Add a Config Management Ruleset to a Device Template

To add a configuration management ruleset to a device template follow the steps below.

1. Log in to Netreo as a user with the SuperAdmin access level.
2. Go to the main menu and select Administration > Templates to open the Device Templates Administration page.
3. Locate the device template to which you would like to add a logging rule and select its edit icon in the ACTIONS column.
4. In the Template Components panel locate the Configuration Management Ruleset table.
5. Select the plus (+) button to add a ruleset.
   
6. On the page that follows:
   
   1. In the TITLE field, enter a name for your ruleset. All configuration ruleset names must be unique.
   2. In the CONTEXT field, enter the section of the device configuration that should be evaluated by the ruleset (you can use a regular expression here to affect multiple sections of the configuration. if necessary). To match the top level context (i.e. no context) enter ^$. This field is used in the commandlet below.
   3. In the RULE(S) section, add conditions that represent the desired state of the device config (regex is allowed in the value field). Click the plus button on the right to add additional conditions (additional conditions use a logical AND, so be careful when constructing your conditions).
      • "Must Have" means that if the device config does not contain the value to the right of the condition, execute the ACTION.
      • "Must Not Have" means that if the device config does contain the value to the right of the condition, execute the ACTION.
      • In the example above, if any device configs affected by this template do not contain the value "keepalive 10" under the specified context "interface GigabitEthernet1\/0\/2", the action is executed on that device config. In this case, the action adds that value to that context.
   4. (Optional) In the ACTION  field, enter the set of commands (commandlet) that you want executed on the device configuration exactly as you would type them on the command line.
      • Connect and disconnect commands are not required, Netreo handles these on its own.
      • Begin the commandlet with a command to enter configuration mode for the device. End the commandlet with a command to exit configuration mode. For each deeper level of context you go (for example, accessing a specific interface) a matching exit command must also be included.
      • When specifying the context in the commandlet, enter $CONTEXT$. Netreo then replaces this with the value entered in the CONTEXT field (see example in image above).
      • No error checking is done on the configuration commands used. Therefore it is imperative that you double-check the commands you enter to avoid doing something destructive.
7. Click the Add Rule button.
8. Now follow the instructions in Re-Apply Device Templates After Editing.

If no commands are entered in the ACTION field of the ruleset, any violations of the ruleset are still picked up by the configuration check and processed as if a configuration change had occurred—even though no changes have actually been made. This means that the violation event is displayed in the config manager dashboard and an alert notification sent out to contacts in the “Default Email Alerts” action group or the action group specified in the Configuration Change Alerts incident management rule. It is then up to an administrator to rectify the configuration of the device manually, if necessary.

You may add as many config management rulesets to your device template as necessary. When finished, it is not necessary to click the Update button on the edit page of the template. This is only required when editing authentication credentials.

If you've added config management rulesets to a device template that is already applied to any devices, navigate back to the Device Templates Administration page using the arrow icon at the top left of the page and reapply your device templates.