Monitor device configurations

When a Network Collector or Platform-connected SolarWinds Observability Self-Hosted polls configuration data, you can see the configurations in SolarWinds Observability SaaS.

The system checks for outdated configurations every 45 minutes. Configurations older than 30 days are deleted.

This topic covers:

Requirements

Configurations are displayed only for nodes with enabled configuration management. You can enable it in one of the following ways:
All built-in roles can access the Configuration Management area overview. For custom roles, the user must have Configuration Management > Configs > View permission.
Downloading and uploading configs and executing scripts require extra permissions. Only the built-in Owner and Admin roles can perform these actions. For custom roles, the user must have Configuration Management > Configs > Full Access permission.

You can see only the actions you have permission to perform. If you cannot see a menu item, ensure that you have sufficient permissions.

View configurations

In SolarWinds Observability, click Network > Configuration Management. Review the tabs:

Overview: At-a-glance view of configuration management details, such as the number of devices by vendor, backup history, baseline conflicts, and config changes.

Managed Devices: Lists devices with enabled configuration management. Use the search and filter options to find a device. This view provides the following details for monitored devices:

Name

The device name. Click it to open the node details page for the device.

Vendor

The device vendor.

Latest Operation

The result and timestamp of the most recent configuration download.

Success: The latest configuration download completed successfully.
Failure: The latest configuration download failed.
Not performed: No configuration download has been initiated for this device from SolarWinds Observability SaaS. Configurations may be available if they were performed by a job scheduled on the Network Collector from the collector web console.

Latest Running Config

No Backup: No backup available. A config was either never downloaded or it was deleted according to the retention policy, by default after 30 days.
Backed up: Click Backed up to display the configuration in an Inspector Panel.

Latest Startup Config

No Backup: No backup available. A config was either never downloaded or it was deleted according to the retention policy, by default after 30 days.
Backed up: Click Backed up to display the configuration in an Inspector Panel.

Startup vs Running

Displays the comparison between the latest downloaded running and startup configurations.

Match
Conflict: Click to open the conflict in the Inspector Panel
-- The comparison cannot be performed because the running configuration, the startup configuration, or both are not available.

Running vs Baseline

The comparison of the latest downloaded running configuration with the baseline. See Manage configuration baselines.

Review configurations for a device

Go to Managed Devices (Network > Configuration Management > Managed Devices).
Click a row on the Managed Devices tab to open the Inspector Panel with the device details.
In the Inspector Panel, click the Configurations tab for a list of all configurations downloaded for the device.
Click a configuration to display it.

Compare configurations

Go to Managed Devices (Network > Configuration Management > Managed Devices).
Click a device name to open the device details view.
Open the Configuration Management tab.
Select two configurations and click Compare.
Review the changes and click Close to close the content comparison.

Review configuration changes and conflicts

Go to Managed Devices (Network > Configuration Management > Managed Devices).
Use available filters to show relevant devices.

If there is a conflict between configurations, you can see Conflict in the Startup vs Running column or in the Running vs Baseline column.
Click the conflict to compare the configurations in an Inspector Panel.

Download configurations

Go to Managed Devices (Network > Configuration Management > Managed Devices).
Select one or more devices and click Download Running Config or Download Startup Config.

The configuration download starts. Click the Events link in the message to follow the download progress.

Sign scripts or upload jobs

Some actions, such as uploading configurations or running scripts, require a digital signature before they can run. The signature is generated by using a pair of cryptographic keys: a private key and a public key. You must set up these keys before performing any signed action.

When prompted during an action, run a signing script and paste the output into the Signature field.

Set up signing

Ensure that OpenSSL is installed on your computer and available in your system PATH. See OpenSSL Downloads and Path (Windows commands) for details.
Create a private key. Use the following script to create a 4096-bit RSA private key encrypted with AES-256.
```
openssl genpkey -algorithm RSA -out private_key.pem -aes256 -pkeyopt rsa_keygen_bits:4096
```
Create a public key. Use the following script to extract the public key from the private key.
```
openssl rsa -in private_key.pem -pubout -out public_key.pem
```

Create the following folder on your Network Collector and paste the public key into it.

C:\ProgramData\SolarWinds\UAMSClient\plugin-storage\nim-actions\signature-public-keys

Sign actions

When you perform an action that requires a signature, run the provided signing script, and then paste the output into the Signature field.

Signature verification is enabled by default. If you encounter issues, ensure that the following flag is set in the configuration file on the Network Collector.

--EnableSignatureVerificationFeature=true

Upload configurations

Uploading a configuration does not guarantee that the device is fully restored to the selected configuration state. During the upload operation, the current running configuration on the device is merged with the uploaded configuration.

Review the upload script carefully and make any necessary changes to achieve the expected result.

Go to Managed Devices (Network > Configuration Management > Managed Devices).
Click the vertical ellipsis next to the device and select Upload Config.
On Upload operation details, review the configuration you want to upload, and then click Next.

You can modify the configuration before uploading it to the device. Changes apply only to the uploaded configuration; the original downloaded configuration remains unchanged.

Additional options:
- To write the configuration to non-volatile memory, select the Write to NVRAM box.
- To reboot the device after the upload completes, select Reboot.
On the Signing page, select your operating system, copy the provided script, and run it on the device.
Paste the output into the Signature field and click Upload.

The configuration upload starts. To monitor progress, click the Events link in the status message.

Manage and run scripts

Click Network > Configuration Management.

On the Overview tab, open the Script Management tab in the lower part of the view. From there, you can view and manage available scripts by using the vertical ellipsis at the end of each row.

Execute scripts

In Script Management, click the vertical ellipsis for a script, and then select Execute to open the Execute Script wizard.

You can also execute scripts for specific devices from the Managed Devices tab. Click the vertical ellipsis next to the device, and then select Execute Script. In this case, the Select Network Devices step is skipped.
On Script Details, review the script. You can change the script here.

To reboot the device after running the script, select the Reboot box.
On Select Network Devices, select one or more devices on which to run the script.
On Signing, select the operating system, run the provided command-line script, and paste the output into the Signature field.
Click Execute.

Delete scripts

In Script Management, click Delete in the vertical ellipsis for a script, and then confirm deletion.

Edit scripts

In Script Management, click Edit in the vertical ellipsis for a script and make your changes.

Add scripts

You can add scripts to run on devices with monitored configurations. For supported operations, see the device vendor documentation.

In Script Management, click Add Script.
Enter a name for the script.
Type your script in the Content box.
Provide more details on why you created the script and what it does in the Comments box.
Save the script.

The script is added to Script Management. You can run or edit it there.

Schedule and manage configuration jobs

Schedule configuration jobs to automate the management of network devices and configuration files. Configuration jobs include regular downloads of device configurations.

You can define and run configuration jobs either in SolarWinds Observability SaaS, on the Network Collector/Platform-connected SolarWinds Observability Self-Hosted, or in both places.

SolarWinds Observability SaaS

Supported job types: Download Configurations from Devices, Upload Change to Devices, Execute Command Script on Devices.
There are no predefined jobs.

Network Collector /Platform-connected SolarWinds Observability Self-Hosted

Supported job types: Download Configurations from Devices, Upload Change to Devices, Execute Command Script on Devices. See NCM job types for a comprehensive list.
There are predefined daily jobs.

Before you create a new job in SolarWinds Observability SaaS, check whether a similar job already exists on the Network Collector/Platform Connect SolarWinds Observability Self-Hosted. If you find the job there, consider disabling the job to avoid duplication.

Create a configuration job

In SolarWinds Observability SaaS, go to Settings > Configuration Management > Job Management.
Click Create.
Name the job.
Select a Job Type:
- Download Configs from Devices
- Upload Changes to Devices
- Execute Command Script on Devices
On the Schedule screen, specify when the job runs. Select the frequency (Daily, Weekly, Monthly, or Specific Date) and complete the schedule definition.
Select the nodes to target with this job, and click Next.
Specify how you want to be notified about the job:
- Select an available email configuration. See Email notifications
  
  Custom Trigger Notifications and Custom Reset Notifications are not supported. If you select a configuration where these options are enabled, the job will run but you will not receive any notification.
- Click Add a new configuration, provide a name for the email configuration and enter recipients. Optionally, enter a description for the email configuration.
Configure job-specific details and click Next.
- Download Configuration: Select the configuration to be downloaded - Startup or Running.
- Upload Changes: Select a device and then select the configuration to upload to the device. Review the configuration, adjust it, or select an additional option if necessary. See Upload details.
- Execute Command Script on Devices: select an existing script or write a script to run on the devices. When you select an existing script, the script is displayed. You can adjust the script.
If the job requires a signature (uploading changes or executing commands), sign it and click Next to continue. See Set up signing for configuration details.
1. On Signing, select the operating system of the device.
2. Copy and run the command line script.
3. Paste the output to the Signature field.
Review the summary and save the job. The job is added to the Job List. By default, new configuration jobs are enabled and run as scheduled. Review the Status column.

Enable/disable configuration jobs

Configuration jobs must be enabled to run. Jobs that are not enabled will not start.

In SolarWinds Observability SaaS, go to Settings > Configuration Management > Job Management.
Find the job you want to enable/disable, click the vertical ellipsis and select Enable/Disable.

Edit configuration jobs

In SolarWinds Observability SaaS, go to Settings > Configuration Management > Job Management.
Find the job you want to edit, click the vertical ellipsis and select Edit. This starts the Update Job wizard, where you can change the name, schedule, nodes, notification and job-specific details. See Create a configuration job for details about the wizard.

Monitor job execution

Review job details

In SolarWinds Observability SaaS, go to Settings > Configuration Management > Job Management.
Click a job to display more details in the Inspector Panel.
Click the Logs tab in the Inspector Panel to see the transfer history. If there are no records, select a longer time range in the Show drop-down list.

Review transfer status

In SolarWinds Observability SaaS, go to Network > Configuration Management > Configuration Management.
Click the Transfer Status tab in the lower part of the screen. The tab displays all transfers for all jobs.

Use the filters to find a specific job, or access the Transfer Status tab from a specific job.

If there are no records, select a longer time range in the upper right corner.
To view more details for a specific job, click the vertical ellipsis for the job and select View Details. For download jobs, this lists all downloaded configurations. If a script execution job fails, details include the failure reason.

Search SolarWinds Support