Common Config Monitoring

Common Config monitoring is an approach that uses a variety of collection types to identify the most reliable method a device supports. Coverage is typically focused on collection types that use variations on SSH style protocols. For example, SCP, SFTP, and SSH EXEC. The Common Config approach uses multiple PropertySources in a sequence and has some characteristics unique to this suite of modules.

1. A device or brand-specific PropertySource, such as Cisco_Generic_Configs, applies host properties of collection information specific to each device. These provide subsequent steps of the process information specific to the kind of device you are working with.
2. A number of “check” PropertySources run and attempt various collection types using the host properties applied. Upon the first successful collection a further host property is added, indicating a success. This stops less reliable checks from running and applying.
3. With the host now containing a list of device-specific collection information – and a property representing what is believed to be the most reliable collection method – the matching “common” ConfigSources apply. Common ConfigSources share code and get their device-specific collection instructions from the host properties that are applied through the vendor-specific config related PropertySources. For more information, see LogicModules in Package.

Requirements for Common Config Monitoring

• The minimum collector version supported is 28.606. This is due to a requirement on the SSHJ library added in that version.
• Install the Common Config LogicModules. For more information, see LogicModules in Package.

Common Config Custom Properties

The following custom properties must be set on the device resource within LogicMonitor. For more information on setting properties, see Resource and Instance Properties.

Authentication Properties

Property	Value	Required
config.user/ssh.user/telnet.user	User that is used for authentication	Yes
config.pass/ssh.pass/telnet.pass	Password that is used for authentication	Yes
ssh.cert/ssh.publickey	Path of the key used in authentication	No
ssh.enable.pass	Password used for privilege escalation during interactive SSH	No
ssh.port	Port used for SSH connections (Default : 22)	No
config.hostname	An alternate host used in place of system.hostname	No

Prompt and Command Properties

Property	Value	Required
config.prompt	A user-specified prompt line to search for, rather than finding one automatically	No
config.pty	A user-specified PTY type (Default : vt100)	No
config.filter	Regex used to filter the output.For example, this may be used to filter MOTD messages or personal information.	No
config.custom.response	Custom responses to regex lines in a comma-separated Line=>Response format.For example: Please Enter a to Continue=>a	No
config.commands.formatting	A comma-separated list of commands sent prior to the main command.For example, you can format the CLI to ignore pagination. Note: These logs are not automatically deleted and must be deleted manually.	No
config.commands.standard	Specify comma-separated key value pairs for instances that you want to monitor.For example: show config=Config,show inventory=Inventory	No
config.commands.dynamic	Specify comma-separated key value pairs for instances that you want to collect, but not alert on, even if they change.	No
config.logs.permanent	When set to true or 1, this property adds regular permanent logging to common configs collected with pseudo interactive methods (ssh, telnet, etc). These logs can be used for diagnostics. Logs are written to the /logs/ConfigStats/ directory Note: These logs are not automatically deleted and must be deleted manually.	No
config.tolerance.drop	When set, this value will cause configs that drop in size by an amount larger than the prop specified to error out instead of returning. Note: This is useful for filtering fluctuations in devices from the UI Diff.	No

Properties to Control Protocol Used

You can use properties to define a single protocol for a device. This prevents other protocols from being attempted. For Telnet, you must use a property and value, as no other protocols are relevant and should not be attempted.

Protocol	Property	Value	Required
Telnet	config.type.telnet	If set to “1” or “true”, forces Interactive Telnet collection for the device, bypassing checks.	Yes
SCP	config.type.scp	If set to “1” or “true”, forces SCP as the collection type for the device, bypassing checks.	No
SFTP	config.type.sftp	If set to “1” or “true”, forces SFTP as the collection type for the device, bypassing checks.	No
SSH EXEC	config.type.exec	If set to “1” or “true”, forces SSH EXEC as the collection type for the device, bypassing checks.	No
SSH	config.type.interactive	If set to “1” or “true”, forces Interactive SSH collection for the device, bypassing checks.	No

Migration from Legacy LogicModules

The following vendor-specific ConfigSources have been deprecated in favor of Common Configs, which is the supported approach for network device Configuration Monitoring. If you are currently monitoring configs using any of these legacy ConfigSources, you will not experience data loss upon importing the new modules. However, you will collect duplicate data and receive duplicate alerts for as long as both sets of ConfigSources are active. For this reason, LogicMonitor recommends that you disable the legacy ConfigSources after importing the new set of ConfigSources and confirm that they are working as intended in your environment. Common Config monitoring provides a more reliable method for collection of generic or general purpose configs through existing stable collection types. However, LogicMonitor recognizes that there are devices with special circumstances that may require a more traditional approach.

• Arista_EOS
• Aruba_WirelessController
• Cisco_IOS
• Cisco_NXOS
• Cisco_Viptela
• Cisco_WLC_RunningConfig
• Cisco_WLC_SystemConfigs
• Citrix_Netscaler
• Dell_Networking
• Fortinet_FortiOS
• HPE_Network_Config
• Juniper_JUNOS
• PaloAlto_FW_CLIConfigs

Common Config Checks and Active Discovery

The Common Config modules use a series of checks to identify the most reliable collection method. The initial application can take up to 48 hours to complete. You can force Active Discovery for a device to speed up this process if faster results are required. For more information, see What is Active Discovery.

Config Metrics DataSource

This suite of modules provides a DataSource (LogicMonitor_ConfigSource_Metrics) to monitor its execution. Once instances have been created, this module can be used to identify and diagnose issues such as collection times close to or exceeding timeout, config sizes larger than configured limits, and sporadic collection. If you experience issues with config monitoring, LogicMonitor recommends that you look at this DataSource during troubleshooting to verify whether the issue relates to any of these metrics monitored.

Troubleshooting

Collection Preference for Common Config Monitoring

The collection preference is indicated by the number included in the ConfigCheck module names, with 1 being the most preferred collection method, displayed in the following:

• ConfigCheck_1_SFTP
• ConfigCheck_2_SCP
• ConfigCheck_3_Exec
• ConfigCheck_4_Interactive
• ConfigCheck_5_Telnet

Permission Issues

Collecting configuration differences with a ConfigSource requires that the account used has permission to run all commands that are required to collect uninterrupted config data. Disabling paging on a resource is sometimes required when LogicMonitor cannot automate paging in a standard way.

Paging Failures

Interactive SSH, SSH Exec, and Telnet based ConfigSources contain best effort methods to handle paging, but paging failures can occur on some resources preventing collection of configuration differences.

If collection does not work, or fails when the resource starts paging to collect configuration differences, then standard paging is not compatible and a custom property is required.

If configuration collection does not work without adding formatting commands to a custom property, do the following to mitigate the failures: 

• Log in to the resource using the credentials assigned to the resource from the collector monitoring. This ensures there is no communication access issue.
• Run all the commands needed to collect the config uninterrupted by paging. Then, add all those required commands to a custom property on the resource, adding those commands to the config.commands.formatting resource property.
• The credentials used must have permissions to run all commands that are in the config.commands.formatting property.

Cisco WLC 9800 Scenario

If SFTP/SCP based collection is not possible then to avoid paging and timeout issues you must enter custom commands into the config.commands.formatting property. To disable paging, complete the following post-login steps after commands are run:

1. Execute a custom formatting command sourced from config.commands.formatting. This command should adjust the user’s permission level to enable them to disable paging. For instance, if the initial command fails, use enable 15.
2. Execute the following command to disable paging. You can use either terminal length 0 or config paging disable.
3. Switch the user mode to one with sufficient permissions to view the configuration. For example, Cisco IOS 17.6 or later requires privileged exec mode to disable paging. Ensure the configuration is collected using the command “show running-config” from the privileged exec (#) prompt, not the non-privileged exec (>) prompt.
4. After collecting the configuration, revert the resource settings to their original state. If necessary, adjust the permission level from 15 to a lower value. If paging needs to be re-enabled due to other account requirements, add a command for this in the custom property. Use a dedicated monitoring account unused by regular users, and leverage the most restrictive yet functional permission settings.

Global Settings

When using SSH, SSH exec, or Telnet, configuring global settings may be necessary (for example, disabling paging from privileged exec mode). If global settings are changed, consider reverting them after collection, especially if other users access the interface. For example, if a user disables “terminal length 0” using SSH or Telnet, collection might fail unless LogicMonitor consistently sets it during each collection using the configured list of commands that are run from the config.commands.formatting resource property.

LogicModules in Package

LogicMonitor’s package for Common Configs consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform. At any given time, only one set of ConfigSources from the below list will apply to a device, calculated automatically via the listed PropertySources (unless overridden). For more information, see Module Installation.

Display Name	Type	Description
Config Metrics	DataSource	Metrics on collection success and failure.
ConfigCheck_1_SFTP	PropertySource	Sets auto.config.type.sftp if collection is possible via SFTP.
ConfigCheck_2_SCP	PropertySource	Sets auto.config.type.scp if collection is possible via SCP.
ConfigCheck_3_Exec	PropertySource	Sets auto.config.type.exec if collection is possible via SSH Exec.
ConfigCheck_4_Interactive	PropertySource	Sets auto.config.type.interactive if collection is possible via Interactive SSH.
ConfigCheck_5_Telnet	PropertySource	Sets auto.config.type.telnet if collection is possible via Interactive Telnet.
Config_Arista_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Aruba_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Brocade_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Cisco_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful. Currently will only apply to devices where config.beta is set to 1, or previous Cisco common configs have been collected.
Config_Fortinet_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Dell_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_HPE_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Juniper_Generic	PropertySource	Checks for SSH compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Netscaler_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_PaloAlto_Generic	PropertySource	Checks for SSHJ compatibility with a device and sets the relevant properties for modules to collect if successful.
Config_Sophos_Generic	PropertySource	Checks for SSH compatibility with a device and sets the relevant properties for modules to collect if successful.
Dynamic Configs (SCP)	ConfigSource	Common module for handling generic SCP config collection. Dynamic configs are set to not alert on change by default.
Dynamic Configs (SFTP)	ConfigSource	Common module for handling generic SFTP config collection. Dynamic configs are set to not alert on change by default.
Dynamic Configs (SSH Exec)	ConfigSource	Common module for handling generic SSH EXEC config collection. Dynamic configs are set to not alert on change by default.
Dynamic Configs (SSH Interactive)	ConfigSource	Common module for handling generic SSH Interactive config collection. Dynamic configs are set to not alert on change by default.
Dynamic Configs (Telnet)	ConfigSource	Common module for handling generic Telnet Interactive config collection. Dynamic configs are set to not alert on change by default.
Standard Configs (SCP)	ConfigSource	Common module for handling generic SCP config collection. These configs will alert on a non-filtered change.
Standard Configs (SFTP)	ConfigSource	Common module for handling generic SFTP config collection. These configs will alert on a non-filtered change.
Standard Configs (SSH Exec)	ConfigSource	Common module for handling generic SSH EXEC config collection. These configs will alert on a non-filtered change.
Standard Configs (SSH Interactive)	ConfigSource	Common module for handling generic SSH Interactive config collection. These configs will alert on a non-filtered change.
Standard Configs (Telnet Interactive)	ConfigSource	Common module for handling generic Telnet Interactive config collection. These configs will alert on a non-filtered change.