Types of NCM alert actions
You can use three types of NCM actions in processing an Orion Platform alert:
- Backup Running Config
- Execute Config Script
- Show Last Config Changes
In executing one of its alert-related actions, NCM requires a role with sufficient permissions and cannot use device access credentials to authorize its action.
As a security enhancement related to executing NCM actions, NCM account passwords are not stored in the database. As part of configuring NCM, the installation software removes passwords from the database as part of the Configuration Wizard session.
Sequence the actions with an awareness that some NCM actions require others to complete first. For example, NCM cannot execute a notification email action before it downloads the config from an NCM-managed device.
Backup Running Config
NCM downloads the latest configuration from the context node. It is the same as running Node Details > Configs > Download Config. Unlike a normal execution of this action, however, the results of this download are written to an alerts table in the Orion database and this data is used when an alert is processed.
Execute Config Script
NCM executes the command(s) that you entered in the Command Script to Execute field. For example, if you enter
show version, and include it as a Trigger Action on an alert, NCM runs the
show command as part of alert processing and includes the results with the alert notification.
Show Last Config Changes
NCM performs a SQL query to find the most recent changes and compares those changes either to the baseline config or the next-to-last downloaded config, depending on how you set up your alert action.
When the alert is triggered, the results of the NCM action are stored in the Orion database and used as part of runtime processing of an alert. You can also view this information as part of the Alert Details on any relevant alert reported through the Orion Web Console at Alerts & Activity > Alerts.
If an alert is triggered for a node without relevant config history, NCM cannot contribute any data and the Orion alert is processed without it. So selecting this action only makes sense if you already have a history of device configurations.