How to Identify Changes in ACI Fabric Behavior | Exam 300-620-DCACI

A.

If an ACI administrator notices a change in the behavior of the fabric, it is important to determine if a human intervention introduced the change. This is because unauthorized or accidental changes can have serious consequences, such as disrupting services or compromising security. To determine if a human intervention introduced the change, the administrator can take the following actions:

A. Inspect event records in the APIC UI to see all actions performed by users. The APIC UI provides an event viewer that displays information about all events that have occurred in the fabric. This includes events related to user actions, system events, and faults. The administrator can use this information to determine if any user actions have been performed that could have caused the change in behavior. However, this method may not provide a complete record of user actions, as some actions may not generate events.

B. Inspect /var/log/audit_messages on the APIC to see a record of all user actions. The audit_messages file on the APIC contains a record of all user actions, including commands executed in the CLI and actions performed in the GUI. This provides a complete record of user actions and can be used to determine if any unauthorized or accidental changes were made. However, this method requires access to the APIC shell and knowledge of Linux commands.

C. Inspect audit logs in the APIC UI to see all user events. The APIC UI also provides an audit log viewer that displays a record of all user events, including login and logout events, configuration changes, and other actions. This provides a complete record of user actions and can be used to determine if any unauthorized or accidental changes were made. However, like the event viewer, this method may not provide a complete record of user actions.

D. Inspect the output of show command history in the APIC CLI. The show command history command in the APIC CLI displays a history of all commands executed in the current session. This can be used to determine if any unauthorized or accidental changes were made, but only if the administrator was logged in at the time of the change. In addition, this method only provides a record of commands executed in the CLI and does not capture actions performed in the GUI.

In summary, the most comprehensive method to determine if a human intervention introduced a change in the ACI fabric is to inspect the audit_messages file on the APIC. However, the administrator may also use other methods, such as the event viewer, audit log viewer, or command history, to gather additional information.