Network Change Monitoring
Unauthorized configuration changes can wreak havoc on business continuity, which is why detecting and tracking changes is a crucial task for network admins. Although changes can be tracked manually, this method tends to be time consuming and often leads to human error, like missing out configurations of critical network devices while tracking.
To resolve this, Network Configuration Manager offers real-time configuration change detection. Using real-time change detection, admins can track and detect changes in real time, which helps with gaining total control over all the devices in their networking environment.
How real-time change detection works
Real-time change detection must be enabled in the network devices you want to detect changes for. The below events give an in-depth look at how real-time change detection works in Network Configuration Manager:
- When an admin, operator, or user logs in and out of a network device, the device generates a syslog message.
- These syslog messages will be sent to the built-in syslog server in Network Configuration Manager, which looks for the log out message.
- Upon receiving a log out message, Network Configuration Manager triggers the configuration backup of that network device. This is because whenever someone logs out of a device, there's a possibility that person made a change in the config file of that device.
- This backed-up configuration file is then compared to the latest configuration version of that device and is checked for any changes.
- If any change is detected, the backed up configuration file is encrypted and stored in Network Configuration Manager's database.
- If no change is detected, the backed-up file is discarded.
Real-time change notifications for Network devices
Manually checking every configuration to see if a change was made is an impossible task. Network Configuration Manager simplifies manging configurations by providing real-time notifications via:
Email: Here, you can specify which email you want these notifications to be sent to. You can provide more than one email address. You can also edit the subject as well as the content in the notification. Using distinct subject lines helps with quickly identifying notifications while looking through your inbox.
SNMP traps: It's best to alert your network monitoring solution about changes made to your devices. Network monitoring solutions are alerted about changes using SNMP traps. Using Network Configuration Manager, you can send SNMP traps to your network monitoring application. As shown below, you can configure the IP address/hostname, destination port and community (private/public) for the SNMP traps.
Syslog messages: When a change is made in the devices associated, the syslog server triggers syslog messages. If these changes were made to a security device or a core router, then the syslog message has to be sent to SIEM applications. With Network Configuration Manager you can configure syslog messages to be sent to SIEM applications from the NCM server.
Trouble tickets: Network Configuration Manager sends notifications in the form of trouble tickets to the operator in charge of a particular device or a device group. You can configure trouble tickets to be sent to your ticketing tool, with a custom message.
Rollback: In vulnerable and critical devices such as core routers or firewalls where do not want any changes to be made, you can set up a rollback mechanism. You can set the device to revert to its previous version or the baseline configuration every time a change is made.
Benefits of Real-Time change detection in network configurations
Proactive change management:
Real-time change detection helps the administrator detect changes immediately. It also gives a detailed report about who made the change
, whether it's an authorized change or not, and what exactly the change was. This gives admins better visibility into their networks and helps them manage the network efficiently.
Revert unwanted changes: Real-time change tracking allows admins to revert unwanted changes in critical devices before they affect the functioning of that network device. As soon as a change is detected, the admin can decide on the spot if the change is necessary or not. This helps avoid possible network outages and reduces downtime in network devices.
Color-coded change differentiation:
When a change is detected, the admin can view what the changes are using the diff-view.
Using diff view, the administrator can view the deleted, added, and modified configuration lines which appear in various different colors that make them easy to identify.
Reports on configuration changes: Configuration change reports provide the date, time, and other details of a change.
You can apply filters and view reports on a particular device or a device group. For example, if you want to view changes made in a Cisco device group, you can apply filters and view a change report on Cisco devices alone. Network Configuration Manager also enables users to export reports in PDF format.