Managing IOS Configuration Snippets
Mark Tinka
mark.tinka at seacom.mu
Thu Feb 27 07:45:34 UTC 2014
We are evaluating a piece of software called Skybox:
http://www.skyboxsecurity.com/
It's geared to security analytics, but it does allow you to
define configurations that are expected on a device, what
software version it is running, whether commands that aren't
there are, and those that should be there aren't, e.t.c.
It supports all major network equipment vendors, and also
allows for simple or complex regular expressions that can be
used to search configuration files more easily.
It is an offline system, so all you do is regularly present
it with a text file of the device's running configuration,
and it will do the necessary checks per the policy you have
defined.
Based on the configuration files it has, it can also create
a visual model of your network. Not something you'd rely on
given you have other tools for that, but kind of cool,
nonetheless.
Worth a look, I'd say.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140227/93831630/attachment.sig>
More information about the NANOG
mailing list