How do you keep track of all server and network config changes?
April 11, 2012 9:20 AM   Subscribe

Help me find a way to keep track of server configuration changes and updates!

I'd like to come up with a good way to keep track of any configuration changes to servers, network equipment, etc. Changes I'd like to keep track of:
- Cisco network config changes: I'd like to have the before and after config files saved and dates etc. I realize this will rely on the server administrator actually having to upload the files, but that's ok (unless there is an automated way - but it also needs to be able to keep track of:)
- Windows servers configuration changes, including registry edits, service pack updates, etc.
- Other server related changes (email, Barracuda, etc.)

Really what I want is just a simple way to upload these files (or be able to list specific changes), make a note of who, when, why.

I don't know enough about version control systems to know if they would work or be too much trouble to configure vs. a homegrown PHP/mySQL solution. (We're just 2 IT people in an organization of about 350). We've already coded our own calltracking type service request logging software.

posted by bellastarr to Computers & Internet (4 answers total) 4 users marked this as a favorite
Best answer: Set up a ticket system. My recommendation would be Redmine with a custom approval workflow, or OTRS. Get your call tracking stuff in here too.

For your Cisco kit, you want to set up RANCID. Have it email differences to your ticket system for review.

For Windows, you don't really want to monitor registry changes -- that thing changes like crazy. I'd write powershell scripts to grab the components you want, or get a Microsoft partnership and leverage a copy of System Center Configuration Manager. Alternatively, you could use something like Chef.

With other servers, use Chef where you have console access, or for things like the cuda, regularly export your config and do a diff like RANCID. Funnel all the alerts into your central tracking tool.

Give some thought to how you'll make sure your tools are still working. Should you receive an email from each check every day, even if nothing has changed? If so, it might behoove you to tie Nagios in to your tracking database and query to ensure that you have received what is expected.
posted by bfranklin at 9:32 AM on April 11, 2012

RANCID, definitely, for your network stuff. If RANCID doesn't work for you for some reason, or if you want to home roll your stuff, consider using SNMP to trigger config TFTP downloads. Here's a link to a cisco page about it. That coupled with rcs or cvs or subversion or whatever, and you've got your config change history.

Check out RT for ticket wrangling.
posted by rmd1023 at 9:59 AM on April 11, 2012

seconding RMD on a revision-control backed configuration management system for any text-based configuration. RANCID is good for network gear. Puppet is good for everything else (and an option in wider use than Chef.)
posted by namewithoutwords at 10:23 AM on April 11, 2012 [1 favorite]

RT is a great ticketing system, even if only used internally in your department.

Using subversion or another version control system is a sweet way to track config changes. A sysadmin here just set it up so Solaris Zones self-document their configs and then check any new ones into subversion.
posted by wenestvedt at 11:23 AM on April 13, 2012

« Older How do I moth-proof my closet?   |   Help two New Yorkers navigate 3 days in Chicago Newer »
This thread is closed to new comments.