Configuration changed but not saved-paloaltonetworks-panos

error
best-practices
panos
paloaltonetworks
Configuration changed but not saved-paloaltonetworks-panos
0

#1

Configuration changed but not saved-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert if the configuration was changed on a device, but not saved.

Remediation Steps:
Log into the device and save the configuration.
Log into the device’s web interface and click on the Commit button.

How does this work?
This alert logs into the Palo Alto Networks firewall through SSH and retrieves the difference between the committed configuration and the saved configuration. If a change is found, an alert is issued.

Why is this important?
After changing the configuration of a device it is always important to remember to commit the changes. In the case of Palo Alto Networks, without committing the changes they will not take effect. A common issue is when an administrator makes certain changes, does not commit them, and walks away. Another administrator will log on later, make their own changes and commit them. In the process, they will be committing the other administrator’s changes, potentially causing issues.

Without Indeni how would you find this?
The web interface on a Palo Alto Networks firewall provides an indication of whether or not there is a change which requires committing. Failing to notice that, a user would run into the problem described above.

panos-show-config-diff

#! META
name: panos-show-config-diff
description: check to see if there's a difference in configuration (between the saved config and the committed config) 
type: monitoring
monitoring_interval: 15 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall

#! COMMENTS
config-unsaved:
    why: |
        After changing the configuration of a device it is always important to remember to commit the changes. In the case of Palo Alto Networks, without committing the changes they will not take effect. A common issue is when an administrator makes certain changes, does not commit them, and walks away. Another administrator will log on later, make their own changes and commit them. In the process, they will be committing the other administrator's changes, potentially causing issues.
    how: |
        This alert logs into the Palo Alto Networks firewall through SSH and retrieves the difference between the committed configuration and the saved configuration. If a change is found, an alert is issued.
    without-indeni: |
        The web interface on a Palo Alto Networks firewall provides an indication of whether or not there is a change which requires committing. Failing to notice that, a user would run into the problem described above.
    can-with-snmp: false
    can-with-syslog: false

#! REMOTE::SSH
show config diff

#! PARSER::AWK
BEGIN {
	unsaved=0
}

# If there's a "@@" or added ("+") or removed ("-") line, then there's a difference.
/(@@|\+|-)/ {
	unsaved=1
}

END {
	writeDoubleMetricWithLiveConfig("config-unsaved",null,"gauge",300,unsaved, "Configuration Unsaved?", "boolean", "")
}

cross_vendor_config_unsaved

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.EndsWithRepetition
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, StateDownTemplateRule}
import com.indeni.apidata.time.TimeSpan

/**

case class cross_vendor_config_unsaved(context: RuleContext) extends StateDownTemplateRule(context,
  ruleName = "cross_vendor_config_unsaved",
  ruleFriendlyName = "All Devices: Configuration changed but not saved",
  ruleDescription = "Indeni will alert if the configuration was changed on a device, but not saved.",
  metricName = "config-unsaved",
  alertIfDown = false,
  alertDescription = "The configuration has been changed on this device, but has not yet been saved. This may result in the loss of the new configuration during a power cycle or device reboot.",
  historyLength = 2,
  baseRemediationText = "Log into the device and save the configuration.")(
  ConditionalRemediationSteps.VENDOR_CP -> "In clish, run \"save configuration\".",
  ConditionalRemediationSteps.VENDOR_CISCO -> "For IOS, use \"write\", for NX-OS use \"copy running-config startup-config\".",
  ConditionalRemediationSteps.VENDOR_PANOS -> "Log into the device's web interface and click on the Commit button.",
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Check that there are not unsaved configuration changes by running the "show running-config diff" NX-OS command
      |2. Log into the device and save the configuration with the "copy running-config startup-config" NX-OS command
      |3. Consider creating snapshots of the configuration by utilizing the Checkpoint and Rollback NX-OS features. The NX-OS checkpoint and rollback feature are extremely useful, and a life saver in some cases, when a new configuration change to a production system has caused unwanted effects or was incorrectly made/planned and we need to immediately return to an original/stable configuration.
      |4.  For more information about checkpoint and rollback NX-OS features please review  the following article:
      |http://www.firewall.cx/cisco-technical-knowledgebase/cisco-data-center/1202-cisco-nexus-checkpoint-rollback-feature.html""".stripMargin
)
  
  */