Submit a ticketCall us

AnnouncementsSystem Monitoring for Dummies

Tired of monitoring failures disrupting the system, application, and service? Learn the key monitoring concepts needed to help you create sophisticated monitoring and alerting strategies that can help you save time and money. Read the eBook.

Get your free eBook.

Home > Success Center > Network Configuration Manager (NCM) > NCM - Knowledgebase Articles > Configure Real-time Configuration Change Detection Based on Syslog Messages

Configure Real-time Configuration Change Detection Based on Syslog Messages

Table of contents

Updated September 25, 2018

Overview

This article shows a simplified procedure in configuring Real-time Configuration Change Detection based on Syslog in NCM.

For more detailed information, see Configure real-time change detection in the NCM Administrator Guide.

Environment

NCM, all supported versions

Steps

All devices must be configured to send Syslog messages relevant to when a user leaves from a configuration mode, to your Orion server. 

 

  1. Go to Start > All Programs > SolarWinds > Syslog and SNMP Traps > Syslog Viewer.
  2. Verify syslogs are being received  by the Syslog Viewer relevant to a configuration modification.

    For example, a Cisco IOS device will send a SYS-5-CONFIG_I Message Type when a user exits config mode.

    The Message should contain *configured from console*.

  3. Enable NCM Rule: Cisco IOS Realtime Change Notifications by going to Syslog Viewer > View > Alerts/Filter Rules.
  4. Go to Web Console > Settings >  NCM Settings > Configure Real-Time Change Detection and complete the rest of the steps regarding email notifications and SMTP server.
  5. Verify is RTCN is enabled.
  6. Modify a configuration on one of your devices and check whether the change detection works. When a change is detected, aside from getting email notifications, you should be able to see new entries on the Last X Config Changes resource on the NCM Config summary page.
  7. If Email is set up to send if the event a change is detected, an email will only be sent if there is a change detected and is not a validation the rule was successful.

 

 

 

Last modified

Tags

Classifications

Public