cancel
Showing results for 
Search instead for 
Did you mean: 

NeSight Console - Using Command Script Tool

NeSight Console - Using Command Script Tool

Edson_Moura
New Contributor
To use Command Script Tool is necessary to configure a username and password in NetSight Authorization/Device Access and Profiles/Credentials-->CLI Credentials.
How can I to hidden my password on CLI Credentials to that another person don't see it?

de5187b31c79431fac81a5b17e6bf963_RackMultipart20140725-10747-1al1ewa-commandscripttool_inline.png


de5187b31c79431fac81a5b17e6bf963_RackMultipart20140725-13203-6i977j-netsight_inline.png



6 REPLIES 6

Edson_Moura
New Contributor
Thank you, guys!

John_Kaftan
New Contributor III
I think you could disable the feature "Show Passwords in Clear Text" for all of your user groups. Then you would also have to figure out how to make it so that nobody else can turn on this feature, i.e. you have to play with the settings under Authorization/Device Access to get what you are looking for.

When I need to use this feature I use my username and password for the CLI config. Then I go in and change it to something else when I am done. Not ideal because another admin can see my stuff while I am doing the work but at least that way I minimize my exposure.

4033c53bc85a45549b882031f5f11c86_RackMultipart20140728-31835-16sdsfg-cleartext_inline.gif


Ronald_Dvorak
Honored Contributor
OK so the requirement changed from "not see pw" to "track who changed the config".

I assume you not only want to see who changed the switch config but also what was changed = logg the complete CLI commands that were used by that user.

In the Netsight Console log you could see which Netsight user has executed the script tool,
In this case the root user but you also could see the hostname of the PC=AT00298W,

c6ed866bb0434aad946e5dffbb2dcc08_RackMultipart20140728-12835-nyud18-execute_script_inline.png



If you now enable syslog logging on your devices you'd send all CLI changes to Netsight....

c6ed866bb0434aad946e5dffbb2dcc08_RackMultipart20140728-31595-dkpqsc-syslog_CLI_inline.png



I know that isn't a great solution to your problem as you'd need to manualy search for the Netsight user and which changes were done.

Might be that someone else has a better idea.

Ron

Edson_Moura
New Contributor
Thanks Ronald. I appreciate your sugestion.

I've already used Authorization Groups, but, I my network, there are several admin users that could to use usename "NOC" to change the configuration of the switches, so I would lose the track that which person has made the configuration in my network.

IMO, the Command Script Tool should request a username and password during the time I was doing the configuration on the switches.

Thanks for your help.

Edson Moura

GTM-P2G8KFN