In dynamic network environments, engineers often make quick changes directly to a device’s running configuration to resolve issues or apply updates. But if those changes aren’t saved to the startup configuration, they’ll be lost on the next device restart—potentially causing outages or security gaps.

This oversight can lead to:

• Devices booting with outdated configurations
   
• Outages and service disruptions
   
• Security vulnerabilities if critical policy changes aren’t retained
   

Manually verifying that all running configs are saved can be time-consuming and error-prone, especially in large environments. Forward Networks’ Network Query Engine (NQE) simplifies this process by automatically comparing the running and startup configurations across devices in your network.

Prerequisites

• Access to Forward Enterprise with NQE enabled
   
• Cisco devices modeled in Forward Networks
   
• Network Admin role to create custom commands
   
• Add the following Custom Commands (requires Network Admin Role)
  • show startup-config 
  • show running-config 
     

Documentation: NQE Overview

How the Query Works

This NQE query:

• Leverages native Cisco commands to compare the running and startup configurations
   
• Retrieves the system-reported differences between the two configs
   
• Filters out noise and non-actionable differences to highlight only meaningful configuration changes
   

This approach allows you to quickly pinpoint devices where changes have not been saved, enabling proactive remediation.

Step-by-Step: Check for Unsaved Changes

Step 1: Open NQE

Go to Analyze → Network Query Engine in Forward Enterprise.

Step 2: Add a New Query

Paste the following NQE script into a new query:

exceptionsList = l
  "Current Configuration ...",
  "",
  "boot system.*"
];

exceptions(line) = 
foreach item in exceptionsList 
where hasMatch(line, regex(item))
select line;

flatten(outer) =
  foreach list in outer
  foreach item in list
  select item;

config(device, show) =
foreach command in device.outputs.commands
where command.commandText == show
let response = parseConfigBlocks(device.platform.os, command.response)
  let text = (foreach line in response
              let lines = if length(line.children) == 0
                          then  line.text]
                          else  line.text] + flatten(foreach line1 in line.children
                               select if length(line1.children) == 0
                                      then  line1.text]
                                      else  line1.text] + flatten(foreach line2 in line1.children
                                                    select if length(line2.children) == 0
                                                          then  line2.text]
                                                          else  line2.text] + flatten(foreach line3 in line2.children
                                                                        select if length(line3.children) == 0
                                                                              then  line3.text]
                                                                              else  line3.text] + flatten(foreach line4 in line3.children
                                                                                            select if length(line4.children) == 0
                                                                                                  then  line4.text]
                                                                                                  else  ""]))))
            foreach item in lines
            where item not in exceptions(item)
            select item)
foreach line in text 
select line            
;
foreach device in network.devices
let runningConfig = config(device, "show running-config")
let startupConfig = config(device, "show startup-config")
let uncommitted = runningConfig - startupConfig
let removed = startupConfig - runningConfig
select {
  violation: runningConfig != startupConfig,
  device: device.name,
  os: device.platform.os,
  uncommitted,
  removed
}

This query checks for differences between the two configurations and adds a clear status label. 

Step 3: Review the Results

The results table shows:

• Device name
   
• Violation on devices where config files don’t match 
   
• Lines that are uncommitted to or removed from the startup-config
   

Focus on failing devices to prioritize saving critical updates.

What’s Next?

This same method can be extended to:

• Audit configuration consistency across other vendors, provided they offer similar commands that can be collected, parsed, and reported on
   
• Check for specific unsaved critical changes (e.g., ACLs, SNMP settings)
   
• Integrate with workflows to automate notifications to network teams
   

Why It Matters

Failing to commit configuration changes is an oversight that can have major consequences. With Forward Networks and NQE, you can proactively detect unsaved changes across your Cisco devices—reducing risk of:

• Service outages after device reboots
   
• Security policy rollbacks
   
• Lengthy troubleshooting due to “mysterious” config reversion
   

By catching these issues early, your team can ensure configuration changes are properly committed and your network remains stable and predictable.