Identifying Changes In Configuration Files; Automatic Differences Detection - Extreme Networks EPICenter Guide Manual

good" configuration in case of configuration problems, and you can use it as a reference to compare
against archived configuration files to identify any configuration changes that have been made.
When you view information about the configuration files that have been uploaded for a device or a
device group in the main Configuration Manager window, the display indicates whether a baseline file
exists for the device.
The Configuration Manager enables you to create baseline configurations in several ways:
• You can upload a configuration file from a device using the Upload feature, but specify that it
should be saved as a baseline file
• You can select a saved configuration file and designate it as a baseline
• You can schedule an upload of files to be used as the baseline. This is a one-time schedule, not a
repeating schedule as is done for archival uploads. This enables you to have the baseline upload
performed at a time that will minimize the impact on your network load, without requiring
administrator intervention.
The baseline functions are accessible from the Config menu of the Configuration Manager, as well as
the right-click pop-up menu that is available when you have selected a device or device group in the
Component Tree.
If a baseline file exists for a device, you will be able to view the baseline file using the configuration file
Viewer. If both a baseline file and another configuration file exists for the device, you will be able to
compare the two files using a Difference Viewer, if you have one installed on your system and have
configured EPICenter to use it.

Identifying Changes in Configuration Files

If you suspect there have been changes to a device's configuration, or if you know there have been and
want to identify them, you can compare two uploaded configuration files, or to compare a configuration
file with the baseline file for the device. using a Difference viewer through EPICenter's Diff command.
For example, if you suspect malicious changes, you could perform a configuration upload for the device
and then compare that file with the last archived configuration.
In order to use this feature you must have a Difference Viewer, such as WinMerge for Windows, or sdiff
for Solaris, installed on your system. You must also specify the location of the Difference Viewer using
the Setup Viewer command, available from the Config menu or the right-click pop-up menu under the
Options submenu. You cannot view differences with a standard text editor.

Automatic Differences Detection

One of the powerful feature of EPICenter is available through the combination of baseline files and the
scheduled archive feature. If a baseline file exists on the EPICenter server for a device, then when
EPICenter uploads an archive configuration file for the device, it will automatically compare the new
archive configuration with the baseline configuration, and create a report on those differences. In
addition, if differences are detected, EPICenter will then upload the log file from the switch, and search
for log entries that could explain or be related to the configuration change. EPICenter includes those log
entries in the report. Based on the log entries it may be possible to identify not only when the changes
were made, but also the identity of the user that made the changes.
Figure 44 shows an example of a report generated when EPICenter detects a difference between an
archived configuration and the baseline configuration for a device. The report is created as a PDF file,
and you can configure EPICenter to automatically email the file to recipients you designate.
EPICenter Concepts and Solutions Guide
Baseline Configurations
95