Skip to content

Audit

The Audit module provides a suite of tools designed to investigate the network state, search through configurations, and monitor device behavior without altering the live environment.

Data gathering

This tool allows you to retrieve operational state data (non-configuration data) from your devices in real-time. It is particularly useful for generating network-wide reports like "List all MAC addresses" or "List all LLDP neighbors".

Usage

The query builder allows you to fetch multiple types of data simultaneously.

Data Gathering Query Builder
Selecting multiple data collectors (MAC Table, VLANs) for a specific scope.

Workflow:

  1. Pattern: (Optional) Filter the raw output if supported by the collector.
  2. Data Selection: Use the dropdown to select one or more collectors (e.g., Get VLANs, Get MAC address table).
  3. Scope: Select the Sites and Devices to query.
  4. Fetch: Click Fetch data to connect to the devices and retrieve the live state.

Results visualization

Once the data is retrieved, Avalon offers two perspectives to analyze the results. You can toggle between them using the buttons above the results table.

A. Services View This view groups data by Data Type. It is ideal for global audits (e.g., "Show me the MAC address table of the entire site").

  • The devices become a column within the table.
  • You see one consolidated table per requested service (e.g., one table for all MACs, one table for all VLANs).

B. Devices View This view groups data by Physical Device. It is ideal for health checks on specific equipment.

  • The interface creates a block for each device.
  • Inside each device block, you see specific sub-tables for every service requested (e.g., ACCESS-1-1a shows its own MAC table, then its own VLAN table).
Data Gathering Device View
The 'Devices' view organizing data per equipment.

Export: Regardless of the selected view, you can click Export all to download the structured data in CSV/Excel format for external processing.

Explore configurations

This tool acts as a search engine across your backup repository. It allows you to find specific configuration lines across hundreds of files without opening them individually.

Usage

  • Pattern: Enter a text string or Regex (e.g., telnet, password 7, 192.168.1.1).
  • Scope: Select the sites or device types to search.
Configuration Search Results
Searching for 'telnet' usage across the site configuration backups.

Results

The table displays the match status for each device.

  • Pattern match: Shows whether the string was found.
  • Download: You can download the specific configuration file directly from this view.

Compare configurations

The Compare tool provides a visual "Diff" between two configuration files.

Usage

  • Change Validation: Compare the running-config of a device at two different dates (e.g., "Before" vs "After" maintenance).
  • Standardization: Compare the configurations of two similar devices (e.g., ACCESS-1-1a vs ACCESS-1-1b).
Configuration Diff
Visual comparison highlighting additions (green) and deletions (red).

Visual indicators

  • Green Lines present in the right file but missing in the left (Additions).
  • Red Lines present in the left file but missing in the right (Deletions).

Devices logs

This section provides a centralized interface to search through Syslog messages exported by devices to Avalon.

Usage

You can narrow down the search using:

  • Pattern: Keyword search (e.g., link-flap, OSPF, user-login).
  • Time Window: Start date and End date.
  • Scope: Specific Sites or Devices.
Device Logs Search
Historical view of syslog messages matching a specific pattern.

Mail alerts

While Devices logs is for historical investigation, Mail alerts allows for proactive monitoring. You can configure Avalon to send an email notification immediately when a specific log pattern is detected.

Creating an alert

  1. Alert Type: Currently supports Device Logs.
  2. Alert name: A descriptive name for the alert.
  3. Recipient / Send to: Select the email address to notify.
  4. Pattern: The Regex or string to watch for (e.g., root, fan fail).
  5. Devices to watch: Define which devices to monitor.
Creating a Mail Alert
Configuring a proactive alert for STP Topology changes.

Email example

When triggered, the email provides the context required for troubleshooting: the Device IP, the matched pattern, and the raw log line.

Mail triggerd by STP alert
Mail triggered by STP Root change.

Compliance

The Compliance view performs a consistency check on devices operational states.

Usage

Currently Avalon supports VLAN Mismatches on trunk links.

Compliance Audit View
Audit report showing symmetric (valid) and asymmetric (mismatch) links.

Column details

  • Source/Destination: The two endpoints of the link.
  • VLAN Mismatch: Lists VLANs that are allowed on one side but missing on the other.
  • State:
    • Symmetric The configuration matches on both sides.
    • Asymmetric A configuration mismatch was detected (e.g., VLAN 10 missing on one end).