Applicable to Entuity v19.0 upwards. If you are using an earlier version of Entuity, please see this article.
Out of the box, Entuity's configuration monitoring works using a file server. Entuity provides a TFTP server to install for Windows. A TFTP server is available as standard for Linux. Although configuration monitoring can make use of TFTP, FTP, SCP and RCP servers, this article will focus on using a TFTP server.
Please find below a brief summary of Entuity's configuration monitoring and some troubleshooting suggestions if any issues arise during the procedure.
Summary of the procedure:
- Configuration monitoring relies on obtaining copies of configuration files - a running file (how it's currently configured and running) and a startup (saved) file (in its flash memory, used if the system is rebooted).
- By default, Entuity archives 4 different versions of the files going back in time. This figure is configurable. Each entry is a pair of files - the running file and the startup file.
- The system looks for changes between the current pair of files and those in the archive. If Entuity finds there to be a significant difference between the current pair of files and the most recent pair of saved files, it will put the new pair of files in the archive. A timestamp change, for example, is not considered significant, but other changes are.
Details of the procedure:
The configuration files are taken from the device in question and transferred to the Entuity server:
- This procedure is initiated from Entuity. This relies on the script engine logging in to the device CLI in question, negotiating through the necessary prompts and commands, to then cause the running and startup files to be written to the TFTP server.
- By default, the running and startup files land in the home directory of the TFTP server (the TFTP server is actually a process running on the Entuity server). By default, these are placed into the cm_transfer directory by the TFTP server.
- When Entuity sees the files in the directory, it initiates the check to see if there's a difference between the running configuration file that has just been uploaded and the most recent running configuration file saved in the archive, and the saved configuration file that has just been uploaded and the most recent saved configuration saved in the archive. If there is a significant difference between them, Entuity will then check if the archive is full (and if so, will delete the oldest pair of files in the archive), and will then move the newly uploaded files into the cm_archive directory, which is also on the Entuity server.
- When the files are moved to the archive directory, they disappear from the transfer directory. If there is no significant difference between the newly uploaded pair of files and the most recently saved pair of files in the archive, the newly uploaded files are simply deleted from the transfer directory. Therefore, within a few seconds, there will no longer be files in the transfer directory.
Different types of file retrieval:
There are 3 types of retrieval:
- change-based retrieval (only available for Cisco devices). Every 5 minutes, this will automatically check the last update time for the running and startup files.
- nightly retrieval.
- manual retrieval.
Possible issues that might arise:
Config Management credentials
Nothing will happen unless the script engine can successfully log in to the device. This requires configuration management credentials to be added to the device, either locally or as part of a credential set.
Config Management credentials can be specified for a device when adding or modifying it, and shared credential sets can be specified via asset credential management. You can also edit Config Management credentials directly from the Configuration Monitor Settings form.
Without Config Management credentials, the Check Configuration Now button will be greyed out and unavailable on the Device Configuration dashlet of the Configuration Monitor dashboard:
It will become available once the Config Management credentials have been specified for the selected device and you set the Transfer Method in the Configuration Settings dashlet to TFTP. If you've followed these steps and the button is still unavailable, please refresh the page.
Some devices, particularly Cisco devices, have different login privileges. For example, if you have a low privilege login, you will not be able to upload configuration files. Therefore, you will need an account capable of performing the configuration file upload. In Cisco devices, you need an administrative account capable of using the Enable mode.
Some devices are configured so that Enable mode is automatically accessed with the original login password. If the account is not configured directly to Enable mode, then you will need to enter 2 passwords.
Causes of configuration task failure
When you click Check Configuration Now, this starts a Configuration Management task. The Configuration Status dashlet should update after a few minutes, and if you want to see further information, you can navigate to the Configuration Management page via Administration to see the task history (which will include the task that you've just started).
On this page, you can view details of why tasks have failed. Select the task and click Details at the top of the page (or via the Overflow Menu or right-click Context Menu).
On the Details for Task page, click Details to drill down into the specifics of the failure.
An example of a cause of failure might be a failure to log in. One way to fix this is access the Remote Terminal for the device, which in some cases might tell you that the device does not have a login set up. If you cannot log in to the device through the Remote Terminal, then the script engine itself will not be able to do so either, because the script engine is simply automating what you can manually do yourself.
If you have been able to log in, you can manually issue the command to copy the running configuration to the cm_transfer directory. This is useful to prove that many steps in the procedure are possible. For example, if the manual transfer had been blocked by a firewall, then you would need to address either a firewall in the network or the configuration of a firewall in the Entuity server.