[rancid] rancid with Fortigate FG100A

Diego Ercolani diego.ercolani at ssis.sm
Mon Jan 31 09:09:59 UTC 2011


Hi.
I've already submitted patch to accomplish fortinet. Here it is the relevant 
post:
http://www.shrubbery.net/pipermail/rancid-discuss/2009-June/004005.html

if you see in the mailing list there are time to time modifications.

Hope this help
Diego

In data domenica 30 gennaio 2011 18:02:34, Gavin McCullagh ha scritto:
> Hi,
> 
> we're just starting to use Rancid and have started off with a Fortigate
> FG100A firewall.  Regrettably, the existing scripts (nlogin, fnrancid)
> don't quite work with it.
> 
> I've managed to patch those to get what seems to be a working setup (see
> below).  The prompt is different, the get config command is slightly
> different and you need to strip out the "System time" from the status or
> else you get a patch every hour.
> 
> Would it be of interest to add support to the project?
> 
> Gavin
> 
> 
> --- nlogin	2011-01-27 17:19:04.000000000 +0000
> +++ fglogin	2011-01-30 15:00:21.000000000 +0000
> @@ -482,7 +482,7 @@
>      set router [string tolower $router]
>      send_user "$router\n"
> 
> -    set prompt {-> }
> +    set prompt " #"
> 
>      # Figure out passwords
>      if { $do_passwd || $do_enapasswd } {
> @@ -557,7 +557,7 @@
>  	    continue
>  	}
>      } elseif { $do_script } {
> -	send "set console page 0\r"
> +	#send "set console page 0\r"
>  	expect -re $prompt	{}
>  	source $sfile
>  	catch {close};
> 
> 
> 
> --- fnrancid	2011-01-30 15:48:57.000000000 +0000
> +++ fgrancid	2011-01-30 15:49:48.000000000 +0000
> @@ -59,7 +59,7 @@
>  $file = $opt_f;
>  $host = $ARGV[0];
>  $found_end = 0;
> -$timeo = 90;				# nlogin timeout in seconds
> +$timeo = 90;				# fglogin timeout in seconds
> 
>  my(@commandtable, %commands, @commands);# command lists
>  my($aclsort) = ("ipsort");		# ACL sorting mode
> @@ -173,6 +173,7 @@
>      while (<INPUT>) {
>  	tr/\015//d;
>  	next if /^\s*$/;
> +	next if /^\s*System time: /;
>  	last if(/$prompt/);
>  	ProcessHistory("","","","$_");
>  	#print STDOUT "$_";
> @@ -214,7 +215,7 @@
>  # Main
>  @commandtable = (
>  	{'get system status'	=> 'GetSystem'},
> -	{'get conf'		=> 'GetConf'}
> +	{'show '		=> 'GetConf'}
>  );
>  # Use an array to preserve the order of the commands and a hash for
> mapping # commands to the subroutine and track commands that have been
> completed. @@ -242,13 +243,13 @@
>      print STDERR "opening file $host\n" if ($debug);
>      print STDOUT "opening file $host\n" if ($log);
>      open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else {
> -    print STDERR "executing nlogin -t $timeo -c\"$cisco_cmds\" $host\n" if
> ($debug); -    print STDOUT "executing nlogin -t $timeo -c\"$cisco_cmds\"
> $host\n" if ($log); +    print STDERR "executing fglogin -t $timeo
> -c\"$cisco_cmds\" $host\n" if ($debug); +    print STDOUT "executing
> fglogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if
> (defined($ENV{NOPIPE})) {
> -	system "nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null > $host.raw
> 2>&1" || die "nlogin failed for $host: $!\n"; -	open(INPUT, "< $host.raw")
> || die "nlogin failed for $host: $!\n"; +	system "fglogin -t $timeo -c
> \"$cisco_cmds\" $host </dev/null > $host.raw 2>&1" || die "fglogin failed
> for $host: $!\n"; +	open(INPUT, "< $host.raw") || die "fglogin failed for
> $host: $!\n"; } else {
> -	open(INPUT,"nlogin -t $timeo -c \"$cisco_cmds\" $host </dev/null |") ||
> die "nlogin failed for $host: $!\n"; +	open(INPUT,"fglogin -t $timeo -c
> \"$cisco_cmds\" $host </dev/null |") || die "fglogin failed for $host:
> $!\n"; }
>  }
> 
> @@ -276,13 +277,13 @@
>  TOP: while(<INPUT>) {
>      tr/\015//d;
>      if (/^Error:/) {
> -	print STDOUT ("$host nlogin error: $_");
> -	print STDERR ("$host nlogin error: $_") if ($debug);
> +	print STDOUT ("$host fglogin error: $_");
> +	print STDERR ("$host fglogin error: $_") if ($debug);
>  	last;
>      }
> -    while (/>\s*($cmds_regexp)\s*$/) {
> +    while (/#\s*($cmds_regexp)\s*$/) {
>  	$cmd = $1;
> -	if (!defined($prompt)) { $prompt = " >\s*"; }
> +	if (!defined($prompt)) { $prompt = " #\s*"; }
>  	print STDERR ("HIT COMMAND:$_") if ($debug);
>  	if (!defined($commands{$cmd})) {
>  	    print STDERR "$host: found unexpected command - \"$cmd\"\n";
> @@ -307,6 +308,7 @@
>  }
> 
>  # check for completeness
> +printf STDERR scalar(%commands) . "\n";
>  if (scalar(%commands) || !$found_end) {
>      if (scalar(%commands)) {
>  	printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands)));
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list