Netshot Configuration and Compliance Management Software

We live in a time of intent, automation, orchestration and a lot of wonderful tools that promise to make the life of network engineers easier.

Sometimes reality is simpler and maybe less fascinating, real problems need to be solved quickly with a small budget.

The specific case I discuss here is a medium network, around a hundred devices. The problem is to create an inventory of all the devices, backup configurations and verify all the boxes have the correct syslog, ntp and timezone configuration.

This is a problem tools like Ansible , Napalm , Netmiko can fix but they require coding and Linux skills that sometimes are not available.

Thanks to Twitter I discovered Netshot .


Netshot has many features, I used:

  • Configuration backup and history
  • Network Inventory
  • Configuration compliance
  • Change automation

Supported devices

Start the configuration creating device credentials

then run a network scan to add/discover devices

After the scan it is useful to create groups based for example on device model


Compliance feature is simple but powerful. After a configuration backup it runs a check against some parameters to verify ii matches some criteria.

For example to test all the devices have the correct NTP server the test is very simple

The compliance report show devices not matching the rule

Detail of the specific switch compliance

Run Script

After checking compliance it is possible to run some command on the devices to apply some changes and make them compliant

Task Schedule

Netshot allows to schedule tasks like subnet scan, configuration snapshot and compliance check to automatically run the scripts

Wrap up

In this post I discussed only a few features of NetShot. It is possible to contribute to the project, source code is available on Github .

Netshot is easy and fast to install and configure and provides a set of tools that help a network admin to manage devices configuration. It is not meant to be a replacement of products like Cisco DNA Center or Solarwinds Orion but it is a very useful tool.

There is a feature request for LibreNMS to implement the same compliance feature of NetShot, it would be very welcome indeed.

Twitter thread about netshot


Shared on Etherealmind