| At our site we use the venerable RANCID system to backup and audit some of our network device configurations, along with subversion as the storage backend. Sadly the built in subversion diff tool is not particularly sharp, nor configurable. However subversion allows override and the choice to use an external "diff command". I wrote a short Perl script to diff two Cisco IOS style configuration files in a more intelligent way. The script is aware of Cisco IOS configuration 'sections' - groups of lines which are related, beginning either with the same words (e.g. ip access-list), or instead having all except the first line indented (e.g. an Interface configuration). Output shows new sections, removed sections, and also when a section changes you get a traditional +/- diff but including full context of surrounding section lines. This is helpful because normally you wouldn't see, for example, which Interface a changed line was within. If you download the following script to your local filesystem, then set the RANCID user's ~/.subversion/config to contain a diff-cmd=ios-config-diff entry, subversion will do the right thing. https://svn.oucs.ox.ac.uk/people/oliver/pub/rancid/trunk/contrib/ios-config-diff As well as the standard contents of the Perl distribution, you'll need to install the following additional modules:
Options and CaveatsYou'll need to be referring to devices by IP address and not host name in your RANCID routerdb. Otherwise, the script will just call your system's diff utility and you'll see the output of that instead.The script will try to read a file at /etc/ios-config-diff-ignore for a list of devices to ignore. If the IP address of the device having its configuration diffed is in the file, the script exits silently. If the file is missing or unreadable, the script continues to run as normal; no error is emitted. Naturally, the script was written for a particular environment and circumstance, and may not work so well for you. If the script doesn't quite do what you want, and you lack the ability to fix that yourself, please send me an email explaining the suggestion and I'll see what I can do to help. If you find a bug or misfeature in the script, then of course I'd like to know. Equally, if you add a feature and want to contribute a patch so others may benefit, then please do drop me a line. TODOIt would be nice to be able to use this script from the command line independently of subversion, on any two files. Probably a good point to patch Getopt::Long into the script.The script should probably cope better with more heterogeneous environments, e.g. fall back more readily to traditional diff if the config doesn't look very 'Cisco'. |
IOS Config Diff Script |