1

How
do you track changes made to the network and servers when multiple people are
making changes. We are looking for a nice way to track changes that is
searchable and clean. Right now we are using OneNote and I am sure it will be a
mess in no time.

Within
one note we keep track of all major changes and include when, who, what and
why.

7 Spice ups
2

Getting a proper change management process is a very important thing to have in a company when there are multiple users who are authorized to make changes especially if their work overlaps with one another.

We use a bit of an older process when it comes to change management, however, it works for us and hasn’t failed to hold the right people accountable for both good and bad changes.

In a shared folder we have an excel sheet which just outlines the basics of a change. Who, What, When, Why. This will give you a brief overview of changes, but within that folder, are folders tabbed out by the month, and the process is as follows: A sysadmin wants to make a change. He fills out (Electronically now) a ACD form, this form is a template, it contains questions about the change that you are required to fill out and get approval for. Once the change is approved the ACD form gets placed in the appropriate folder. It has a bit of over head to it, but it helps cut down on a lot of time loss investigating who made what change and when.

I believe there are also software solutions available for change control processes, however, I do not have any experience with them.

3

You may end up with many answers here. Some of my equipment such as routers keep track themselves who changed a setting, provided the users login with their own credentials vs. a generic “admin” username. Logs from such equipment are uploaded to a central syslog server for archiving and can be searched as well. I also generate differential configurations by download a device’s config file, compare to the previously downloaded one and send an email with the differences. This only shows you what changed, though, not who made the change, but it’s something to go by, stored in a Git repo and allows for restoring any previous version if ever needed.

The challenge is that there is no universal method. No two devices will log and inform of changes in the same way. Some don’t have any kind of audit mechanism built in and so you would have to hunt down any changes made (ie by comparing configuration exports) and you may never know who made a change.

You might use a ticketing type system to create, edit and close such tickets so you have a record of who did what. These things are mostly honour system based. If a tech doesn’t create the digital “paper trail” then you will have gaps.

An existing Spiceworks discussion for reference: Free software to track changes on a server

Netwrix comes up a lot when you search for Windows Server auditing. This product may be useful: https://www.netwrix.com/change_auditing_solution.html

1 Spice up
4

@gbeekmans ​ thanks for backing me up! Indeed Netwrix Auditor is quite handy when it comes to your Windows Server auditing. :wink:

I just want to highlight that Netwrix Auditor unified platform is capable to store, search and report all of your auditing data within one single-pane-of-glass-interface, so Netwrix Auditor for Network Devices allows you to have clear view of configuration changes, logon attempts, scanning threats
and hardware malfunctions on Cisco, Fortinet, Palo Alto, SonicWall and Juniper devices within the same interface you use for Windows Server, GPO, File server or SQL server auditing. After 20 days of free trial period you can either choose whether to purchase license or switch to Free Community Edition, which is restricted in comparison to commercial version, yet still quite powerful tool to have at your disposal.

@Netwrix

5

I’m not sure if you’re just looking for a documentation system or whether you also want software that actually detects those changes?

In case it helps, I like EventSentry which gives me a lot of visibility into what’s happening on Windows servers and workstations. Pretty much all relevant changes are detected by it, including services added, software installed, users added/removed to the domain, system files updated and so forth. BUT it also includes a “Notes” feature which lets sysadmins add a note either globally or to a specific host. So you have both the “automatic” changes as well as input from the sysadmins. Unfortunately it does not detect changes made to network devices like routers and switches … which is a bit of a bummer. But it’s really neat otherwise though.

If you’re just looking for a documentation system then maybe this thread on quora helps.

6

Hi,

You can try LepideAuditor as well for automated monitoring of changes. In case, you want to track changes manually then you can check our free IT guides here .

7

When it comes to networking equipment, I save a copy of the config, modify, and save a fresh copy with the modifications. The files are time stamped on the file server as well with my username in the media data.

When it comes to servers, the changes are logged per server in our database created for just this issue.