Forum Discussion
view access policy changes history APM
Hi all ,
I'm wondering if there's a way to view changes in access policy because the message "Apply access policy" is always displayed and I can't remember what I did, so I want to see what the changes are before I apply them.
Thanks in advance .
Hello Mohamed_salah1 ,
I’m not expert with APM , But with my knowledge with ASM you can view the historical changes for each policy.
I want only to add :
> you can view your changes from /var/log/audit
and this KB for more details : https://support.f5.com/csp/article/K09050750
> OR Check this KB for Configuration file change Tracking differences :
https://support.f5.com/csp/article/K53125560
I hope for you to find your optimal solution from one of Community F5 APM experts.
my reply just for help or adding a clue for you
Regards
Hello Mohamed_salah1 ,
I’m not expert with APM , But with my knowledge with ASM you can view the historical changes for each policy.
I want only to add :
> you can view your changes from /var/log/audit
and this KB for more details : https://support.f5.com/csp/article/K09050750
> OR Check this KB for Configuration file change Tracking differences :
https://support.f5.com/csp/article/K53125560
I hope for you to find your optimal solution from one of Community F5 APM experts.
my reply just for help or adding a clue for you
RegardsHi Mohamed,
the "Apply Access Policy" button is a very often misunderstood concept.
Its probably the name itself which makes it so confusing. A rename to "Invalidate memory cached configuration data in APM related services" would make sense, but may confuse much more people... 😉
Some background information:
Whenever you change APM related configuration data, it will immediatly overwrite your bigip configuration files (change-by-change). And depending on the type of change you've just performed, you may also update/add/remove files in BigIPs Filestore and/or in external directories where APM related services reading their configuration data.
You dont have a "lets say: staged configuration" which replaces at some point a "lets say: master configuration". The "Apply Access Policy" button executes more or less just a partial config reload for a given Access Policy. Instead of clicking on "Apply Access Policy" you could alternatively restart your entire system, the outcome would be the same. The latest configuration would be active and the "Apply Access Policy" message is gone...
How to figure out the changes caused the "Apply Access Policy" message to appear:
BigIP or APM has unfortunately no build-in tool, to analyse historical changes made either directly to a given Access Policy or to referenced configuration items (e.g. AAA objects used by one or more Policies). Both types of changes may cause the the "Apply Access Policy" message to appear.
If you are interested to see which recent APM related changes where made to your unit, you could crawl your BIG-IP Audit Logs or read BIG-IP Change Tracker files for APM related changes:
How to find recent changes to the configuration (f5.com)
Overview of BIG-IP configuration historical change tracking (config_diff) (f5.com)
But those two utilities are most likely very hefty to use. Especially if you reorganize a VPE you may end up with a lot change-by-change outputs without any assistance to understand the big picture of VPE graphical workflow.
Just trust me when I say that you will most likely start to hate those tools, if you have to use them frequently. Implementing good organisational practises how to change and maintain BigIP configurations is probably less time consuming and more effective... 😉
Cheers, Kai
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com