Introduction
Observability tools have historically focused on logs and metrics, but not configuration information. This is surprising given how often configuration changes lead to outages as well as their potential to create security vulnerabilities.
Enter the Selector Configuration Compliance solution. Operations teams can now audit configuration changes, correlate configuration changes to anomalies, and search for the presence or absence of specific configuration statements. Operations teams can be configuration commandos, with an elite understanding of configuration changes, state, and consequences.
Anomaly Detection
The Basic Workflow
- A configuration change occurs
- A syslog event monitor invokes an automation webhook, for example Rundeck/Ansible
- The entire configuration is retrieved from the affected device and stored in a repository
- The repository does a diff between the old config and the new config
- Selector Analytics stores both the diff and the new configuration
- Selector Analytics correlates the diff to any relevant anomalies
- Selector Analytics highlights the correlated incident to users
- Selector Analytics users can drill down on all correlated information including diff and whole configuration
Greater Clarity and Efficiency
Through this workflow, anomaly detection is much richer, and correlated to likely causes whether it is a fault in the network or a configuration change. Instead of operations teams having to guess at what are the likely sources of anomalies, there is greater clarity, more efficient triage, lower mean time to detect (MTTD), and lower mean time to repair (MTTR). With the impact of the configuration change identified, operations teams can rollback the change if needed, using an approved process.
This solution highlights the strength of the Selector Analytics architecture, capable of correlating any data source or data type, including configuration changes.
Configuration Search / Validation
Be Prepared for Any Network Situation
Ever been in a situation where you are about to go live with a major new network segment and/or change, and wondered if every configuration was set the way it needed to be?
No problem, now you can do a configuration search for the absence or presence of any configuration element.
- Show me the devices that have this BGP statement.
- Show me the devices that do not have this ACL statement.
All with a natural language query. A Selector customer recently used this capability before going live with a major, highly visible media event, and were very pleased they did.
List all the devices that do or do not have a specific configuration statement.
Configuration Audit
Increase Performance and Security
As with many Selector analyzed events, a timeline is constructed so that Selector users can explore a timeline, see correlations, and do drill downs as needed.
With the Selector Configuration Change Timeline, operations teams can see when a change was made, what the change was, and who/what made the change. As automation becomes more prevalent, the frequency of changes are likely to increase. Buried in such changes may be configuration changes made by hackers that create significant security vulnerabilities. A configuration change trace / timeline is essential as configuration changes are among the most common sources of outage, performance degradation, and increasingly, security exposures.
Schedule Your Free Demo Today
Find out firsthand how Selector can help you reduce network management complexity, reduce MTTR, and lower operational costs.