/
How to Configure Revision Control System Monitoring (RCS)

How to Configure Revision Control System Monitoring (RCS)

The Revision Control System (RCS) provides information on all configuration changes to your system and is available on both the box and CC levels. On a Control Center, you can configure and run the RCS separately both on the box and/or the CC level for the configuration of the managed appliances.

Once activated, the RCS puts a copy of every configuration set into its own storage. Because the number of created copies increases with each configuration change, the RCS provides the option to restore an earlier version of stored configurations upon request. The RCS can also generate reports to help monitor configuration changes.

Note that operating the RCS on the CC level can take a lot of memory and storage if the Control Center manages a large number of appliances. This can also slow down your Control Center accordingly.

In the case of a Control Center, it is recommended to check the log file for progress.

Functioning and Limitations of the RCS System

The RCS system is disabled by default. If you want to use the RCS system, you first must enable and configure it to match your requirements. After disconnecting and reconnecting to your appliance via Firewall Admin, you can then create RCS reports selectively for any configuration node. When activated, RCS logs all configuration changes on a configuration tree node or service.

How to Configure and Use the Revision Control System

The Revision Control System provides the following options:

  1. Activating and configuring the RCS.

  2. Viewing RCS content versions.

  3. How to create a report based on the changes.

  4. Reverting a configuration to a specific version.

1. Activating and Configuring the RCS

  1. Log into your firewall / Control Center.

  2. (On the box level): Go to CONFIGURATION > Box > Administrative Settings.

  3. (On the CC level): Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > CC Parameters.

  4. In the left menu, select RCS Setup.

  5. Click Lock.

  6. From the Version Control System list, select Enable.

  7. Define the following RCS settings:

    • Log Change Differences – Enables or disables the RCS log (file name: servicename_changes) of all configuration changes.

    • Log Creation Differences – Specifies how configuration changes are logged. You can select one of the following settings:

      • Disable – Log change differences will be ignored.

      • Difference-to-Default – Only differences to the default settings are listed.

      • Full-Info – Every configuration option is listed.

      • None – Only changes are listed.

    • Log Removal Differences – Specifies how to log file removals. You can select one of the following settings:

      • Difference-to-Default – Only differences to the default settings are listed.

      • Full-Info – Every action is listed.

      • None – The removal of files is not listed.

    • Report Processing Script – You can enter a script to automate the transmission of change reports to other destinations. The shell script can invoke Secure Copy (scp) or email delivery. See the table in the following paragraph for some scripting examples.

    • Force RCS Change Message – To enter a comment for every RCS check-in, select yes.

  8. Click Send Changes and Activate.

rcs_improvements_rcs_setup.png
Report Processing Script Examples

The following table displays examples of scripts that you can enter in the Report Processing Script table for transmitting your change reports via scp or mailclt. In your script, use the $REPORT variable. The name of the report file is stored in $REPORT.

Scripts are triggered for execution each time a change is made to a configuration setting.

Method

Example Script

Method

Example Script

scp

scp "$REPORT" root@recipient.com

mailclt
Note that the SMTP server must be entered as an IP address. Entering host names is not allowed.

/opt/phion/bin/mailclt
-f
sender@sender.com
-r
recipient@recipient.com
-s
"change"
-m 192.168.0.1 -a
"$REPORT"

Activate the RCS by disconnecting and then reconnecting to the Barracuda CloudGen Firewall. Click Disconnect and then click Connect. After configuring and activating RCS, you can view change reports for each configuration tree node.

2. Viewing RCS Content Versions

After a change has been made to a specific node, the new configuration set will replace its preceding version. After a change to a configuration node, you can inspect all revisions that the RCS has stored.

This example assumes that you have made changes to the Network node.

  1. Log into your firewall.

  2. (On the box level): Go to CONFIGURATION > Configuration Tree > Box > Network.

  3. (On the CC level): Go to CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Boxes > your box > Network.

  4. Right-click the Network node.

  5. A pop-up menu list is displayed that shows all valid options associated with the node.

  6. Click Show RCS Versions... in the list.

rcs_improvement_menu_list_show_rcs_versions.png

  1. The RCS Versions window is displayed.

rcs_improvements_rcs_versions_selected.png

 

Note that the last two versions are always preselected for your convenience.
However, if you want to compare other versions, you can always modify your selection by clicking on the preferred two versions in the list.

Contact Us
Barracuda Campus
Barracuda Support