[rancid] Re: Need to know if mutiple usernames can be set in the.clogin file

Justin Shore justin at justinshore.com
Tue Jun 26 11:59:27 UTC 2007 

The output is pretty basic.  The first couple of lines are CVS output 
lines that pertain to the filename in the repository and what revisions 
are being diffed to generate the overall output.  I'm not exactly sure 
what the next line is (I'm not a CVS buff) but it's essentially telling 
you what line in the file the snippet of diff output came from or 
something along those lines.  You can just ignore those lines.  The real 
meat of the diff is the +/- lines.  As you can tell "ip http server" was 
removed from the file (note the "-") and "no ip http server" was added 
to the config (note the "+").  Everything else around the +/- lines are 
there for context essentially, so you can see in the file where the 
changes have been made.  Try adding a 20 line ACL and rerun rancid-run. 
  Then make a few changes in the middle of the ACL.  You'll see how it 
works pretty quickly.  It will be evident once you start using it.

Justin


Jayaraj, Chandrasekaran wrote:
> Hi All ,
> 
> Thanks for all your inputs .It was an eye opener for me . I will have to
> make this work with my current cisco tacacs configuration that I have .
> 
> But still I see a good amount of information using the GUI on what has
> changed. 
> 
> By the way can anyone say what are these lines (sample of my diff
> output)
> 
> Index: configs/10.132.17.66
> ===================================================================
> retrieving revision 1.7
> diff -U4 -r1.7 10.132.17.66        
> @@ -498,9 +498,9 @@     - I don't understand what this line means
>    no ip address                 - Also it always shows these 3 lines.
>    no ip route-cache
>    shutdown
>   !
> - ip http server
> + no ip http server
>   !
>   ip access-list extended Core_marking_AF12_Admin
>    permit tcp any any eq smtp
>    permit tcp any eq smtp any
> 
> While actually what I changed on the switch was the lines after the +
> sign .
> 
> Anyone have a document on how to understand this output ?  ( I am aware
> of the cvs-web and its cool but I would to like this to explain this
> thing to my managers who will see this email stuff only ) 
> 
> warm regards,
> ------------------------------------------------------------------------
> -----
> Chandrasekaran J
>  
> ------------------------------------------------------------------------
> -----
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net] 
> Sent: Monday, June 25, 2007 10:59 PM
> To: Jayaraj, Chandrasekaran
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set
> in the.clogin file
> 
> Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
>>
>> Hi ,
>>
>> Thanks for the swift response . We do have cisco tacacs installed
> using
>> ACS.
>>
>> Even when we have that there may be multiple users who will be a part
> of
>> the authentication group who will actually have level 15 access . 
>>
>> So say for eg we have a group called noc-users and there are 3 users
>> namely user1 ,user2 ,user3 who will have privilege 15 access . 
>>
>> But currently my cloginrc file has the entry in below format
>>
>> add user *      user1 and 
>>
>> add password * testpwd enabletestpwd
>>
>>
>>
>> So how can I check if I login as a user2 and do some change ? 
> 
> each user has their own HOME and  $HOME/.cloginrc.
> 
>> Currently all I get from rancid is that a diff output mail with the
>> difference and no mention of the username doing the change .
> 
> The others are correct, there is no attribution and no way to be certain
> of
> it without tacacs (or radius?) login and command accounting.  You can
> further
> associate specific changes with rancid by using SEC; see the rancid FAQ,
> section 3 question 5.  With the time from the accounting logs, you can
> approximately determine the user; approximate because multiple change
> could
> occur in the time taken for the collection.
> This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
> without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
> interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
> damage caused by this email and may monitor email traffic.
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
>

More information about the Rancid-discuss mailing list