This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NeSight Console - Using Command Script Tool

NeSight Console - Using Command Script Tool

Edson_Moura
New Contributor

‎07-25-2014 06:05 PM

To use Command Script Tool is necessary to configure a username and password in NetSight Authorization/Device Access and Profiles/Credentials-->CLI Credentials.
How can I to hidden my password on CLI Credentials to that another person don't see it?

de5187b31c79431fac81a5b17e6bf963_RackMultipart20140725-10747-1al1ewa-commandscripttool_inline.png


de5187b31c79431fac81a5b17e6bf963_RackMultipart20140725-13203-6i977j-netsight_inline.png



0 Kudos
6 REPLIES 6

Edson_Moura
New Contributor

‎07-29-2014 11:41 AM

Thank you, guys!

0 Kudos

John_Kaftan
New Contributor III

‎07-28-2014 04:36 PM

I think you could disable the feature "Show Passwords in Clear Text" for all of your user groups. Then you would also have to figure out how to make it so that nobody else can turn on this feature, i.e. you have to play with the settings under Authorization/Device Access to get what you are looking for.

When I need to use this feature I use my username and password for the CLI config. Then I go in and change it to something else when I am done. Not ideal because another admin can see my stuff while I am doing the work but at least that way I minimize my exposure.

4033c53bc85a45549b882031f5f11c86_RackMultipart20140728-31835-16sdsfg-cleartext_inline.gif


0 Kudos

Ronald_Dvorak
Honored Contributor

‎07-28-2014 01:33 PM

OK so the requirement changed from "not see pw" to "track who changed the config".

I assume you not only want to see who changed the switch config but also what was changed = logg the complete CLI commands that were used by that user.

In the Netsight Console log you could see which Netsight user has executed the script tool,
In this case the root user but you also could see the hostname of the PC=AT00298W,

c6ed866bb0434aad946e5dffbb2dcc08_RackMultipart20140728-12835-nyud18-execute_script_inline.png



If you now enable syslog logging on your devices you'd send all CLI changes to Netsight....

c6ed866bb0434aad946e5dffbb2dcc08_RackMultipart20140728-31595-dkpqsc-syslog_CLI_inline.png



I know that isn't a great solution to your problem as you'd need to manualy search for the Netsight user and which changes were done.

Might be that someone else has a better idea.

Ron

0 Kudos

Edson_Moura
New Contributor

‎07-28-2014 11:51 AM

Thanks Ronald. I appreciate your sugestion.

I've already used Authorization Groups, but, I my network, there are several admin users that could to use usename "NOC" to change the configuration of the switches, so I would lose the track that which person has made the configuration in my network.

IMO, the Command Script Tool should request a username and password during the time I was doing the configuration on the switches.

Thanks for your help.

Edson Moura

0 Kudos
GTM-P2G8KFN