network cable, rj45, patch-499792.jpg

Oxidized – Network Configuration Tool

Every year it seems like more and more network devices get installed on our networks. Switches, router, firewall, access points are just a few of the devices that get installed. Each of them has a configuration file that gets setup and stored in the devices when it is setup or when changes are made. So…. how do we manage these configs and backup all these configuration files? We use Oxidized.

Oxidized is a great application that does one thing and does is well. It connects up to all your devices, check the config file to see if it has changed and if it has, it makes a backup copy. The backups are all version controlled and kept in Oxidized. It is them possible to look at all the changes, when the change took place, and restore back to an old version if needed.

Install Oxidized on FreeBSD

You can install Oxidized as a package using pkg on FreeBSD. This will install Oxidized and all the ruby/gem modules required.

# pkg install rubygem-oxidized rubygem-oxidized-script rubygem-oxidized-web

Once installed an oxidized user and group will be created for the service to run under. The directory that will contain the configuration and git repository is at /var/db/oxidized

Oxidized will create a basis config file when started up for the first time. Let’s force it to start up once so it can create it’s default config file and then we can go in and edit it.

# service oxidized onestart

Oxidized will have started up, created it’s default config file and then quit again. If you look into /var/db/oxidized/.config/oxidized there will be a config file now.

Configure Oxidized

A default config file was created the first time Oxidized started up. Now lets go in and edit the config file so it works like we want.

# cd /var/db/oxidized/.config/oxidized
# vi config
username: admin
password: password
model: comware
resolve_dns: true
interval: 3600
use_syslog: true
debug: false
next_adds_job: true
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
next_adds_job: false
  remove_secret: true

    username: admin
    password: password
    username: admin
    password: password

models: {}

pid: "/var/db/oxidized/.config/oxidized/pid"

  directory: "/var/db/oxidized/.config/oxidized/crashes"
  hostnames: false

  history_size: 10

  default: ssh, telnet
  debug: false
    secure: false
    passive: true
  utf8_encoded: true

  default: git
    user: oxidized
    repo: "//var/db/oxidized/git"

  default: csv
    file: /var/db/oxidized/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
      name: 0
      model: 1
      group: 2
      username: 3
      password: 4
      ssh_port: 5
  juniper: junos
  cisco: ios
  h3c: comware
  fortigate: fortios
  force10: ftos

Telling Oxidized what to backup

Create a basic router.db file. This is the file you will add all your devices that you wish Oxidized to backup. In the config file (see the section starting with source:). In this section you can see that we have defined a csv file with the fields as following:


NOTE: The name, model, and group are required but the other field will use the defaults if not included.

I have a HP Comware switch called so lets create a router.db file with that in it. My comware switch used the default username and password so I will leave them out.

# cd /var/db/oxidized/.config/oxidized
# vi router.db

change hte permissions on the file so that Oxidized can read it and no one else. NOTE: this file may contain password so you want to make sure only the Oxidized user can see it.

# chown oxidized:oxidized router.db
# chmod 600 router.db

Enable Automatic Startup

Oxidized has a startup script that enables it to run on startup. Enter the following line to enable it to run on startup.

sysrc oxidized_enable="YES"

Now go ahead and start the service up.

# service oxidized start

If all went well and the service started, you should be able to browse to the host you set it up on at port 8888 as following: http://hostname:8888

Leave a Comment

Your email address will not be published.