ViPR SRM 3.6 – Track Configuration Changes using ViPR SRM
Table of Contents
Compliance change tracking features
Learn how to monitor and view configuration changes in your storage network.
The ViPR SRMSolutionPack for Storage Compliance tracks and reports on configuration changes in your storage infrastructure. It also reruns the enabled compliance rules related to the change.
A background process that runs on a configurable schedule collects and logs configuration changes. The installed default schedule is hourly, meaning that administrators know within an hour about a configuration change. The compliance change tracking feature is always enabled.
The compliance change tracking feature provides the following benefits:
- When a configuration change is related to an enabled compliance policy rule, that rule is run against the objects involved in the change. Administrators receive quick feedback when a change causes a breach or resolves an existing breach.
- When configuration changes cause breaches, the breaches are noted on the change tracking report. In addition, administrators can easily navigate directly from the row in the change tracking report to more detailed breach reports to obtain more details about the breaches.
- Similarly, if the change was made to try to resolve a known breach, administrators receive almost immediate validation about whether the breach was resolved.
For a list of the specific configuration changes that this feature captures, see the section "Which configuration changes are captured by compliance?" in Using Compliance in ViPR SRM.
Back to TopView change tracking report
The Track Configuration Changes report in ViPR SRM shows details about configuration changes in your storage infrastructure.
For each change, the report identifies the date and time of the change, a very detailed description of the change, the affected devices and storage components, and whether the change caused a breach of a compliance rule.
Procedure
- Log in to the Console and navigate to
.
The Track Configuration Changes report opens.
- To sort the report in ascending order by device, click the up arrow in the
Device column header.
The sorted report makes it easier to find a specific device name. It also groups together all of the changes on a particular device.
- To sort the report in descending order by the
# of Breaches column, click the down arrow in that column. If the down arrow does not appear darkened, click it again.
The sorted report makes it easier to discover whether any breaches occurred because of configuration changes. It also quickly shows which changes caused the breaches.
Example change tracking messages
ViPR SRM tracks and reports on configurations changes related to storage components.
The table shows extracts from a Track Configuration Changes report. The example descriptions illustrate the types of configuration changes that are tracked and the level of detail included in the change tracking report.
Back to TopGet more information about breaches
You can go directly from a row in the Storage Compliance Track Configuration Changes report to related device-specific breach reports in ViPR SRM.
The device-specific reports contain troubleshooting information to help you resolve the breaches. They also show the compliance policies and rules that were violated by the configuration change.
Procedure
- Log in to the Console and navigate to .
- To sort the report so that rows containing breaches appear first, click the down arrow in the header of the # of Breaches column.
- To get more information about the breaches that are associated with a configuration change, click anywhere in a row that indicates breaches.
Another page opens with several reports about the affected device.
- The View Breaches report shows details about all breaches on the device, including the severity of the breach and the compliance policies and rules that were breached.
- The Breach Details report shows the breach message and a short recommendation for fixing it.
For example, the following report shows breach details for a fabric device with several zoning best practice violations.
Results
The device-specific reports provide valuable troubleshooting details that can help you fix breaches that occurred because of a configuration change.
Back to TopConfigure change tracking
The compliance change tracking feature is configured with default settings out of the box, and no action is required on your part. However, you might want to change the default settings.
Procedure
- To disable individual events that are tracked for changes:
- Open the following XML file.
/APG/Backends/Compliance-Backend/generic-compliance/conf/compliance-change-events-config.xml
By default, all change tracking events in this file are enabled.
- Use the XML commenting structure to comment out the lines that you want to disable.
- Save the file.
- Restart the Compliance-Backend.
- Open the following XML file.
- To increase the interval for running the change tracking process:
- Open the following file.
/APG/Backends/Compliance-Backend/generic-compliance/conf/config-scheduler.properties
- Locate the following section:
##ChangeGenerator Scheduler:
- Change the scheduler value to your desired interval for running the change tracking process. The default scheduling cycle is every one hour from the time the Compliance-Backend is started. You can increase that interval.
- Save the file.
The new schedule is implemented.
- Open the following file.