Audit network configurations with Nelkit

The script nk-compare-configs is part of Nelkit, its goal is to run audits on network device configuration to find hosts which config differ from your baseline.

Creating a settings file

The script needs a file which instructs it what you want to compare in the configuration. The config file is in yaml format and an example looks like this:

configs: '/opt/network/configs'
# Match lines starting with snmp-server but ignore
# the snmp-location setting
 - match:
    string: '^snmp-server'
    exclude: '^snmp-server location'

# Match lines starting with logging
 - match:
    string: '^logging'

# Match from the line starting with interface Loopback
# to a line starting with "!"
 - between:
    start: '^interface Loopback0'
    end: '^!'

# Match between interface Loopback1 and the next line
# which isn't indented, exclude description and ip address
 - between:
    start: '^interface Loopback1'
    exclude: '^ description|^ ip address'
    until_not: '^ '

# Match an access-list
 - between:
    start: 'ip access-list extended OUTSIDE-IN'
    until_not: '^ '

# Match lines starting with service but sort the
# lines before comparing so that the order in which
# the configuration was entered is ignored
 - match:
    string: '^service'
    sort: 'true'

Running the script

Once you have setup your settings file you can run the script.

nk-compare-configs -c settings.yml<br />