No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Operation Procedure

Operation Procedure

This section describes how to perform compliance check on devices using eSight, helping you quickly master compliance check operations.

Table 12-51 Compliance Check Operations

Step

Operation

Description

1

Set protocol parameters on the device: SNMP and Telnet.

  • If SNMP is used, the MIB view including ISO nodes must be configured. SNMPv2c read and write permissions are mandatory.

    For details about how to configure the SNMP protocol on the device, see Configuring the SNMP Protocol on Devices.

  • The Telnet privilege mode on eSight must be the same as that on the device.

    For details about how to set Telnet parameters on the device, see Setting Telnet Parameters on Devices.

2

Add devices to eSight.

Select a proper device addition mode based on the site requirements.

For details about how to add devices to eSight, see Adding Devices to eSight.

3

Perform compliance audit.

Set check rules based on service requirements on the live network. Alarms can be set. When detecting a rule that fails to pass the check, eSight triggers an alarm.

Audit configuration changes.

Set configuration change audit rules based on service requirements on the live network. Alarms can be set. When detecting a rule that fails to pass the check, eSight triggers an alarm.

4

Notify the audit result through emails.

After the email notification parameters are set, eSight sends the execution result of a periodic audit task or an immediate audit task through an email when the task execution is completed.

Creating a Compliance Check Task

To ensure stable running of services on the live network, you need to periodically check whether device configurations are correct. After the check rules are imported to eSight, eSight can check devices on the live network in batches.

NOTE:

Before executing a compliance check task, you need to configure the Telnet protocol for devices to be checked on eSight. Otherwise, the compliance check task cannot be executed successfully.

Procedure
  1. Choose Resource > Network > Configuration > Compliance Check from the main menu.

  2. Click Create, configure basic information such as the task name and task description, and set Task Type to Compliance Audit.
  3. Click Import. In the dialog box that is displayed, click to download the template and edit audit rules in the template.

    Table 12-52 Rule description

    Field

    Description

    Device IP

    IP address of the device to be checked.

    Command

    Command line for checking the configurations of the device to be checked.

    Whether Slice

    Indicates whether to divide the device configurations into blocks and then audit each block.

    Start Split Character

    Slice start and end positions. The parameters take effect only when Whether Slice is set to Yes.

    End Split Character

    Filter Criteria

    The parameters take effect only when Whether Slice is set to Yes. Device configurations are divided into device configuration slices based on Start Split Character and End Split Character. If you concern only some slices, you can set Filter Criteria and Filter Content to filter these slices for compliance check.

    Filter Content

    Audit Mode

    All target configuration slices are checked based on the rule consisting of the audit mode and audit content. If the slices comply with the rule, the slices are considered as compliant slices. If the slices do not comply with the rule, the slices are considered as non-compliant slices. The options for Audit Mode include contain, not contain, regex, and whitelist. The whitelist option must be used with the Audit Content and White List parameter for compliance check.

    Audit Content

    White List

    Remarks

    User-defined description.

    User-Defined Result (Compliant)

    Description when the configuration complies with the user-defined audit rule.

    User-Defined Result (Incompliant)

    Description when the configuration does not comply with the user-defined audit rule.

  4. Click and select the edited audit rule file.
  5. Click to upload the audit rule file. After the upload is complete, click OK.
  6. Click OK. In the High Risk dialog box that is displayed, select I have understood the consequence of the operation and confirm to perform the operation. and click OK.
  7. Click OK in the dialog box that is displayed.
  8. Click to view the detailed audit result.

Result

If an alarm is reported upon audit failure, you can choose Fault > Current Alarms from the main menu and view the Configuration Audit Fail alarm after the configuration fails the audit.

Creating a Configuration Change Audit Task

You need to create a configuration change audit task to audit configuration change records of devices, facilitating service fault location.

NOTE:

Before executing a configuration change audit task, you need to configure the Telnet protocol for devices to be checked on eSight. Otherwise, the configuration change audit task cannot be executed successfully.

Procedure
  1. Choose Resource > Network > Configuration > Compliance Check from the main menu.

  2. Click Create, configure basic information such as the task name and task description, and set Task Type to Configuration Change Audit.
  3. Click Add Device, add devices whose configuration changes need to be audited, and click Next.

    NOTE:

    Devices can be selected based on subnets.

  4. Click Import. In the dialog box that is displayed, click to download the template and edit audit rules in the template.

    Table 12-53 Rule description

    Field

    Description

    Command

    Command line for checking the configurations of the device to be checked.

    Configuration Change Ignoring Rule

    Rule defining the locations that do not need to be audited in the command output.

    Remarks

    User-defined description.

    User-Defined Result (Compliant)

    Description when the configuration complies with the user-defined audit rule.

    User-Defined Result (Incompliant)

    Description when the configuration does not comply with the user-defined audit rule.

  5. Click and select the edited audit rule file.
  6. Click to upload the audit rule file. After the upload is complete, click OK.
  7. Click OK. In the High Risk dialog box that is displayed, select I have understood the consequence of the operation and confirm to perform the operation. and click OK.
  8. Click OK in the dialog box that is displayed.
  9. Click to view the detailed audit result.

    NOTE:

    If the configuration change audit task is executed not for the first time and the audit result indicates configuration change, you can click in the Operation column to view the last change or compare different change records.

Result

If an alarm is reported upon audit failure, you can choose Fault > Current Alarms from the main menu and view the Configuration Audit Fail alarm after the configuration fails the audit.

Notifying the Audit Result Through Emails

After email notification is enabled, eSight sends emails to notify users of execution results of periodic backup tasks or device configuration file changes so that users can rapidly learn the backup and change of configuration files.

If the content in configuration files changes, eSight also triggers a configuration file change alarm to notify users of the change.

Prerequisites
Procedure
  1. Choose Resource > Network > Configuration > Compliance Check from the main menu.

  2. Choose Compliance Check > Email Notification from the navigation tree on the left and configure the email notification.

    1. Set Sending policy to Send audit task execution result, and set Recipient. After a periodic audit task or an immediate audit task is executed, eSight sends an email to notify the recipient of the task execution result.
    2. Click Apply.

Result

The configured remote notification users can receive email notifications after the periodic audit task or immediate audit task is executed.

Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044378

Views: 58039

Downloads: 264

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next