ONTAP Discussions

Highlighted

Track config changes / Alert on AutoSupport failures

Hi guys,

 

how are you tracking config changes?

For instance, we would like to get notified if remove-private-data does change (system autosupport modify -node * -remove-private-data true/false)

 

Also we would like to get notified in case https AutoSupport`s get stuck (proxy authentication error,...)

 

Thank you!

 

2 REPLIES 2
Highlighted

Re: Track config changes / Alert on AutoSupport failures

Ideally, you would track configuration changes through some sort of change management/approval procedure, but unauthorized/undocumented changes are a fact of life (in my experience, at least). In my environment, we periodically report on deviations from our expected configuration using Pester, which is a testing framework written in PowerShell (built into Windows 10 and has support for PowerShell Core so can be run on Linux as well). A sample test to suit your use case would look something like this:

 

Describe "Autosupport Settings" {
 (Get-NcAutoSupportConfig | Select-Object NodeName,IsPrivateDataRemovedSpecified).ForEach{
    It "Private Data Removed setting for $($_.NodeName) should be true" {
      $_.IsPrivateDataRemovedSpecified | Should -Be $true
    }
  }
} 

Saving the above as "AutoSupport.Tests.ps1" and running it with Invoke-Pester looks like this:

 

PS C:\Users\user\desktop> Invoke-Pester .\AutoSupport.Tests.ps1
Executing all tests in '.\AutoSupport.Tests.ps1'

Executing script .\AutoSupport.Tests.ps1

  Describing Autosupport Settings
    [+] Private Data Removed setting for lab-clst-01-8200-n1 should be true 3ms
    [+] Private Data Removed setting for lab-clst-01-8200-n2 should be true 2ms
Tests completed in 251ms
Tests Passed: 2, Failed: 0, Skipped: 0, Pending: 0, Inconclusive: 0 

It will run the test that we just set up, and throw an exception if the actual value differs from its expected value (for example, if someone modifies the "IsPrivateDataRemovedSpecified" parameter for a node.

 

From there, you could run that command as a Scheduled Task or something and have it write the output to a file or send you an email message with the results every day. 

 

For your second request, I would agree with @SpindleNinja and set up event notifications. 

Check out the KB!
Knowledge Base
All Community Forums