I have been using RANCID to monitor my Cisco routers and switches for changes to their configurations. If you’re not familiar with RANCID, linuxhomenetworking.com has a very detailed tutorial that shows how to setup RANCID on Fedora Linux.
I was hoping to use RANCID to monitor for changes to my 3com 4050 and 4060 building level core switches, as well as some 3com 4400 and 4200 edge switches, but was unable to find a way to make that happen. Instead, I did the following to dump each switch’s configuration:
1) Setup a TFTP server to listen on a local administrative workstation
2) Establish a SSH (or telnet) connection to the switch on the local administrative workstation
3) Authenticate to the switch as an administrative user
4) Run the following command to dump the switch’s configuration to a text file
system backupConfig save tftpWorkstationIP OutputFileName notes
where
- tftpWorkstationIP is the IP address of the administrative workstation running the TFTP server
- OutputFileName is the name of the file you want to dump the switch’s configuration to
- Notes is a generic text field where you can note specifics about the configuration, and is optional
My specific command to backup one of my switches is:
system backupConfig save 10.0.0.234 3com4400.txt 4400backup
This saves the switches configuration in the 3com4400.txt file, noting it is a 4400backup, to the TFTP server running on my administrative workstation with an IP address of 10.0.0.234. Note that when you dump the configuration, no security related settings are included, such as user names, passwords, SSH information, etc.
To take this to the next level, I have directories setup for every day of the week, and I have scheduled tasks that use the above methodology to dump each switch’s configuration daily to the appropriate directory. I then use Powershell compare-object cmdlet to compare the contents of each file to see if anything has changed from the previous day’s configuration. The Powershell syntax I use is:
compare-object $(Get-content 4400-1.txt) $(Get-Content 4400-2.txt)
where
- 4400-1.txt is the name of the first file to compare
- 4400-2.txt is the name of the second file to compare
My specific results returned by the compare-object cmdlet look like:
InputObject SideIndicator
----------- -------------
#<usernotes>backud</usernotes> =>
#<usernotes>backup</usernotes> <=
This shows the differences in the two lines, where I changed the spelling of the work backup to backud. You can also use the -includeequal option, which returns the entire contents of each line and presents them side by side and characterizing them as equal or different.
You could also use the comp command, which is built into Windows to accomplish the same thing.
To use the built in Windows comp command to compare the contents of two files:
comp file1 file2 /L
- where file1 is the name of the first file
- where file2 is the name of the second file
- and /L will provide the line number where the files are different