Forum Discussion

jvanraes's avatar
2 years ago

Apply ConfigSources to devices that have alert trigged from other configsource

Hello


I'm searching for a way to apply configsources to devices who have a specific active alert triggered.

E.g. use case:
ConfigSource "Cisco_Compliance" who checks if a device has the following command present: "transport input ssh". -> alert gets triggered if command is not present.

I have another configsource "vty_ssh_only" which will execute some commands so "transport input ssh" gets configured on the device.

So what I want is to be able to apply the "vty_ssh_only" config source only to the devices who have the alert triggered from the "Cisco_Compliance" config source.

I already reached out to LM support who said this should be possible but didn’t know how to do it ...

Does anyone have an idea on how to accomplish this?

Thanks

Kind Regards

  • If I understand this right, I don’t think ConfigSource would be the best way to do this.ConfigSource is more for alerting on changes to a config and not analyzing the configuration itself.

    I would create a PropertySource that specifically looks for the missing config option and will set a property on that device when that is the case. You can then have a AppliesTo on a DataSource that looks for that property and does what you want. Just be careful to not do it multiple times since PropertySources only run once a day. Like have the DataSource recheck that it hasn’t already been applied before changing it.

    IMHO, LM isn’t really geared towards taking actions on what it finds directly. LM runs scripts, and scripts can do anything but I personally think it’s hacky but it can get the job done just be careful about it.

  • If I understand this right, I don’t think ConfigSource would be the best way to do this.ConfigSource is more for alerting on changes to a config and not analyzing the configuration itself.

    I would create a PropertySource that specifically looks for the missing config option and will set a property on that device when that is the case. You can then have a AppliesTo on a DataSource that looks for that property and does what you want. Just be careful to not do it multiple times since PropertySources only run once a day. Like have the DataSource recheck that it hasn’t already been applied before changing it.

    IMHO, LM isn’t really geared towards taking actions on what it finds directly. LM runs scripts, and scripts can do anything but I personally think it’s hacky but it can get the job done just be careful about it.


    Thanks for the feedback, I didn’t know you had the possibility of checking for missing config with a PropertySource, I’ll give it a try!

  • If I understand this right, I don’t think ConfigSource would be the best way to do this.ConfigSource is more for alerting on changes to a config and not analyzing the configuration itself.

    I would create a PropertySource that specifically looks for the missing config option and will set a property on that device when that is the case. You can then have a AppliesTo on a DataSource that looks for that property and does what you want. Just be careful to not do it multiple times since PropertySources only run once a day. Like have the DataSource recheck that it hasn’t already been applied before changing it.

    IMHO, LM isn’t really geared towards taking actions on what it finds directly. LM runs scripts, and scripts can do anything but I personally think it’s hacky but it can get the job done just be careful about it.