A configuration audit can help you determine whether the service
configuration on the device has been changed out of band. To this
end, you can compare the results of a configuration audit with the
service configuration in the Junos Space database. The following example
shows a sample comparison.
To perform a configuration audit:
- From the View selector, select Service View. The workspaces that are applicable to routing and tunnel services
are displayed.
- Click the Build icon in the Service View of
the Connectivity Services Director banner. The functionalities that
you can configure in this mode are displayed in the task pane.
- Click the plus sign (+) beside Connectivity to view services
based on protocols.
Expand the IP Services tree to select an IP
service.
Expand the E-Line Services tree to select an
E-Line service.
Expand the E-LAN Services tree to select an
E-LAN service.
- In the Network Services > Connectivity task
pane, select Audit Results > Configuration Audit, and from the Configuration Audit page that is launched, click the Run Configuration Audit button. Alternatively, you can select
a service order, and click the Audit button at the top
of the table of listed services from the Manage Network Services page
and select Run Configuration Audit.
- In the Schedule Configuration Audit window,
either:
Select Audit Now, then click OK.
An informational dialog appears, stating that the configuration
audit job is successfully triggered with the job ID, and an OK button.
Select Audit Later, enter a date and time,
then click OK.
- To monitor the progress of an audit after selecting Audit Now, click the Job ID in the Audit Information window. The Job Management page shows information about
the configuration audit job.
Note: Alternatively, to display the Job Management page, click
the System icon on the Connectivity Services Director banner,
and select Manage Jobs from the Tasks pane. You can also
view the CSD Deployment Jobs page in Deploy mode of Service View by
selecting the View Deployment Jobs option in the task pane.
The State field indicates whether the service passed
or failed the audit. If the service failed the audit, then the Summary field provides information about the failure.
To monitor the progress of an audit after selecting Audit
Later, after the scheduled time of the audit:
- On the Junos Space Network Management Platform user interface,
select Jobs .
- In the Job Types chart, select the Configuration
Audit segment of the pie chart.
- Select the configuration audit of interest from the list
on the Job Management page.
Summary information about the audit appears in the quick look
panel.
- In the filter bar, select the table view icon to see additional
information about the job. If the service failed the audit, information
about the failure appears in the Summary field.
- In the Audit Information window, click the
job ID of the configuration audit.
The Job Management window appears and shows a filtered
view of the job inventory, showing only the configuration audit job.
Note: If a resynchronization between a device and the Junos
Space database is ongoing when the configuration audit job starts,
the configuration audit job suspends until the resynchronization job
finishes. If the resynchronization job fails to complete, the audit
could be suspended indefinitely. To allow the audit to proceed, go
to the Job Management workspace and cancel the resynchronization
job, as described in Canceling a Job.
- In the Status column, check the status of the
audit to determine whether it succeeded or failed.
Check the Summary column, which contains useful service
information such as the VC ID and endpoint information. For some failed
deployments, this column also contains information about why the deployment
failed.
Note: When a configuration audit is performed, the XPATH attributes
that are present in the service configuration are used. Only the addition,
modification, or deletion of the XPATH attributes is detected, and
the creation of a new attribute (child XPATH ) on a device is not
determined. The audit operation disregards such attributes and does
not identify them. This behavior is expected and occurs because Junos
Space Platform software audits only the settings present a user template.
If the template has a container, Junos Space Platform only audits
to determine whether the device is configured with this container.
If a user wants to audit any container child, the user needs add it
into the template. This scenario is similar to an out-of-band configuration
change on the device, which Junos Space Platform can determine only
if the system of record (SOR) mode is set for the Junos Space Network
Management Platform application.