From e5edfa7b8d8ab50a6a8387e48a2bf646d927a6fd Mon Sep 17 00:00:00 2001 From: NetDev Date: Sun, 12 Apr 2020 15:33:56 -0400 Subject: [PATCH] commit --- README.md | 8 ++++---- docs/installation.md | 36 ++++++++++++++++++------------------ env_variables.py | 2 +- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index d79b0e5..3301cac 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # Cisco Configurations Changes Logger -This tool is compose of three tools working toguether in order to acomplish one goal, wich is to post configurations changes on a Webex Channel +This tool is composed of three tools working together to accomplish one goal, which is to post configurations changes on a Webex Channel #### Components 1. Syslog-NG # OpenSource tool to receive syslogs and forward them to other destinations. - 2. Conf_bk # Tool creates linux cron jobs to backup the devices configurations and save them locally on the server. - 3. Logger # Tool that listens for incoming messages containing the message "Configured" and then triggers a workers to check what changed. + 2. Conf_bk # Tool creates linux cron jobs to backup the device configurations and saves them locally on the server. + 3. Logger # The tool that listens for incoming messages containing the message "Configured" and then triggers a worker to check what changed. ![](docs/images/proccess_flow.jpg) @@ -14,7 +14,7 @@ The tool takes advantage of the syslog that Cisco network devices send when a co *Apr 12 17:02:38.407: %SYS-5-CONFIG_I: Configured from console by console -When the Cisco device sends this logs to the server running this tool it will trigger a python worker to go and check the configurations and comparate with the archive it has on file, afterwards will do a post to Webex Space as the one below. +When the Cisco device sends this logs to the server running this tool it will trigger a python worker to go and check the configurations and comparate it with the archive it has on file, afterwards it will do a post to Webex Space as the one below. ![](docs/images/webhook_post.png) diff --git a/docs/installation.md b/docs/installation.md index 259f279..127ec6a 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -1,7 +1,7 @@ # Installation Guide -### 1.The first step is start by installing git and python3, if your system has it already the ignore this step. +### 1.The first step is to start by installing git and python3, if your system has it already then ignore this step. ``` sudo apt install git -y ! @@ -10,7 +10,7 @@ sudo apt-get install python3 -y sudo apt-get install python3-pip -y ``` -### 2.Once git is install please clone the repo into the following directory /opt/ +### 2.Once git and python3 are installed please clone the repo into the following directory /opt/ #### Jump into sudo user and do not exit since everything will be installed under the root user. @@ -20,7 +20,7 @@ sudo su git clone https://github.com/NetDevLazg/cisco-conf-log.git ``` -### 3.We will start by updating the enviroment varaibles under the file "env_varaibles.py". Please make sure you update the following variables. Dont worrie just yet about the WEBEX_WEBHOOK URL. +### 3.We will start by updating the environment variables under the file "env_varaibles.py". Please make sure you update the following variables. Don't worry just yet about the WEBEX_WEBHOOK URL. 1. cisco_username 2. cisco_password @@ -28,7 +28,7 @@ git clone https://github.com/NetDevLazg/cisco-conf-log.git ### 4.After the env_varibales are updated we will update the "schedules.yml" file with the devices you want to backup the configurations. Please note the configs will be saved on /opt/cisco-conf-log/conf_bk/config_backups/ -#### NONE: Please note that the cron time below means it will download the config every 5 minutes. Please adjust accordingly. If your only testig with a few devices then just leave as is and it will download the configs every 5 min. +#### NONE: Please note that the cron time below means it will download the config every 5 minutes. Please adjust accordingly. If your only testing with a few devices then just leave as is and it will download the configs every 5 min. #### If need help with the cron time you can use this tool: https://crontab-generator.org/ ```schedules: @@ -50,26 +50,26 @@ git clone https://github.com/NetDevLazg/cisco-conf-log.git NXOS-SWITCH1: 10.199.199.10:cisco_nxos ``` -### 5. Now we will proceed and install some system requierements and python3 library along with the config backup tool. +### 5. Now we will proceed and install some system requirements and python3 library along with the config backup tool. #### Run the following command: ``` sudo ./conf_bk_setup.sh ``` -#### At this point you need to check that the root cron jobs have been modified and that the system is downloading the device configurations and being saved. To check the root cron jobs use the following command while being under the root user : crontab -l +#### At this point, you need to check that the root cron jobs have been modified and that the system is downloading the device configurations and being saved. To check the root cron jobs use the following command while being under the root user: crontab -l -#### If you setup the tool to backup the configs over night or on a specific date/time please wait untill you see this is working before proceeding. +#### If you set up the tool to backup the configs overnight or on a specific date/time please wait until you see this is working before proceeding. -### 6. At this step you have confirmed that the tool is backing up the configs at the desire time. So now we will proceed and install the logger. The logger is the one that will trigger a python worker to comprate the configs between the device and the backed up configs. On this step you wont see anything yet because we still need to send syslogs to this server from the devices so not to worrie. +### 6. At this step, you have confirmed that the tool is backing up the configs at the desired time. So now we will proceed and install the logger. The logger is the one that will trigger a python worker to compare the configs between the device and the backed up configs. On this step, you won't see anything yet because we still need to send syslogs to this server from the devices so do not to worry. -### Lets start by creating a Webex Space, This step I wont demostrate but if you use Webex and pretty sure you know how create a space. +### Let's start by creating a Webex Space, This step I won't demonstrate but if you use Webex and pretty sure you know how to create a space. #### To create the Webhook go to the below page, once there click on Connect and log in with your creds: https://apphub.webex.com/teams/applications/incoming-webhooks-cisco-systems -#### Scroll down and give the Webhook a name and assign it to the space created. Below a link will appear and thats the one you need to copy and update the file "env_variables.py" +#### Scroll down and give the Webhook a name and assign it to the space created. Below a link will appear and that's the one you need to copy and update the file "env_variables.py" ### 7. To install the logger make sure you are on the directory /op/cisco-conf-log/ then run the following command: ``` @@ -77,13 +77,13 @@ sudo ./logger_setup.sh ``` #### After the installation is done you should be able to verify using the following command: -#### By default the logger listens for messages on port 10000 +#### By default, the logger listens for messages on port 10000 ``` systemctl status cisco-conf-log ``` -### 8. Now the time to install the syslog receiver, We will use a tool called syslog-ng. In order to install the tool please do the following from the directory /op/cisco-conf-log/ +### 8. Now the time to install the syslog receiver, We will use a tool called syslog-ng. To install the tool please do the following from the directory /op/cisco-conf-log/ ``` sudo ./syslog_ng_setup.sh @@ -91,35 +91,35 @@ sudo ./syslog_ng_setup.sh #### This bash script will install the syslog-ng tool and will automatically create a syslog forward for incoming syslog messages on port UDP 514 and UDP 518 for Nexus devices. -#### NOTE: If you have firewall enable on the Ubuntu VM please make sure to allow port 514 UDP and 518 UDP +#### NOTE: If you have a firewall enabled on the Ubuntu VM please make sure to allow port 514 UDP and 518 UDP ``` sudo ufw allow 514/udp sudo ufw allow 518/udp ``` -### 9. Last step is now to configue cisco IOS and Cisco NXOS devices to send syslog information to this new server. +### 9. The last step is now to configure Cisco IOS and Cisco NXOS devices to send syslog information to this new server. #### Cisco IOS needs to send the syslog on the default port 514/UDP #### Cisco NXOS needs to send the syslog on port 518/UDP #### Example: Cisco IOS -### Please note that the ip being use is of a device in my lab, use your server IP. +### Please note that the IP I am using is of a device in my lab, use your server IP. ``` logging buffered informational logging source-interface Loopback1 logging host 10.102.1.162 ``` #### Example: Cisco NXOS -### Please note that the ip being use is of a device in my lab, use your server IP. +### Please note that the IP I am using is of a device in my lab, use your server IP. ``` logging source-interface loopback1 logging server 10.102.1.162 6 port 518 use-vrf default no logging rate-limit # some Nexus' dont support this command anymore ``` -#### You can verify that the server is receiving the logs by checking the cisco-conf-log proccess "systemctl status cisco-conf-log" +#### You can verify that the server is receiving the logs by checking the cisco-conf-log process "systemctl status cisco-conf-log" -#### Below is an example of how the message in webex will look. +#### Below is an example of how the message in WebEx will look. ![](images/webhook_post.png) \ No newline at end of file diff --git a/env_variables.py b/env_variables.py index d3ddf46..d5263e0 100644 --- a/env_variables.py +++ b/env_variables.py @@ -1,7 +1,7 @@ # Update with Server IP or Leaves as is if you want to automatically select the Server IP. SERVER_IP = "0.0.0.0" -# Update the port you want to server to listen on or leave as is to use the below port. +# Do not Modify SERVER_PORT = 10000 # Must Update with your Webex Webhook Link