PART 3: Determining which Configs are older than a threshold.
There are already reports available from NCM. Some of them tell you the status of devices in NCM. For example, the report Backup Status of Running Config will tell you of nodes in NCM, what is the most current date of the running configs backups (or never). In many ways, this report is very similar to that.
A difference is that in this report, you set a threshold data and time to compare against, which eliminates all devices with newer configs from the report, so only the older ones are present. Similar to the report in NCM already, where there are NULL values for the Date/Time of the most recent report, I substituted the word 'Never'. But when doing a comparison of dates, 'Never'' and NULL do not work, so for comparison sake, I used a date from the past likely would not show up on a config. If you have configs from 1985, feel free to change that to 1885. Also, this report links to the Nodes table, which has all nodes in NPM, not just the ones in NCM.
DECLARE @DTPoint AS datetime = CONVERT (datetime,'2019-02-01 08:00:00')
DECLARE @DTNull AS datetime = CONVERT (datetime,'1985-10-21 01:20:00')
SELECT [n].[NodeID] ,[n].[Vendor] ,[n].[IP_Address] ,[n].[Caption] ,[a].[ConfArchDtTm]
FROM [dbo].[Nodes][n] WITH(NOLOCK)
JOIN ( SELECT [c].[NodeID] ,[c].[CoreNodeID] ,[ConfArchDtTm]=ISNULL( CONVERT(nvarchar(20),[x].[ConfArchDt&Tm]), 'Never') FROM [dbo].[NCM_Nodes][c] WITH(NOLOCK) LEFT JOIN ( SELECT [ConfArchDt&Tm]=MAX([DownloadTime]) ,[NodeID] FROM [dbo].[NCM_ConfigArchive] WITH (NOLOCK) GROUP BY [NodeID] ) [x] ON [c].[NodeID]=[x].[NodeID] WHERE ISNULL( [x].[ConfArchDt&Tm], @DTNull) < @DTPoint )[a] ON [n].[NodeID]=[a].[CoreNodeID]
WHERE [n].[Vendor] in ('Cisco','Palo Alto Networks', 'Riverbed Technology') AND NOT [n].[IOSImage] = 'CIMC' AND NOT [n].[IOSImage] = 'Cisco IMC' AND NOT [n].[MachineType] LIKE 'Cisco Unified%'
ORDER BY [n].[Vendor], [n].[Caption]
Output:
So, we see in the results that two nodes have been backed up before, but not since May of Last Year. Those are not showing up on my daily jobs, so it is likely that these have not changed in the past 8 months. However, it indicates that the monthly full back up of all configs must miss these, so I should take a look at my job definition, to figure out why these are being missed. It is not likely that the login credentials are incorrect, because if so, then they should show up on my daily backup job report. Several devices are shown as have never been backed up, which is a feature you saw in Part 1. but anyway, this shows I still have work to do.
Lines 1-2 are defined variables needed to do the query. @DTPoint serves as your threshold. In this example, I want to know the devices whose most recent config is older than February 1 at 8:00 am. Set @DTPoint to your threshold date. Set @DTNull to some date/time earlier that @DTPoint (for example, October 21 1885). @DTNull is just used for a comparison to allow NULL dates (there is no config backed up) to be included when compared against the DTPoint.
Lines 16-19 create a table using NCM node IDs and the most recent Config (doesn't care about type of config (running, start-up, edited).
Lines 11-21 join the table from 16-19 to NCM_Nodes, which allows us to get to NPM NodeIDs, and finds which NPM Nodes isn't in the table from lines 16-19. It also adds the word "Never" for Null values, and converts the date value into a string of characters.
Lines 3-10 and 22-27 are pretty much the same as Parts 1 and 2.