Cisco Systems 4 Configuration Audit

4-45

Cisco Prime Network 4.0 User Guide

OL-29343-01

Chapter 4 Device Configurations and Software Images Configuration Audit

Note In the Configuration Management and Image Management Settings pages, CCM does not support the

following special characters:

• For Password fields—>, <, ', /, \, !, :, ;, and "

• For all other fields—`, ~, @, #, $, %, ^, &, *, (, ), +, =, |, {, }, [, ], ', ?, >, <, /, \, !, :, ;, and "

Configuration Audit

Note Starting Prime Network 4.0, Configuration Audit is being replaced by C ompl iance A udit. However, if

you enabled the option to retain Configuration Audit during an upgr ade procedure from Prime Network

3.11 (or earlier), the feature will still available from CCM. For more information on Compliance Audit,

see Compliance Audit, page 4-50.

CCM facilitates a configuration compliance mechanism, which enables auditing configurations on a

device against a specified configuration policy file (also called as a baseline or expected configuration).

Prime Network facilitates administering multiple configuration policy files through a Configuration

Audit Policy Manager. Each configuration policy is a set of CLI commands that define a desired baseline

or expected configuration. Configuration policies can also be configured u sing valid, Java-based regular

expressions. Tabl e 4-4 provides examples of configuration policy CLIs.

Sample Configuration Policy

The following example shows a polic y that pe rform s audit for B GP con fig urat ion fo r a Cisc o IOS router:

#BGP Configuration Audit

router bgp (.*)

neighbor (.*) remote-as (.*)

address-family ipv4

If you want an audit check for specific BGP AS or neighbor IP address, the above CLI can be changed

accordingly. For example:

router bgp 65000

neighbor (.*) remote-as 65001

address-family ipv4

Table 4-4 Configuration Policy CLI Examples

Policy Name Policy Description Policy CLI

SamplePolicy1 Sample policy for global

configuration auditing

spanning-tree mode rapid-pvst

SamplePolicy2 Sample policy for global regex and

first sub level cli matching audit

interface GigabitEthernet(.*)

port-type nni

SamplePolicy3 Sample policy for global regex,

first sub level cli matching, and

second sub level regex matching

router (.*)

address-family ipv4 unicast

network (.*)

SamplePolicy4 Sample policy for fixed cli

matching

interface GigabitEthernet3/4

address-family ipv4 unicast