Performing a Configuration Audit
A configuration audit can help you determine whether the service configuration on the device has been changed out of band. To this end, you can compare the results of a configuration audit with the service configuration in the Junos Space database. The following example shows a sample comparison.
To perform a configuration audit:
- From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services are displayed.
- Click the Build icon in the Service View of the Connectivity Services Director banner. The functionalities that you can configure in this mode are displayed in the task pane.
- Click the plus sign (+) beside Connectivity to view services
based on protocols.
Expand the IP Services tree to select an IP service.
Expand the E-Line Services tree to select an E-Line service.
Expand the E-LAN Services tree to select an E-LAN service.
- In the Network Services > Connectivity task pane, select Audit Results > Configuration Audit, and from the Configuration Audit page that is launched, click the Run Configuration Audit button. Alternatively, you can select a service order, and click the Audit button at the top of the table of listed services from the Manage Network Services page and select Run Configuration Audit.
- In the Schedule Configuration Audit window,
Select Audit Now, then click OK.
An informational dialog appears, stating that the configuration audit job is successfully triggered with the job ID, and an OK button.
Select Audit Later, enter a date and time, then click OK.
- To monitor the progress of an audit after selecting Audit Now, click the Job ID in the Audit Information window. The Job Management page shows information about
the configuration audit job.
Alternatively, to display the Job Management page, click the System icon on the Connectivity Services Director banner, and select Manage Jobs from the Tasks pane. You can also view the CSD Deployment Jobs page in Deploy mode of Service View by selecting the View Deployment Jobs option in the task pane.
The State field indicates whether the service passed or failed the audit. If the service failed the audit, then the Summary field provides information about the failure.
To monitor the progress of an audit after selecting Audit Later, after the scheduled time of the audit:
- On the Junos Space Network Management Platform user interface, select Jobs .
- In the Job Types chart, select the Configuration Audit segment of the pie chart.
- Select the configuration audit of interest from the list
on the Job Management page.
Summary information about the audit appears in the quick look panel.
- In the filter bar, select the table view icon to see additional information about the job. If the service failed the audit, information about the failure appears in the Summary field.
- In the Audit Information window, click the
job ID of the configuration audit.
The Job Management window appears and shows a filtered view of the job inventory, showing only the configuration audit job.
If a resynchronization between a device and the Junos Space database is ongoing when the configuration audit job starts, the configuration audit job suspends until the resynchronization job finishes. If the resynchronization job fails to complete, the audit could be suspended indefinitely. To allow the audit to proceed, go to the Job Management workspace and cancel the resynchronization job, as described in Canceling a Job.
- In the Status column, check the status of the
audit to determine whether it succeeded or failed.
Check the Summary column, which contains useful service information such as the VC ID and endpoint information. For some failed deployments, this column also contains information about why the deployment failed.
When a configuration audit is performed, the XPATH attributes that are present in the service configuration are used. Only the addition, modification, or deletion of the XPATH attributes is detected, and the creation of a new attribute (child XPATH ) on a device is not determined. The audit operation disregards such attributes and does not identify them. This behavior is expected and occurs because Junos Space Platform software audits only the settings present a user template. If the template has a container, Junos Space Platform only audits to determine whether the device is configured with this container. If a user wants to audit any container child, the user needs add it into the template. This scenario is similar to an out-of-band configuration change on the device, which Junos Space Platform can determine only if the system of record (SOR) mode is set for the Junos Space Network Management Platform application.