Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Network Automation and Compliance (NetMRI)

Reply

NetMRI config explorer: How does NetMRI calculates last checked timestamp?

[ Edited ]
New Member
Posts: 5
12018     0

I have looked into the documentation but didn't find the answer. Also can this value be available via API?

 

Any suggestion on the timestamp when NetMRI detects no config change? I have looked into Last Collected Timestamp but it only tells when was last config was pulled from the device. And doesn't say time if NetMRI connected to the device and no config change detected.

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

[ Edited ]
New Member
Posts: 5
12018     0

  

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

New Member
Posts: 5
12018     0

By default, NetMRI will check to see if a device’s configurations have changed once per hour. This is done by logging into the device via the CLI (i.e. telnet or ssh), downloading the configs and comparing them to the previously downloaded configs to see if they have changed.

 

You can check the frequency of configuration collection in UI. (Settings > Setup > Device Collection Status > on search bar type config, you can see the config collection frequency for different devices.)  This is a cyclic process that happens at the background

 

Whenever the check happens "Last Checked timestamp" would be updated and if a change is found the new config file is saved and the "Last Collected timestamp" would be updated. You could find these under Device Viewer > Configuration Management as shown below

 

conf.png

 

 

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

New Member
Posts: 5
12018     0

Thank you for your detailed explanation.

Is there API available to collect Last checked timestamp? if yes then which API collects this?

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

Superuser
Posts: 115
12018     0

start with 

 

/api/3.1/devices/

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

https://sifbaksh.com

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

New Member
Posts: 5
12018     0

This API includes following timestamps-

 
<DeviceFirstOccurrenceTime type="datetime">2018-11-16 13:36:47</DeviceFirstOccurrenceTime>
<DeviceStartTime type="datetime">2018-11-21 16:28:07</DeviceStartTime>
<DeviceTimestamp type="datetime">2018-12-04 03:14:55</DeviceTimestamp>
 
Out of these three DeviceFirstOccurrence and DeviceStartTime names are self explanetory. What does DeviceTimestamp mean?
 
In any case these doesn't match with last checked timestamp in the UI.
 

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

Expert
Posts: 69
12018     0

Just to expand on this a bit...  For Cisco IOS, IOS-XE, and NX-OS devices, NetMRI will collect the three timestamps from the SNMP OID ccmHistory.  If ccmHistoryRunningLastChanged > ccmHistoryRunningLastSaved, a new collection is required.  Only then will it login via the CLI and retrieve the running and startup configs.  It will then compare those to the previous saved revision.  If a difference is found, the new revision is stored.  I forget the frequency of polling for ccmHistory but it's much more often than once/hour.

 

For devices that do not support ccmHistory, a CLI collection is the only way to determine if the config has changed.  I thought that had been every 1.5 hours but it may now be hourly.

 

Finally, NetMRI monitors syslog messages sent to it by devices.  Based on the device vendor/type/model, it will match on the expected string in the received message to look only for ones involving a config change.  E.G., for IOS: "...CONFIG...".  A match will cause a new collection to be queued for the device.  For Cisco devices, the log message includes the username which performed the change.  That will be stored along with the new revision -- very useful for audit purposes.  Without the syslog message, there is no record of which user made a change.

 

For IOS(-XE) devices, we add a "logging discriminator" filter in the device config so that only the "CONFIG" messages get sent to NetMRI.

 

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

New Member
Posts: 5
12019     0

Thanks for your detailed explanation. So Last Checked Timestamp gets updated with each of these methods (SNMP, CLI and syslog detection of config chage)?

Re: NetMRI config explorer: How does NetMRI calculates last checked timestamp?

New Member
Posts: 2
12019     0

That's pretty simple!

Showing results for 
Search instead for 
Did you mean: 

Recommended for You