Used in CCR, and adapted for Cisco IOS Cisco Catos Pix OS Cisco VPN 3000 os
Really nice thing. ----- Original Message ----- From: "Glynn Stanton" <[EMAIL PROTECTED]> To: <nanog@merit.edu> Sent: Thursday, May 12, 2005 3:39 PM Subject: RE: ACL Monitoring > > > If you anticipate doing a lot of this kind of monitoring in the future you > may want to take a look at the "expect" programming language > http://expect.nist.gov/ , which has very simple "send"/"expect" constructs. > E.g. send "show acl 101/r" expect "access-list .." etc. Perl also allows > similar although is probably not quite as easy to pick up if you've never > done this kind of thing before. > > Essentially you'd write a quick script to telnet or ssh to the router "send" > your commands, expect a result and do something based on that result. As I > said, its worth the time investment and you'll find once you get the script > done you can just reuse it for many other tasks. > > The TACACS+ suggestion is also good.. Not only would it allow you to limit > who (authentication) can do what (authorization).. The accounting features > would also provide a log entry if an authorized user did do a no access-list > 101.. You could then write a shell script to parse the accounting log. > > Cheers, > Glynn > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim > McBurnett > Sent: Thursday, May 12, 2005 5:20 PM > To: Paul Ryan; nanog@merit.edu > Subject: RE: ACL Monitoring > > > Paul, > I think a better solution maybe to implement TACACS+ and resrict rights on > who can do that.. > Sounds like you don't trust someone..... > I'd try that first... > > > Later, > Jim > > -----Original Message----- > From: Paul Ryan [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 12, 2005 5:15 PM > To: nanog@merit.edu > Subject: ACL Monitoring > Importance: High > > > > > All - I am looking for a solution (open source, scripts) to allow me to > monitor ACL's on Cisco routers. So if for example a line dissapears from > an ACL or the entire ACL is removed - I am alerted via pager/e-mail etc. > > regards, > > Paul R > >