02/03 09:34:21        9891          Install       FIN     OK 09:34:27

Hope that helps!

Note: Please mark any helpful or correct answers.

Regards

Khan

Add to it:

In case of a commit pending or failure, you may also see detail information about the failure reason.

> show jobs all

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:34:24        1900         WildFire       FIN     OK 10:34:28

2015/02/03 10:34:20        1899          Install       FIN     OK 10:34:24

admin@34-PA-3020> show jobs id 1900

Enqueued                     ID             Type    Status Result Completed

--------------------------------------------------------------------------

2015/02/03 10:34:24        1900         WildFire       FIN     OK 10:34:28

Warnings:

Details:Configuration committed successfully

Successfully committed last configuration

Thanks

HULK

L5 Sessionator

Hi,

Command you are looking for is "> show config diff" ; this will show you all the configs that are modified but are not committed yet.

admin@PA> show config diff

<no changes made, so blank output>

Then added a address group called test_3 along with other changes.

admin@PA> show config diff

@@ -3447,6 +3447,9 @@

             v6-WINSRVR {

               ip-netmask fc00:2:6::242;

             }

+            test_3 {

+              ip-netmask 3.3.3.3;

+            }

           }

           application-filter {

             file-sharing {

Hope this helps. Thank you.

Thanks for the 'show jobs' suggestion, however, that didn't seem to work.  I made a small policy configuration change, and the "Commit" button enabled in the top right of the web UI, but the 'show jobs pending' is empty.

When you have applied the commit button, it was successfully commitedthe changes..?

Thanks

You will have to run following command to view changes :

admin@PA> show config diff

Follow these steps to see theuncommited changes from GUI:

Config-diff.JPG

Config-diff-1.JPG

Thanks

This 'show config diff' method may get me what I want to know.  I'm not interested in the specific details of the candidate changes.  I just want to know if there exist candidate changes waiting to be applied.  I'll have my network monitoring system check every couple hours and raise a warning if changes are waiting that haven't been committed.

'show config diff | match @@' may be what I need.

After a change but before commit:

admin@PN3020> show config diff | match @@

@@ -4156,7 +4156,7 @@

@@ -4174,6 +4174,14 @@

@@ -4253,7 +4261,7 @@

@@ -4271,6 +4279,14 @@

@@ -4424,33 +4440,6 @@

admin@PN3020>


After the commit:

admin@PN3020> show config diff | match @@

admin@PN3020>

This works and solved my problem!  Smiley Happy

My network monitoring system (Ipswitch WhatsUp Gold) is running an EXPECT script that logs in via SSH and runs the show config diff | match @@ command.

If there is no output, there are no pending changes.

If there is any output, there are changes waiting to be committed, and I need to be notified.

This is going to help me and my staff make sure we're following through.

Thanks for the advice everyone!  :smileygrin:

  • 2 accepted solutions
  • 8454 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!