RANCID
RANCID is a tool that can monitor configuration changes on network devices, and mail the diffs periodically. It's installed on netmon1001 from the (rather alpha-quality) Debian/Ubuntu packages.
Rancid configuration is in /etc/rancid/ and /var/lib/rancid/.
Equipment notes
Foundry
For security reasons, rancid is given a specific user account rancid with read-only privileges, but (most) EXEC level commands work:
username rancid privilege 5 password .....
RANCID is configured to expect an enable prompt on login. Foundry switches need to be setup for this:
aaa authentication login default local enable aaa authentication login privilege-mode
However, RANCID disables output paging before executing commands, with skip-page-display. However this command is not available in privilege level 5 by default. Fix that:
privilege exec level 5 skip-page-display
Also not available is the command write terminal. Unfortunately it's not possible to allow this command without also allowing "write memory". Therefore francid can be altered to use show run instead.
Juniper
The following configuration seems to work on JUNOS:
system { login { class rancid { permissions [ view view-configuration ]; } user rancid { uid 2001; class rancid; authentication { encrypted-password /* SECRET-DATA */; ## SECRET-DATA } } } }