Documentation forNetwork Configuration Manager
Managing network configurations is a key capability of SolarWinds Observability Self-Hosted (formerly Hybrid Cloud Observability) and is available in the Advanced edition. Network Configuration Manager (NCM) is also available in a standalone module.

Configure real-time change detection in NCM

When you configure real-time change detection, NCM sends an email notification whenever a config changes. To configure real-time change detection, complete the following steps.

Step 1
Configure devices to send syslog or trap messages to the SolarWinds Platform server.

Step 2
Configure rules to detect syslog or trap messages that indicate a config has been changed.

Step 3
Create the account that NCM uses to access devices and download the updated config.

Step 4
Specify config comparison and email notification options.

Step 5
Enter NCM SMTP server details.


Step 6
Enable real-time config change notifications.

Step 1: Configure your devices to send syslog or trap messages to the SolarWinds Platform server

Configure each device to send either syslog or trap data to the SolarWinds Platform server. You can configure multiple devices using a script, as described below. You can also use a config change template, such as the Enable Syslog - Cisco IOS template.

If your devices already send syslog or trap messages to Kiwi Syslog Server or a third-party syslog or trap receiver, configure that syslog or trap receiver to forward messages the SolarWinds Platform server.

SolarWinds strongly recommends that you configure Cisco devices to send syslog messages, not trap messages. Cisco devices send trap messages when a user enters config mode but not when the user exits. Therefore, if you configure Cisco devices to send trap messages, you aren't notified of a change until the next time a user enters config mode.

  1. Click My Dashboards > Network Configuration > Configuration Management.
  2. Select the nodes, and then click Execute Script.
  3. Enter the commands to forward syslog or trap messages to the SolarWinds Platform server.

    See this topic for examples of the commands. For more information, see your device documentation.

    In addition, consider disabling logging for logins from the NCM server, especially if NCM must open config mode to download the device configuration. Disabling logging for NCM logins ensures that changes made by NCM don't trigger RTCD, which would result in a loop.

  4. Click Execute.
  5. Click Transfer Status.
  6. In the Action column, locate the most recent entry labeled Execute Script.
  7. Click Show Script Results in the Status/Details column.

You can remove device configurations by running a command with no in front of it. For example, no set logging server {ip_address} removes that target from the remote logging stream.

Step 2: Configure rules in LV or LA to detect config change notifications

Configure rules in Log Viewer (LV) or Log Analyzer (LA) to detect syslog or trap messages that indicate a config has been changed. You might need different rules for different device types.

If you are using version 2023.2.1 and later of NCM or Hybrid Cloud Observability Advanced, complete the following steps to configure LV or LA rules. If you are using version 2023.2 or earlier, see the Previous Version page to access the NCM Administrator Guide for the version you are using.

The SolarWinds Syslog Service account must have read-write access to the SolarWinds Platform database. For example, if your SolarWinds Platform database resides on the same server as NCM, consider using a local administrator account for the SolarWinds Syslog Service.

For Cisco IOS and ASA devices that send syslog messages, enable the default rule

LV and LA both provide preconfigured alerts for Cisco IOS and Cisco ASA devices that send syslog messages to the SolarWinds Platform server. Enable these alerts to use them.

  1. Access log rules:
    1. In the SolarWinds Platform Web Console, click My Dashboards > Logs > Log Viewer.
    2. In the upper-right corner, click Settings.
    3. In the left pane, expand Syslog, and click NCM Rule: Realtime Change Notifications.
  2. Select the following rules and enable them:
    • Cisco IOS Realtime Change Notifications
    • Cisco ASA Realtime Change Notifications

For other device types, create custom rules

If you have devices other than Cisco ASA and IOS devices, complete these steps to configure a custom rule.

  1. In the SolarWinds Platform Web Console, click My Dashboards > Logs > Log Viewer.
  2. In the upper-right corner, click Settings.
  3. In the left pane, expand either Syslog or Traps, and click My Custom Rules.
  4. Click Create, enter a descriptive name, and click Next.
  5. Specify the condition:

    1. Under Condition, select This rule files while following conditions apply.

    2. Next to If, select Message.

    3. Select either Contains or Matches Regex, depending on whether you are entering a simple string or a regular expression.

    4. Enter a string or regular expression to identify the syslog message that the device sends when a config has been changed.

      The message varies by device type. For example, when a change is made to a Cisco router config, the device sends a syslog message containing Configured from console. Message text is case-sensitive.

      For more information about what messages a device sends, see the device documentation.

      The message text used to trigger the rule should be from a message received after all the changes made in the session have been completed (for example, when exiting configuration mode).

    5. If the rule applies to multiple device types, select Or, click Add Condition > Field condition, and specify another string or regular expression.

    6. Click Next.

  6. Under Log Entry Actions, click Add an Action.
  7. Select Real-Time Config Change Detection.
  8. Click Done to add the action.
  9. Click Next, and then click Save.

Step 3: Create the account that NCM uses to access devices and download configs

When a config change is detected, NCM must be able to access the device and download the latest config so that it can determine what changed. Use the Config Changes page to create the Windows account that NCM uses to create and run RTCD-related download jobs.

  1. Open the Real-Time Change Detection page:
    1. In the SolarWinds Platform Web Console, click Settings > All Settings.
    2. Under Product Specific Settings, click NCM Settings.
    3. Under Real-Time Change Detection, click Configure Real-Time Change Detection.
  2. Click the Config Changes link in Step 3.

    The Config Changes page opens.

  3. Select Enable these account credentials to access all NCM-managed devices.

    If the check box is disabled, then the Device Login & User Account Credentials option is set to Global - Device Level. To change this option, click the Security link to open the Security page, and then select Individual - User Level.

  4. Enter the credentials that NCM can use to access devices and run RTCD-related download jobs.
  5. If you want the email message NCM generates to include the syslog or trap message that signaled a config change, select Include syslog/trap message.
  6. Click Submit.

Step 4: Specify config comparison and email notification options

When a config change is detected, NCM accesses the device, downloads the modified config file, and compares it to an existing config file to determine what changed. NCM then emails the specified recipients to notify them of the changes. Complete the following steps to specify config comparison and email notification options.

  1. Open the Real-Time Change Detection page.
  2. Click the Config Downloads and Notification Settings link in Step 4.

  3. Under Previously Downloaded Config File, select the type of config file that NCM should download for comparison when a config change is detected.

  4. Under Baseline Config File, select the config file you want NCM to use for comparison when it determines what changed.

  5. Select the desired Email Notification Options.
  6. Enter the Sender Name and Subject for NCM to use in RTCD email notifications, and specify at least one recipient. The Reply Address is optional.

    Email notification fields can include the following types of variables (also called macros). For example, use ${DateTime} to include the date and time in the Subject.

  7. Click Submit.

Step 5: Enter NCM SMTP server details

The email server settings you enter here are used to send notifications regarding RTCD, config change approvals, and running jobs. For information on config change approvals, see Approval system for configuration changes

  1. Open the Real-Time Change Detection page.
  2. Click the NCM SMTP Server link in Step 5.

  3. Enter the fully qualified domain name (FQDN) or IP address of the mail server.
  4. Enter the port number on which the mail server handles messages.
  5. Select None or Password as the Authentication method.
  6. Enter a user name and password.
  7. Click Submit.

Step 6: Enable real-time config change notification

  1. Open the Real-Time Change Detection page.
  2. Under Enable Real-Time Config Change Notifications, click Enable.
  3. Click Submit.

If a large number of config downloads is an issue after you configure RTCD, you can limit the number of simultaneous downloads.