From aaron.wasserott at viawest.com Tue Jan 1 22:29:02 2013 From: aaron.wasserott at viawest.com (Aaron Wasserott) Date: Tue, 1 Jan 2013 14:29:02 -0800 Subject: [rancid] Extra spaces being randomly added - and seen as config changes Message-ID: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. ----------------- - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 - !VLAN: Fa8, Fa9 + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 ----------------- Anyone know how to fix this? Thanks, -Aaron -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jan 2 17:24:00 2013 From: heas at shrubbery.net (heasley) Date: Wed, 2 Jan 2013 17:24:00 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> Message-ID: <20130102172400.GD49743@shrubbery.net> Tue, Jan 01, 2013 at 02:29:02PM -0800, Aaron Wasserott: > I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. > > I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. > > In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. > > ----------------- > > - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" > + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" I suspect this is the device. try mtlogin -c 'export' device in a loop and look for the change. the mtlogin code looks ok to me, but i dont have one of these for testing. > - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 > - !VLAN: Fa8, Fa9 > + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 > > ----------------- this is the device itself, which i thought was due to the terminal width. but 2.3.8 should have the change that sets the width. unless the use that runs rancid does not have permission to alter the terminal width, i havent an idea why this would be occuring. From peo at chalmers.se Wed Jan 2 19:09:59 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 02 Jan 2013 20:09:59 +0100 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <20130102172400.GD49743@shrubbery.net> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> Message-ID: <50E48607.2030606@chalmers.se> heasley skrev 2013-01-02 18:24: > Tue, Jan 01, 2013 at 02:29:02PM -0800, Aaron Wasserott: >> I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. >> >> I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. >> >> In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. >> >> ----------------- >> >> - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" >> + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" > > I suspect this is the device. try mtlogin -c 'export' device in a loop and > look for the change. the mtlogin code looks ok to me, but i dont have one of > these for testing. > >> - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 >> - !VLAN: Fa8, Fa9 >> + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 >> >> ----------------- > > this is the device itself, which i thought was due to the terminal width. but > 2.3.8 should have the change that sets the width. unless the use that runs > rancid does not have permission to alter the terminal width, i havent an idea > why this would be occuring. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > If you upgrade to 2.3.8 it's good habit to compare the new rancid.conf.sample with current rancid.conf. Check if you have the new settings for fixed terminal width and sort order in place, else it will differ if you run rancid from terminal window och cron. ---------rancid.conf.sample----------------- # TERM=network;export TERM # # Collating locale LC_COLLATE="POSIX"; export LC_COLLATE # ----------------------------------------- /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From ArthurChilipweli at solutionary.com Wed Jan 2 19:41:16 2013 From: ArthurChilipweli at solutionary.com (Arthur Chilipweli) Date: Wed, 2 Jan 2013 13:41:16 -0600 Subject: [rancid] Palo Alto Message-ID: <823B9E9C8CDD8249A91BCD5B0E0F80162215B18801@MAIL.solutionary.com> All, I hope someone can help me out, I have followed up on the configuration of the rancid to pull configs from Palo alto devices, based on this discussion string found here: http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread The login script seems to be working, however I am unable to pull the configs using the scripts, can someone please point me to the right direction please: [mdrancid at mdrancid ~]$ panlogin 3040-palo-altofw01 3040-palo-altofw01 spawn ssh -c 3des -x -l admin 3040-palo-altofw01 Password: Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14 admin at palo-altofw01 (active)> admin at palo-altofw01 (active)> exit But running a test script to pull configs seems not to be working: [mdrancid at mdrancid ~]$ panlogin -t 120 -c "show config running" 3040-palo-altofw01 3040-palo-altofw01 spawn ssh -c 3des -x -l admin 3040-palo-altofw01 Password: Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14 admin at palo-altofw01 (active)> admin at palo-altofw01 (active)> set cli pager off admin at palo-altofw01 (active)> Error: TIMEOUT reached --Arthur -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Wed Jan 2 21:32:47 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 2 Jan 2013 21:32:47 +0000 Subject: [rancid] Palo Alto In-Reply-To: <823B9E9C8CDD8249A91BCD5B0E0F80162215B18801@MAIL.solutionary.com> References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B18801@MAIL.solutionary.com> Message-ID: Yes, somebody else has run across this two, and it's because of the HA firewall setup and prompt change. Try this version that Wouter de Jong and I came up with: From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Arthur Chilipweli Sent: Wednesday, January 02, 2013 2:41 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Palo Alto All, I hope someone can help me out, I have followed up on the configuration of the rancid to pull configs from Palo alto devices, based on this discussion string found here: http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread The login script seems to be working, however I am unable to pull the configs using the scripts, can someone please point me to the right direction please: [mdrancid at mdrancid ~]$ panlogin 3040-palo-altofw01 3040-palo-altofw01 spawn ssh -c 3des -x -l admin 3040-palo-altofw01 Password: Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14 admin at palo-altofw01 (active)> admin at palo-altofw01 (active)> exit But running a test script to pull configs seems not to be working: [mdrancid at mdrancid ~]$ panlogin -t 120 -c "show config running" 3040-palo-altofw01 3040-palo-altofw01 spawn ssh -c 3des -x -l admin 3040-palo-altofw01 Password: Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14 admin at palo-altofw01 (active)> admin at palo-altofw01 (active)> set cli pager off admin at palo-altofw01 (active)> Error: TIMEOUT reached --Arthur -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: paloalto-new.tar.gz Type: application/x-gzip Size: 8572 bytes Desc: paloalto-new.tar.gz URL: From ArthurChilipweli at solutionary.com Thu Jan 3 22:01:59 2013 From: ArthurChilipweli at solutionary.com (Arthur Chilipweli) Date: Thu, 3 Jan 2013 16:01:59 -0600 Subject: [rancid] Palo Alto Message-ID: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> Doug, Thank you for the work you and Wouter de Jong did, it is working thank you very much. Thanks, Arthur -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.wasserott at viawest.com Fri Jan 4 10:30:43 2013 From: aaron.wasserott at viawest.com (Aaron Wasserott) Date: Fri, 4 Jan 2013 02:30:43 -0800 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <50E48607.2030606@chalmers.se> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> Message-ID: <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> RANCID is running from crontab, not from a terminal, and the user on the network devices has root-level permissions. All RANCID scripts are at 2.3.8. I am having the same issue discussed here: http://www.gossamer-threads.com/lists/rancid/users/5887 Where it's just the email output showing a false difference, not the saved config in CVS. I am pretty sure it's not the device either as I just got it on a ScreenOS firewall and there is no option to set terminal width, just paging (length) which is currently off. Here is an example from a ScreenOS device: set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level standard + #set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface + "bgroup0" preshare sec-level standard I also setup my internal devices to run every 1min per crontab and it only sees changes when there are actual changes. So it's something in processing the output. I did check against the rancid.conf.sample file and my config was the same. I did add the NOPIPE option recently to see if that would do anything, but it didn't. umask 027 TMPDIR=/tmp; export TMPDIR BASEDIR=/var/lib/rancid; export BASEDIR PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin; export PATH CVSROOT=$BASEDIR/CVS; export CVSROOT LOGDIR=$BASEDIR/logs; export LOGDIR RCSSYS=cvs; export RCSSYS LIST_OF_GROUPS="internal external" MAX_ROUNDS=2; export MAX_ROUNDS FILTER_PWDS=YES; export FILTER_PWDS NOPIPE=YES; export NOPIPE Anyone have any ideas how I can fix this? Thanks. -----Original Message----- From: Per-Olof Olsson [mailto:peo at chalmers.se] Sent: Wednesday, January 02, 2013 12:10 PM To: heasley; Aaron Wasserott Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes heasley skrev 2013-01-02 18:24: > Tue, Jan 01, 2013 at 02:29:02PM -0800, Aaron Wasserott: >> I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. >> >> I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. >> >> In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. >> >> ----------------- >> >> - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" >> + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" > > I suspect this is the device. try mtlogin -c 'export' device in a > loop and look for the change. the mtlogin code looks ok to me, but i > dont have one of these for testing. > >> - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 >> - !VLAN: Fa8, Fa9 >> + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 >> >> ----------------- > > this is the device itself, which i thought was due to the terminal > width. but > 2.3.8 should have the change that sets the width. unless the use that > runs rancid does not have permission to alter the terminal width, i > havent an idea why this would be occuring. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > If you upgrade to 2.3.8 it's good habit to compare the new rancid.conf.sample with current rancid.conf. Check if you have the new settings for fixed terminal width and sort order in place, else it will differ if you run rancid from terminal window och cron. ---------rancid.conf.sample----------------- # TERM=network;export TERM # # Collating locale LC_COLLATE="POSIX"; export LC_COLLATE # ----------------------------------------- /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- From kerry.cox at wjbradley.com Fri Jan 4 15:39:24 2013 From: kerry.cox at wjbradley.com (Kerry Cox) Date: Fri, 4 Jan 2013 15:39:24 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> Message-ID: <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> Aaron, Yes, this is the exact same issue I am experiencing with our Cisco ASAs. I get about 8-10 emails a day when they bounce back and forth between the BOOT Variable being populated and then being not populated. Index: configs/216.51.xx.xx =================================================================== retrieving revision 1.303 diff -U 4 -r1.303 216.51.xx.xx @@ -18,9 +18,9 @@ !BootFlash: Current BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin !BootFlash: CONFIG_FILE variable = !BootFlash: Current CONFIG_FILE variable = ! - !BootFlash: BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin + !BootFlash: BOOT variable = !BootFlash: Current BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin !BootFlash: CONFIG_FILE variable = !BootFlash: Current CONFIG_FILE variable = ! I agree it is definitely NOT the device, contrary to what everyone says. And, this is the latest IOS. I am not calling Cisco TAC to let them know that their firmware is causing rancid to detect changes in the BOOT variable. I also agree it is probably the terminal window settings or cron or something inherent in rancid that is causing it to get changing variables when queried. If anyone else have any ideas or the rancid developers could shed some light on editing the default settings, that would be most useful. Kerry -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron Wasserott Sent: Friday, January 04, 2013 3:31 AM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes RANCID is running from crontab, not from a terminal, and the user on the network devices has root-level permissions. All RANCID scripts are at 2.3.8. I am having the same issue discussed here: http://www.gossamer-threads.com/lists/rancid/users/5887 Where it's just the email output showing a false difference, not the saved config in CVS. I am pretty sure it's not the device either as I just got it on a ScreenOS firewall and there is no option to set terminal width, just paging (length) which is currently off. Here is an example from a ScreenOS device: set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level standard + #set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface + "bgroup0" preshare sec-level standard I also setup my internal devices to run every 1min per crontab and it only sees changes when there are actual changes. So it's something in processing the output. I did check against the rancid.conf.sample file and my config was the same. I did add the NOPIPE option recently to see if that would do anything, but it didn't. umask 027 TMPDIR=/tmp; export TMPDIR BASEDIR=/var/lib/rancid; export BASEDIR PATH=/usr/lib/rancid/bin:/usr/bin:/usr/sbin:/bin:/usr/local/bin:/usr/bin; export PATH CVSROOT=$BASEDIR/CVS; export CVSROOT LOGDIR=$BASEDIR/logs; export LOGDIR RCSSYS=cvs; export RCSSYS LIST_OF_GROUPS="internal external" MAX_ROUNDS=2; export MAX_ROUNDS FILTER_PWDS=YES; export FILTER_PWDS NOPIPE=YES; export NOPIPE Anyone have any ideas how I can fix this? Thanks. -----Original Message----- From: Per-Olof Olsson [mailto:peo at chalmers.se] Sent: Wednesday, January 02, 2013 12:10 PM To: heasley; Aaron Wasserott Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes heasley skrev 2013-01-02 18:24: > Tue, Jan 01, 2013 at 02:29:02PM -0800, Aaron Wasserott: >> I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. >> >> I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. >> >> In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. >> >> ----------------- >> >> - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" >> + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" > > I suspect this is the device. try mtlogin -c 'export' device in a > loop and look for the change. the mtlogin code looks ok to me, but i > dont have one of these for testing. > >> - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 >> - !VLAN: Fa8, Fa9 >> + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 >> >> ----------------- > > this is the device itself, which i thought was due to the terminal > width. but > 2.3.8 should have the change that sets the width. unless the use that > runs rancid does not have permission to alter the terminal width, i > havent an idea why this would be occuring. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > If you upgrade to 2.3.8 it's good habit to compare the new rancid.conf.sample with current rancid.conf. Check if you have the new settings for fixed terminal width and sort order in place, else it will differ if you run rancid from terminal window och cron. ---------rancid.conf.sample----------------- # TERM=network;export TERM # # Collating locale LC_COLLATE="POSIX"; export LC_COLLATE # ----------------------------------------- /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8680 ---------------------------------------------------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss **Electronic Privacy Notice** This e-mail and any attachments contain information that is or may be covered by electronic communication privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error and then immediately delete it. Thank you for your cooperation. From david.byers at liu.se Fri Jan 4 15:57:54 2013 From: david.byers at liu.se (David Byers) Date: Fri, 4 Jan 2013 16:57:54 +0100 Subject: [rancid] Patch for hlogin Message-ID: <50E6FC02.2070905@liu.se> I found that rancid failed to log in to some HP switches that were using radius and had old enough firmware that autoenable wouldn't work. Rancid didn't recognize the second username prompt, and stopped. The following patch fixed the problem: --- hlogin.in.orig 2013-01-04 16:55:08.703640021 +0100 +++ hlogin.in 2013-01-04 16:55:52.824326718 +0100 @@ -696,7 +696,7 @@ # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|login|user name):" + set u_prompt "(Username|login|user name|Login Name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } -- David Byers Link?ping university -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: OpenPGP digital signature URL: From TERRY at tmk.com Fri Jan 4 15:47:08 2013 From: TERRY at tmk.com (Terry Kennedy) Date: Fri, 04 Jan 2013 10:47:08 -0500 (EST) Subject: [rancid] Updated module for APC network management cards Message-ID: <01OOL98X9HVO002E4O@tmk.com> 7+ years ago, I released a first cut of a RANCID module for pulling configs from APC network management cards. As part of migrating my monitoring systems from RANCID 2.3.1 (heavily modified) to 2.3.8, I've completely re-done the APC modules. Some of the changes are: o Based on 2.3.8 clogin / rancid code base - easier to see what I changed if you want to audit the code o Now reports the exact APC model number in the "Chassis Type" com- ment line o Supports 2nd-generation APC management cards such as the AP9630/ AP9631 o Supports a wider variety of FTP clients (different prompts) o Better handling of configuration errors (such as specifying a non- standard port number) o Better handling of errors from the FTP client - errors are now de- tected and reported rather than relying on the timeout mechanism o RANCID-CONTENT-TYPE header changed to "apc" from "apc-netmgmt" o Greatly expanded the amount of info in the 0-README file You can download this version from: http://www.tmk.com/transient/rancid-apc.tar.gz If you want the 2005 version for some reason, it is available as: http://www.tmk.com/transient/rancid-apc-old.tar.gz Terry Kennedy http://www.tmk.com terry at tmk.com New York, NY USA From GMourani at prival.ca Fri Jan 4 20:37:39 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Fri, 4 Jan 2013 20:37:39 +0000 Subject: [rancid] Cisco 3524 PWRXL - Login without username Message-ID: <312FF37225924E42A1D3D228EDBD119315D46B97@PRIVALEX.PrivalODC.lan> Hello List, I'm having problem with Rancid 2.3.8 on Linux and old Cisco IOS 12.0 3524 PWRXL on which no username is defined. Therefore for login into the switch I just telnet the IP and enter the password. For this, here my configuration inside .cloginrc file: add password 1.2.3.4 passwd enablepasswd add method 1.2.3.4 telnet bash-4.2$ clogin -f /usr/share/rancid/.cloginrc 1.2.3.4 1.2.3.4 spawn telnet 1.2.3.4 Trying 1.2.3.4... Connected to 1.2.3.4. Escape character is '^]'. ****************************************************************** ****************************************************************** Private Equipement Acces denied without permission ****************************************************************** ****************************************************************** User Access Verification Password: Error: Check your passwd for 1.2.3.4 The above fail because Rancid expect a username before continuing. How to make my configuration work without having to define a username (add user .....)? Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri Jan 4 20:41:02 2013 From: heas at shrubbery.net (heasley) Date: Fri, 4 Jan 2013 20:41:02 +0000 Subject: [rancid] Cisco 3524 PWRXL - Login without username In-Reply-To: <312FF37225924E42A1D3D228EDBD119315D46B97@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315D46B97@PRIVALEX.PrivalODC.lan> Message-ID: <20130104204102.GE27413@shrubbery.net> Fri, Jan 04, 2013 at 08:37:39PM +0000, Gerhard Mourani: > Hello List, > > I'm having problem with Rancid 2.3.8 on Linux and old Cisco IOS 12.0 3524 PWRXL on which no username is defined. Therefore for login into the switch I just telnet the IP and enter the password. For this, here my configuration inside .cloginrc file: > > add password 1.2.3.4 passwd enablepasswd > add method 1.2.3.4 telnet > > > bash-4.2$ clogin -f /usr/share/rancid/.cloginrc 1.2.3.4 > 1.2.3.4 > spawn telnet 1.2.3.4 > Trying 1.2.3.4... > Connected to 1.2.3.4. > Escape character is '^]'. > ****************************************************************** > ****************************************************************** > Private Equipement > Acces denied without permission ^^^^^^ get rid of that or change it to 'not permitted' or similar. > ****************************************************************** > ****************************************************************** > > User Access Verification > > Password: > Error: Check your passwd for 1.2.3.4 > > The above fail because Rancid expect a username before continuing. How to make my configuration work without having to define a username (add user .....)? > > Gerhard, > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From GMourani at prival.ca Fri Jan 4 21:02:06 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Fri, 4 Jan 2013 21:02:06 +0000 Subject: [rancid] Cisco 3524 PWRXL - Login without username In-Reply-To: <20130104204102.GE27413@shrubbery.net> References: <312FF37225924E42A1D3D228EDBD119315D46B97@PRIVALEX.PrivalODC.lan> <20130104204102.GE27413@shrubbery.net> Message-ID: <312FF37225924E42A1D3D228EDBD119315D46CBB@PRIVALEX.PrivalODC.lan> Big thanks, it works now! -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: January-04-13 3:41 PM To: Gerhard Mourani Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cisco 3524 PWRXL - Login without username Fri, Jan 04, 2013 at 08:37:39PM +0000, Gerhard Mourani: > Hello List, > > I'm having problem with Rancid 2.3.8 on Linux and old Cisco IOS 12.0 3524 PWRXL on which no username is defined. Therefore for login into the switch I just telnet the IP and enter the password. For this, here my configuration inside .cloginrc file: > > add password 1.2.3.4 passwd enablepasswd > add method 1.2.3.4 telnet > > > bash-4.2$ clogin -f /usr/share/rancid/.cloginrc 1.2.3.4 > 1.2.3.4 > spawn telnet 1.2.3.4 > Trying 1.2.3.4... > Connected to 1.2.3.4. > Escape character is '^]'. > ****************************************************************** > ****************************************************************** > Private Equipement > Acces denied without permission ^^^^^^ get rid of that or change it to 'not permitted' or similar. > ****************************************************************** > ****************************************************************** > > User Access Verification > > Password: > Error: Check your passwd for 1.2.3.4 > > The above fail because Rancid expect a username before continuing. How to make my configuration work without having to define a username (add user .....)? > > Gerhard, > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Jan 4 21:06:15 2013 From: heas at shrubbery.net (heasley) Date: Fri, 4 Jan 2013 21:06:15 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <20130104205950.6393924CF79@sea.shrubbery.net> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> Message-ID: <20130104210615.GH27413@shrubbery.net> Fri, Jan 04, 2013 at 02:30:43AM -0800, Aaron Wasserott: > RANCID is running from crontab, not from a terminal, and the user on the network devices has root-level permissions. All RANCID scripts are at 2.3.8. I am having the same issue discussed here: > > http://www.gossamer-threads.com/lists/rancid/users/5887 > > Where it's just the email output showing a false difference, not the saved config in CVS. > > I am pretty sure it's not the device either as I just got it on a ScreenOS firewall and there is no option to set terminal width, just paging (length) which is currently off. Here is an example from a ScreenOS device: > > set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level standard > + #set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface > + "bgroup0" preshare sec-level standard would you try this change? i'm uncertain that this will have any affect, its jut a hunch. Index: bin/nrancid.in =================================================================== --- bin/nrancid.in (revision 2658) +++ bin/nrancid.in (working copy) @@ -217,7 +217,7 @@ next if /^Total Config.+$/i; last if(/$prompt/); # throw away the pager prompts - s/^--- more ---[\s\b]*//g; + s/^--- more ---[ \b]*//g; if (/^set admin name "(\S+)"$/ && $filter_pwds >= 1) { ProcessHistory("ADMIN","","","#set admin name \n"); From heas at shrubbery.net Fri Jan 4 21:12:35 2013 From: heas at shrubbery.net (heasley) Date: Fri, 4 Jan 2013 21:12:35 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> Message-ID: <20130104211235.GA29102@shrubbery.net> Fri, Jan 04, 2013 at 03:39:24PM +0000, Kerry Cox: > Aaron, > Yes, this is the exact same issue I am experiencing with our Cisco ASAs. I get about 8-10 emails a day when they bounce back and forth between the BOOT Variable being populated and then being not populated. > > Index: configs/216.51.xx.xx > =================================================================== > retrieving revision 1.303 > diff -U 4 -r1.303 216.51.xx.xx > @@ -18,9 +18,9 @@ > !BootFlash: Current BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > !BootFlash: CONFIG_FILE variable = > !BootFlash: Current CONFIG_FILE variable = > ! > - !BootFlash: BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > + !BootFlash: BOOT variable = > !BootFlash: Current BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > !BootFlash: CONFIG_FILE variable = > !BootFlash: Current CONFIG_FILE variable = > ! > > I agree it is definitely NOT the device, contrary to what everyone says. And, this is the latest IOS. I am not calling Cisco TAC to let them know that their firmware is causing rancid to detect changes in the BOOT variable. > I also agree it is probably the terminal window settings or cron or something inherent in rancid that is causing it to get changing variables when queried. > If anyone else have any ideas or the rancid developers could shed some light on editing the default settings, that would be most useful. i dont see anything in the code that might cause this. if you can use clogin to run the command repeatedly in cron to try to reproduce it, or use NOPIPE=YES and run rancid with -d for the device from cron, saving the .raw file after each run, we might confirm that its the device or find the cause. i still suspect its an o/s bug or intermittent hardward failure. From tobias.brunner at nine.ch Fri Jan 4 22:11:11 2013 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Fri, 04 Jan 2013 23:11:11 +0100 Subject: [rancid] rancid-run not getting config Message-ID: <2380424.mK29ptI680@pctobru> Hi, After adding some more devices to router.db no configs are being saved from all devices. All I get is the following output in the logfile (the : ######################################## starting: Fri Jan 4 22:53:17 CET 2013 At revision 311. A deviceB Adding deviceB Transmitting file data . Committed revision 312. Added deviceB A deviceC Adding deviceC Transmitting file data . Committed revision 313. Added deviceC A deviceD Adding deviceD Transmitting file data . Committed revision 314. Added deviceD ending: Fri Jan 4 22:53:19 CET 2013 ######################################## There should be at least a line which says "Trying to get all of the configs.", which is missing. How can I debug this? Thanks for all help, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From daniel.schmidt at wyo.gov Fri Jan 4 20:48:03 2013 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Fri, 4 Jan 2013 13:48:03 -0700 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <20130102172400.GD49743@shrubbery.net> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> Message-ID: <2abbf8935ff9d8ea6710b67b01966967@mail.gmail.com> Have seen the vlan thing on Cisco. With no time to upgrade or try to write a proper fix, I slapped on a couple of things together and called it good. (Heas says these are fixed in 2.3.8 though) Again, none of this was done well, it was more: "Well, that works. Onto the next problem." You are welcome to try the cobbles below. diff -U 4 control_rancid.bak control_rancid --- control_rancid.bak 2011-11-22 10:15:36.000000000 -0700 +++ control_rancid 2011-11-22 10:19:51.000000000 -0700 @@ -42,8 +42,12 @@ # # control_rancid $GROUP # +# #*@& sort locale!! +LC_COLLATE="POSIX" +export LC_COLLATE + # print a usage message to stderr pr_usage() { echo "usage: $0 [-V] [-r device_name] [-m mail rcpt] group" >&2; } Clogin: 623 } else { 624 send "terminal length 0\r" 625 expect -re $prompt {} 626 send "terminal width 80\r" 627 } -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley Sent: Wednesday, January 02, 2013 10:24 AM To: Aaron Wasserott Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes Tue, Jan 01, 2013 at 02:29:02PM -0800, Aaron Wasserott: > I am running RANCID 2.3.8 on Ubuntu 12.04.1 LTS, Precise Pangolin, kernel 3.2.0-35-generic x86_64. > > I am seeing some odd behavior when running rancid against Cisco and Mikrotik devices. The output will sometimes have extra spaces - or line breaks maybe? - that is then seen as a config change when it's not. Two examples below. The first from a Mikrotik router and the second a Cisco router. > > In the first example an extra space was seen after "sensitive source=" . In the second example the ports listed in the VLAN output break across two lines, but sometimes only one. In this second example, I have noticed it will go back and forth. Sometimes the ports are listed all on one line, sometimes two. I have many Mikrotiks with many lines of configs, so I haven't checked to see if there is a recurring issue with the same line or not. > > ----------------- > > - add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=":for t1 from=1 to=10 step=1 do={\r\n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" > + add name=startup-tone policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source=": for t1 from=1 to=10 step=1 do={\r \n :for t2 from=300 to=1800 step=40 do={\r \n :beep frequency=\$t2 length=11ms;\r \n :delay 11ms;\r \n }\r \n }\r \n" I suspect this is the device. try mtlogin -c 'export' device in a loop and look for the change. the mtlogin code looks ok to me, but i dont have one of these for testing. > - !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7 > - !VLAN: Fa8, Fa9 > + !VLAN: 1 default active Fa2, Fa3, Fa4, Fa5, Fa6, Fa7, Fa8, Fa9 > > ----------------- this is the device itself, which i thought was due to the terminal width. but 2.3.8 should have the change that sets the width. unless the use that runs rancid does not have permission to alter the terminal width, i havent an idea why this would be occuring. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. From rancid at ale.cx Fri Jan 4 22:38:33 2013 From: rancid at ale.cx (Alex DEKKER) Date: Fri, 04 Jan 2013 22:38:33 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> Message-ID: <50E759E9.1070602@ale.cx> On 04/01/13 15:39, Kerry Cox wrote: > - !BootFlash: BOOT variable = disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > + !BootFlash: BOOT variable = > -----Original Message----- > From:rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron Wasserott > Sent: Friday, January 04, 2013 3:31 AM > Here is an example from a ScreenOS device: > > set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level standard > + #set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface > + "bgroup0" preshare sec-level standard Did you add the or do you have RANCID set to strip certain keys and passwords from configs? If the latter, then I would say that your [Aaron's] issue is not related to Kerry's. alexd From kerry.cox at wjbradley.com Fri Jan 4 22:54:20 2013 From: kerry.cox at wjbradley.com (Kerry Cox) Date: Fri, 4 Jan 2013 22:54:20 +0000 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <50E759E9.1070602@ale.cx> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> <50E759E9.1070602@ale.cx> Message-ID: <4A33AE839886F04592A676F57BD895EA3AAF49F407@MBX3.EXCHPROD.USA.NET> My issue is that every hour, the configs from my Cisco ASAs are reporting as alternating between having content in the BootFlash: setting and then having no content. I have changed the setting in rancid.conf to be NOPIPE = YES and also NO, with no change. I have also run "rancid -d 10.10.0.1" against the firewalls from the command line and seen zero issues. Everything checks out. I have run rancid by itself against the firewall and saved the raw output and then done a diff against over 10 files. The output is always the same, no change. So, I guess it is my cron job that is causing the variations? # Run config differ hourly at 5 minutes past the hour 5 * * * * /usr/local/rancid/bin/rancid-run Is there another setting I am missing that could be causing the BootFlash: BOOT variable to change? Thanks for all the input. I guess I'll set my cron to once a day rather than once an hour so I don't get so many false alerts. Kerry -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Friday, January 04, 2013 3:39 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes On 04/01/13 15:39, Kerry Cox wrote: > - !BootFlash: BOOT variable = > disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > + !BootFlash: BOOT variable = > -----Original Message----- > From:rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron > Wasserott > Sent: Friday, January 04, 2013 3:31 AM Here is an example from a > ScreenOS device: > > set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface > "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level > standard > + #set ike gateway "xcolo" address 123.45.67.89 Main > + outgoing-interface "bgroup0" preshare sec-level standard Did you add the or do you have RANCID set to strip certain keys and passwords from configs? If the latter, then I would say that your [Aaron's] issue is not related to Kerry's. alexd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss **Electronic Privacy Notice** This e-mail and any attachments contain information that is or may be covered by electronic communication privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error and then immediately delete it. Thank you for your cooperation. From aaron.wasserott at viawest.com Fri Jan 4 22:46:33 2013 From: aaron.wasserott at viawest.com (Aaron Wasserott) Date: Fri, 4 Jan 2013 14:46:33 -0800 Subject: [rancid] Extra spaces being randomly added - and seen as config changes In-Reply-To: <50E759E9.1070602@ale.cx> References: <8BAC2C69FDEE374CAB21696109147686027F29B4B4C3@EXVMBX017-1.exch017.msoutlookonline.net> <20130102172400.GD49743@shrubbery.net> <50E48607.2030606@chalmers.se> <8BAC2C69FDEE374CAB21696109147686027F29B4B894@EXVMBX017-1.exch017.msoutlookonline.net> <4A33AE839886F04592A676F57BD895EA3AAF3A6FD3@MBX3.EXCHPROD.USA.NET> <50E759E9.1070602@ale.cx> Message-ID: <8BAC2C69FDEE374CAB21696109147686027F29B4BA0B@EXVMBX017-1.exch017.msoutlookonline.net> I had changed RANCID to strip passwords and when it ran next that's what I got (repeated below) set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level standard + #set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface + "bgroup0" preshare sec-level standard It should show a config difference in this case, but not split across lines like that - in the case above it's showing 1 removed line and 2 added lines when it should be 1 and 1. I do agree that Kerry's issue does seem different. In her case the output from the router for that parameter appears to be missing entirely, not just on a different line. Unless of course RANCID is really doing something funky and just ignoring the output after the : altogether. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Alex DEKKER Sent: Friday, January 04, 2013 3:39 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Extra spaces being randomly added - and seen as config changes On 04/01/13 15:39, Kerry Cox wrote: > - !BootFlash: BOOT variable = > disk0:/asa911-k8.bin;disk0:/asa901-k8.bin > + !BootFlash: BOOT variable = > -----Original Message----- > From:rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Aaron > Wasserott > Sent: Friday, January 04, 2013 3:31 AM Here is an example from a > ScreenOS device: > > set ike gateway "xcolo" address 123.45.67.89 Main outgoing-interface > "bgroup0" preshare "wLE/x18INtTxJ6sT42CM5FxvOphJ/3%YZg==" sec-level > standard > + #set ike gateway "xcolo" address 123.45.67.89 Main > + outgoing-interface "bgroup0" preshare sec-level standard Did you add the or do you have RANCID set to strip certain keys and passwords from configs? If the latter, then I would say that your [Aaron's] issue is not related to Kerry's. alexd _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tyandwhit at gmail.com Fri Jan 4 19:40:27 2013 From: tyandwhit at gmail.com (Tyler Bushman) Date: Fri, 4 Jan 2013 11:40:27 -0800 (PST) Subject: [rancid] How to upgrade to 2.3.8 In-Reply-To: <6402cb2d-3f7a-48b9-ad13-817f2752ea28@googlegroups.com> References: <6402cb2d-3f7a-48b9-ad13-817f2752ea28@googlegroups.com> Message-ID: <66a8bd23-f610-4c6c-8884-aa3ef593bbc1@googlegroups.com> I followed everyone's advice and just installed over the existing installation. Worked like a charm. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From peterjackson1610 at gmail.com Sat Jan 5 03:31:57 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Fri, 4 Jan 2013 22:31:57 -0500 Subject: [rancid] Palo Alto In-Reply-To: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> Message-ID: Which platform are you guys using? And which version of PA? When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine for the first command, 'set cli scripting-mode on' as if there is no input from this command. On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli < ArthurChilipweli at solutionary.com> wrote: > Doug,**** > > ** ** > > Thank you for the work you and Wouter de Jong did, it is working thank you > very much.**** > > ** ** > > Thanks,**** > > ** ** > > Arthur**** > > ** ** > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Sat Jan 5 20:54:57 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Sat, 5 Jan 2013 20:54:57 +0000 Subject: [rancid] Palo Alto In-Reply-To: References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> Message-ID: Try this/these version. I moved cli scripting-mode to earlier, put cli pager mode after it, and modified panlogin to just send return to determine prompt Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Jackson Sent: Friday, January 04, 2013 10:32 PM To: Arthur Chilipweli Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Which platform are you guys using? And which version of PA? When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine for the first command, 'set cli scripting-mode on' as if there is no input from this command. On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli > wrote: Doug, Thank you for the work you and Wouter de Jong did, it is working thank you very much. Thanks, Arthur _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: panlogin Type: application/octet-stream Size: 17825 bytes Desc: panlogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: panrancid Type: application/octet-stream Size: 8508 bytes Desc: panrancid URL: From peterjackson1610 at gmail.com Sun Jan 6 00:46:32 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Sat, 5 Jan 2013 19:46:32 -0500 Subject: [rancid] Palo Alto In-Reply-To: References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> Message-ID: This one works! Thank you so much. I spent some time on a bash script that uses panlogin to copy the running-config.xml file to a tftp server, rename it, and move it into an archive directory. But having RANCID working is so much better. I have attached your panrancid modified for the set mode. On Sat, Jan 5, 2013 at 3:54 PM, Hughes, Doug < Douglas.Hughes at deshawresearch.com> wrote: > Try this/these version. I moved cli scripting-mode to earlier, put cli > pager mode after it, and modified panlogin to just send return to determine > prompt**** > > ** ** > > Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050.**** > > ** ** > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Peter Jackson > *Sent:* Friday, January 04, 2013 10:32 PM > *To:* Arthur Chilipweli > *Cc:* rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Palo Alto**** > > ** ** > > Which platform are you guys using? And which version of PA? > > When I run rancid-run for our PA-200s it hangs at the EatCommand > subroutine for the first command, 'set cli scripting-mode on' as if there > is no input from this command. > > **** > > On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli < > ArthurChilipweli at solutionary.com> wrote:**** > > Doug,**** > > **** > > Thank you for the work you and Wouter de Jong did, it is working thank you > very much.**** > > **** > > Thanks,**** > > **** > > Arthur**** > > **** > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss**** > > ** ** > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: panrancid.set Type: application/octet-stream Size: 9666 bytes Desc: not available URL: From ArthurChilipweli at solutionary.com Sun Jan 6 02:10:59 2013 From: ArthurChilipweli at solutionary.com (Arthur Chilipweli) Date: Sat, 5 Jan 2013 20:10:59 -0600 Subject: [rancid] Palo Alto In-Reply-To: References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B1889E@MAIL.solutionary.com> Message-ID: <823B9E9C8CDD8249A91BCD5B0E0F80162215B18950@MAIL.solutionary.com> Yeah thank you guys very much --Arthur From: Peter Jackson [mailto:peterjackson1610 at gmail.com] Sent: Saturday, January 05, 2013 6:47 PM To: Hughes, Doug Cc: Arthur Chilipweli; rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto This one works! Thank you so much. I spent some time on a bash script that uses panlogin to copy the running-config.xml file to a tftp server, rename it, and move it into an archive directory. But having RANCID working is so much better. I have attached your panrancid modified for the set mode. On Sat, Jan 5, 2013 at 3:54 PM, Hughes, Doug > wrote: Try this/these version. I moved cli scripting-mode to earlier, put cli pager mode after it, and modified panlogin to just send return to determine prompt Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Jackson Sent: Friday, January 04, 2013 10:32 PM To: Arthur Chilipweli Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Palo Alto Which platform are you guys using? And which version of PA? When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine for the first command, 'set cli scripting-mode on' as if there is no input from this command. On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli > wrote: Doug, Thank you for the work you and Wouter de Jong did, it is working thank you very much. Thanks, Arthur _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.brunner at nine.ch Sun Jan 6 14:41:58 2013 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Sun, 06 Jan 2013 15:41:58 +0100 Subject: [rancid] Backing up Brocade devices with read-only user Message-ID: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> Hi, For backing up some of our Brocade router we created a special SSH user on this devices for rancid: username rancid privilege 5 password testpassword enable read-only-password testpassword Login with clogin works as expected. But rancid-run will not work. Here is what the log says: router1: End of run not found 0 || 0 router1: End of run not found Error: TIMEOUT reached router2: End of run not found 0 || 0 router2: End of run not found Error: TIMEOUT reached router3: End of run not found 0 || 0 router3: missed cmd(s): show chassis,show module,show flash,show running-config,write term router3: End of run not found ! router4: End of run not found 0 || 0 router4: missed cmd(s): show chassis,show module,show flash,show running-config,write term router4: End of run not found ! router5: End of run not found 0 || 0 router5: missed cmd(s): show chassis,show module,show flash,show running-config,write term router5: End of run not found What does this "End of run not found" mean? Rancid is able to log in but there seems to be a trouble getting the logs. Thanks for any help Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From jethro.binks at strath.ac.uk Sun Jan 6 16:17:16 2013 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Sun, 6 Jan 2013 16:17:16 +0000 (GMT) Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> Message-ID: On Sun, 6 Jan 2013, Tobias Brunner wrote: > For backing up some of our Brocade router we created a special SSH user > on this devices for rancid: > > username rancid privilege 5 password testpassword If you do this, then you at least also need to do this: privilege exec level 5 skip-page-display > What does this "End of run not found" mean? Rancid is able to log in but > there seems to be a trouble getting the logs. It means that it couldn't work out that it had run all the commands and successfully exited. If the above line doesn't fix your problem, you'll need to run in debug mode and capture the session output in a .raw file to investigate where it is going wrong. I think my flogin/francid are a bit hacked around, so I'd have to compare to see I have any other specific relevant changes to current releases of rancid. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From tobias.brunner at nine.ch Sun Jan 6 21:32:55 2013 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Sun, 06 Jan 2013 22:32:55 +0100 Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> Message-ID: <9dd7b9c6377d9647b89468ecc306699f@nine.ch> Hi, > If you do this, then you at least also need to do this: > > privilege exec level 5 skip-page-display > That was it! THANKS a lot... Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From tobias.brunner at nine.ch Tue Jan 8 13:23:33 2013 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Tue, 08 Jan 2013 14:23:33 +0100 Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> Message-ID: <2804041.1Lv7Ok9DrB@pctobru> Hi (once again), After having the configuration backup running for this Brocade devices, every rancid-run I get the following diff: -- configs/router1 (revision 340) @@ -5,11 +5,11 @@ !NI-X-HSF Switch Fabric Module 1 (Serial #: YYYYYY, Part #: 60-1001588-14) !FE 1: Type fe600, Version 1 !FE 3: Type fe600, Version 1 - !Switch Fabric Module 1 Up Time is 3 days 4 hours 43 seconds + !Switch Fabric Module 1 Up Time is 3 days 11 hours 39 seconds !NI-X-HSF Switch Fabric Module 2 (Serial #: YYYYYY, Part #: 60-1001588-14) !FE 1: Type fe600, Version 1 !FE 3: Type fe600, Version 1 - !Switch Fabric Module 2 Up Time is 3 days 4 hours 43 seconds + !Switch Fabric Module 2 Up Time is 3 days 11 hours 39 seconds How can I exclude these lines from the diff? Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From jethro.binks at strath.ac.uk Tue Jan 8 13:29:25 2013 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 8 Jan 2013 13:29:25 +0000 (GMT) Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: <2804041.1Lv7Ok9DrB@pctobru> References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> <2804041.1Lv7Ok9DrB@pctobru> Message-ID: On Tue, 8 Jan 2013, Tobias Brunner wrote: > Hi (once again), Hi (once again), In my francid, I have the following lines in the ShowVersion function. Again it is hacked around so not sure how it compares to what you have, but you will see it resolves this problem for you: while () { tr/\015//d; next if /^\s*$/; last if (/^$prompt/); next if (/^(The system |Crash time)/); next if (/^(System|(Active|Standby) Management|LP Slot \d+) uptime is/); # This line appears somewhere between Netiron 5.1 and 5.3 next if (/^(Switch Fabric Module \d+ Up Time)/); # remove uptime on newer switches # but retain the stackid itself s/(STACKID \d+)\s+system uptime is.*$/$1/; # See comments at start for more about this flag: if ( $skip_corrupt_serial ) { next if (/^\s+Serial #/); } s/^\s*(HW|SW)/$1/; s/^\s*(Compiled on)/SW: $1/; s/^\s*(\(\d+ bytes\) from )/SW: $1/; #s/^(HW.*)/$1\n/; if (/^SL (\d+)/) { $slot = "Slot $1"; s/^SL \d+/$slot/; } if (/MHz .* processor/) { $slot = "MGMT"; } s/^(\s*\d+ )/$slot:$1/; s/^===*//; ProcessHistory("VERSION","","","!$_"); } Jethro. > > After having the configuration backup running for this Brocade devices, every > rancid-run I get the following diff: > > -- configs/router1 (revision 340) > @@ -5,11 +5,11 @@ > !NI-X-HSF Switch Fabric Module 1 (Serial #: YYYYYY, Part #: 60-1001588-14) > !FE 1: Type fe600, Version 1 > !FE 3: Type fe600, Version 1 > - !Switch Fabric Module 1 Up Time is 3 days 4 hours 43 seconds > + !Switch Fabric Module 1 Up Time is 3 days 11 hours 39 seconds > !NI-X-HSF Switch Fabric Module 2 (Serial #: YYYYYY, Part #: 60-1001588-14) > !FE 1: Type fe600, Version 1 > !FE 3: Type fe600, Version 1 > - !Switch Fabric Module 2 Up Time is 3 days 4 hours 43 seconds > + !Switch Fabric Module 2 Up Time is 3 days 11 hours 39 seconds > > How can I exclude these lines from the diff? > > Cheers, > Tobias > > -- > Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich > Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 > Skype nine.ch_support > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From GMourani at prival.ca Tue Jan 8 14:47:04 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Tue, 8 Jan 2013 14:47:04 +0000 Subject: [rancid] Using ssh version 1 Message-ID: <312FF37225924E42A1D3D228EDBD119315D484D6@PRIVALEX.PrivalODC.lan> Hello list, I've a Cisco switch on which I could only connect via ssh version 1. If I manually try to connect with ssh command on CLI, it works but with Rancid it fail because I need to inform it (rancid) to use version 1 for this host but cannot find how to do it inside .clogin file, here my configs. add user 1.2.3.4 admin add cyphertype 1.2.3.4 3des add password 1.2.3.4 passwd enpasswd add method 1.2.3.4 ssh Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 8 15:01:51 2013 From: heas at shrubbery.net (heasley) Date: Tue, 8 Jan 2013 15:01:51 +0000 Subject: [rancid] Using ssh version 1 In-Reply-To: <312FF37225924E42A1D3D228EDBD119315D484D6@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315D484D6@PRIVALEX.PrivalODC.lan> Message-ID: <20130108150151.GC51268@shrubbery.net> Tue, Jan 08, 2013 at 02:47:04PM +0000, Gerhard Mourani: > Hello list, > > I've a Cisco switch on which I could only connect via ssh version 1. If I manually try to connect with ssh command on CLI, it works but with Rancid it fail because I need to inform it (rancid) to use version 1 for this host but cannot find how to do it inside .clogin file, here my configs. > > add user 1.2.3.4 admin > add cyphertype 1.2.3.4 3des > add password 1.2.3.4 passwd enpasswd > add method 1.2.3.4 ssh you should be able to do this with a Host entry in your .ssh/config file or using sshcmd in your cloginrc. From GMourani at prival.ca Tue Jan 8 16:14:30 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Tue, 8 Jan 2013 16:14:30 +0000 Subject: [rancid] Using ssh version 1 In-Reply-To: <20130108150151.GC51268@shrubbery.net> References: <312FF37225924E42A1D3D228EDBD119315D484D6@PRIVALEX.PrivalODC.lan> <20130108150151.GC51268@shrubbery.net> Message-ID: <312FF37225924E42A1D3D228EDBD119315D486B0@PRIVALEX.PrivalODC.lan> Thanks, Work with the following add: add sshcmd 1.2.3.4 {ssh\ -1} Gerhard, -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: January-08-13 10:02 AM To: Gerhard Mourani Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Using ssh version 1 Tue, Jan 08, 2013 at 02:47:04PM +0000, Gerhard Mourani: > Hello list, > > I've a Cisco switch on which I could only connect via ssh version 1. If I manually try to connect with ssh command on CLI, it works but with Rancid it fail because I need to inform it (rancid) to use version 1 for this host but cannot find how to do it inside .clogin file, here my configs. > > add user 1.2.3.4 admin > add cyphertype 1.2.3.4 3des > add password 1.2.3.4 passwd enpasswd > add method 1.2.3.4 ssh you should be able to do this with a Host entry in your .ssh/config file or using sshcmd in your cloginrc. From heas at shrubbery.net Tue Jan 8 17:04:57 2013 From: heas at shrubbery.net (heasley) Date: Tue, 8 Jan 2013 17:04:57 +0000 Subject: [rancid] Palo Alto In-Reply-To: References: <823B9E9C8CDD8249A91BCD5B0E0F80162215B18801@MAIL.solutionary.com> Message-ID: <20130108170457.GA54693@shrubbery.net> Wed, Jan 02, 2013 at 09:32:47PM +0000, Hughes, Doug: > Yes, somebody else has run across this two, and it's because of the HA firewall setup and prompt change. Try this version that Wouter de Jong and I came up with: Extreme and Catalyst alter their prompts too; see clogin for a code example that does this. > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Arthur Chilipweli > Sent: Wednesday, January 02, 2013 2:41 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Palo Alto > > All, I hope someone can help me out, I have followed up on the configuration of the rancid to pull configs from Palo alto devices, based on this discussion string found here: > http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread > > The login script seems to be working, however I am unable to pull the configs using the scripts, can someone please point me to the right direction please: > [mdrancid at mdrancid ~]$ panlogin 3040-palo-altofw01 > 3040-palo-altofw01 > spawn ssh -c 3des -x -l admin 3040-palo-altofw01 > Password: > Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14 > admin at palo-altofw01 (active)> > admin at palo-altofw01 (active)> exit > > But running a test script to pull configs seems not to be working: > > [mdrancid at mdrancid ~]$ panlogin -t 120 -c "show config running" 3040-palo-altofw01 > 3040-palo-altofw01 > spawn ssh -c 3des -x -l admin 3040-palo-altofw01 > Password: > Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14 > admin at palo-altofw01 (active)> > admin at palo-altofw01 (active)> set cli pager off > admin at palo-altofw01 (active)> > Error: TIMEOUT reached > > --Arthur > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From GMourani at prival.ca Tue Jan 8 18:17:15 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Tue, 8 Jan 2013 18:17:15 +0000 Subject: [rancid] CatOS Message-ID: <312FF37225924E42A1D3D228EDBD119315D48836@PRIVALEX.PrivalODC.lan> Hello List, I've some CatOS switches that returns this king of errors messages. Look to me that the command to get configs parameters are not correct or compatible. Rancid version is 2.3.8 on Linux. Trying to get all of the configs. 10.18.0.8: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec- nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesu p-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun, show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microco de:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: 10.18.0.8: End of run not found Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxb368 at motorola.com Tue Jan 8 18:41:18 2013 From: pxb368 at motorola.com (Danilo Gouveia) Date: Tue, 8 Jan 2013 16:41:18 -0200 Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> <2804041.1Lv7Ok9DrB@pctobru> Message-ID: Is there any specific point in francid that you put this code? I have the same issue here with the STACKID and I tried to put it in the line 514 and it's not working. Thanks On Tue, Jan 8, 2013 at 11:29 AM, Jethro R Binks wrote: > while () { > tr/\015//d; > next if /^\s*$/; > last if (/^$prompt/); > > next if (/^(The system |Crash time)/); > next if (/^(System|(Active|Standby) Management|LP Slot \d+) uptime > is/); > > # This line appears somewhere between Netiron 5.1 and 5.3 > next if (/^(Switch Fabric Module \d+ Up Time)/); > > # remove uptime on newer switches > # but retain the stackid itself > s/(STACKID \d+)\s+system uptime is.*$/$1/; > > # See comments at start for more about this flag: > if ( $skip_corrupt_serial ) { > next if (/^\s+Serial #/); > } > > s/^\s*(HW|SW)/$1/; > s/^\s*(Compiled on)/SW: $1/; > s/^\s*(\(\d+ bytes\) from )/SW: $1/; > > #s/^(HW.*)/$1\n/; > if (/^SL (\d+)/) { > $slot = "Slot $1"; > s/^SL \d+/$slot/; > } > if (/MHz .* processor/) { > $slot = "MGMT"; > } > s/^(\s*\d+ )/$slot:$1/; > s/^===*//; > > ProcessHistory("VERSION","","","!$_"); > } > -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator 55 19 3847 8424 55 19 9160 6441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From tobias.brunner at nine.ch Tue Jan 8 20:35:48 2013 From: tobias.brunner at nine.ch (Tobias Brunner) Date: Tue, 08 Jan 2013 21:35:48 +0100 Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: <2804041.1Lv7Ok9DrB@pctobru> References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> <2804041.1Lv7Ok9DrB@pctobru> Message-ID: <01604c75c00525a1995f95d73e9d2e66@nine.ch> Hi, > After having the configuration backup running for this Brocade > devices, every > rancid-run I get the following diff: > > -- configs/router1 (revision 340) > @@ -5,11 +5,11 @@ > !NI-X-HSF Switch Fabric Module 1 (Serial #: YYYYYY, Part #: > 60-1001588-14) > !FE 1: Type fe600, Version 1 > !FE 3: Type fe600, Version 1 > - !Switch Fabric Module 1 Up Time is 3 days 4 hours 43 seconds > + !Switch Fabric Module 1 Up Time is 3 days 11 hours 39 seconds > !NI-X-HSF Switch Fabric Module 2 (Serial #: YYYYYY, Part #: > 60-1001588-14) > !FE 1: Type fe600, Version 1 > !FE 3: Type fe600, Version 1 > - !Switch Fabric Module 2 Up Time is 3 days 4 hours 43 seconds > + !Switch Fabric Module 2 Up Time is 3 days 11 hours 39 seconds > > How can I exclude these lines from the diff? I got a patch from heasley which excludes this lines from the diff: Index: bin/francid.in =================================================================== --- bin/francid.in (revision 2658) +++ bin/francid.in (working copy) @@ -179,7 +179,7 @@ next if (/^(The system |Crash time)/); next if (/^(System|(Active|Standby) Management|LP Slot \d+|Switch Fabric - Module \d+) uptime is/); + Module \d+) (uptime|Up Time) is/); # remove uptime on newer switches s/(STACKID \d+)\s+system uptime is.*$/$1/; Thanks a lot for this great support! I appreciate it... Cheers, Tobias -- Nine Internet Solutions AG, Albisriederstr. 243a, CH-8047 Zuerich Support +41 44 637 40 40 | Tel +41 44 637 40 00 | Direct +41 44 637 40 13 Skype nine.ch_support From jethro.binks at strath.ac.uk Tue Jan 8 21:07:39 2013 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 8 Jan 2013 21:07:39 +0000 (GMT) Subject: [rancid] Backing up Brocade devices with read-only user In-Reply-To: References: <17c2e2b9c2cb24d4b36e323d3e1acdb9@nine.ch> <2804041.1Lv7Ok9DrB@pctobru> Message-ID: On Tue, 8 Jan 2013, Danilo Gouveia wrote: > Is there any specific point in francid that you put this code? I have the > same issue here with the STACKID and I tried to put it in the line 514 and > it's not working. I posted a chunk of my ShowVersion sub, which had an extra bit which might cause you an issue. Current francid has this one, modified with the change just discussed. Simply replace your current ShowVersion sub with this one following. Jethro. # This routine parses "show version" sub ShowVersion { my($slot); print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; next if /^\s*$/; last if (/^$prompt/); next if (/^(The system |Crash time)/); next if (/^(System|(Active|Standby) Management|LP Slot \d+) uptime is/); # remove uptime on newer switches s/(STACKID \d+)\s+system uptime is.*$/$1/; s/^\s*(HW|SW)/$1/; s/^\s*(Compiled on)/SW: $1/; s/^\s*(\(\d+ bytes\) from )/SW: $1/; #s/^(HW.*)/$1\n/; if (/^SL (\d+)/) { $slot = "Slot $1"; s/^SL \d+/$slot/; } if (/MHz .* processor/) { $slot = "MGMT"; } s/^(\s*\d+ )/$slot:$1/; s/^===*//; ProcessHistory("VERSION","","","!$_"); } ProcessHistory("VERSION","","","!\n"); return(0); } . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From peterjackson1610 at gmail.com Tue Jan 8 22:00:58 2013 From: peterjackson1610 at gmail.com (Peter Jackson) Date: Tue, 8 Jan 2013 17:00:58 -0500 Subject: [rancid] CatOS In-Reply-To: <312FF37225924E42A1D3D228EDBD119315D48836@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315D48836@PRIVALEX.PrivalODC.lan> Message-ID: It looks like the device type is set to cisco, but it should be cat5. On Tue, Jan 8, 2013 at 1:17 PM, Gerhard Mourani wrote: > Hello List,**** > > ** ** > > I?ve some CatOS switches that returns this king of errors messages. Look > to me that the command to get configs parameters are not correct or > compatible.**** > > Rancid version is 2.3.8 on Linux.**** > > ** ** > > Trying to get all of the configs.**** > > 10.18.0.8: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show > capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir > /all sec-**** > > nvram:,show diag chassis-info,dir /all disk2:,show running-config view > full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all > disk0:,show**** > > install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir > /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir > /all slavesu**** > > p-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables > boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show > module,show shun,**** > > show controllers,show diagbus,more system:running-config,dir /all > slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all > sup-bootdisk:,dir**** > > /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all > sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all > sup-microco**** > > de:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all > slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy > secondary,show**** > > running-config,show c7200,dir /all slot1:**** > > 10.18.0.8: End of run not found**** > > ** ** > > Gerhard,**** > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From GMourani at prival.ca Wed Jan 9 18:29:25 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Wed, 9 Jan 2013 18:29:25 +0000 Subject: [rancid] CatOS In-Reply-To: References: <312FF37225924E42A1D3D228EDBD119315D48836@PRIVALEX.PrivalODC.lan> Message-ID: <312FF37225924E42A1D3D228EDBD119315D490C4@PRIVALEX.PrivalODC.lan> Hello Peter, Yes, I've changed cisco for cat5 and now it works. Thanks. Gerhard, From: Peter Jackson [mailto:peterjackson1610 at gmail.com] Sent: January-08-13 5:01 PM To: Gerhard Mourani Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] CatOS It looks like the device type is set to cisco, but it should be cat5. On Tue, Jan 8, 2013 at 1:17 PM, Gerhard Mourani > wrote: Hello List, I've some CatOS switches that returns this king of errors messages. Look to me that the command to get configs parameters are not correct or compatible. Rancid version is 2.3.8 on Linux. Trying to get all of the configs. 10.18.0.8: missed cmd(s): dir /all slavedisk2:,show rsp chassis-info,show capture,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec- nvram:,show diag chassis-info,dir /all disk2:,show running-config view full,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesu p-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,show shun, show controllers,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sup-bootdisk:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microco de:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,show redundancy secondary,show running-config,show c7200,dir /all slot1: 10.18.0.8: End of run not found Gerhard, _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From GMourani at prival.ca Wed Jan 9 18:51:40 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Wed, 9 Jan 2013 18:51:40 +0000 Subject: [rancid] Rancid & email generation Message-ID: <312FF37225924E42A1D3D228EDBD119315D4911A@PRIVALEX.PrivalODC.lan> Hello list, I've some difficulty receiving emails generated by Rancid in my inbox. Mail in general is working fine on the Linux OS and I can send other email without problem. Here my setup. In my /etc/rancid.conf file, I've group called Cisco as follow: LIST_OF_GROUPS="Cisco" /etc/aliases, has Rancid entry as follow: rancid-admin-cisco: rancid-cisco rancid-cisco: root rancid-admin: root rancid: root root: myemail at domain.ca I use exim as mailer and has the following in /etc/exim.conf begin rewrite *@*.domain.ca monitoring at domain.ca The above mean to rewrite everything before @ and after @.domain.ca to monitoring at domain.ca (i.e. rewrite rancid-cisco at host1.domain.ca to monitoring at domain.ca) My problem is that Rancid try to send the email to monitoring at domain.ca instead of myemail at domain.ca (From: monitoring at domain.ca To: monitoring at domain.ca) and I can't see why. However, if I run -> /usr/bin/rancid-run -m myemail at domain.ca, it work and I receive the email. Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From jethro.binks at strath.ac.uk Wed Jan 9 21:49:29 2013 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Wed, 9 Jan 2013 21:49:29 +0000 (GMT) Subject: [rancid] Rancid & email generation In-Reply-To: <312FF37225924E42A1D3D228EDBD119315D4911A@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315D4911A@PRIVALEX.PrivalODC.lan> Message-ID: (I have slightly re-written your original question to make it clearer to me for answering) On Wed, 9 Jan 2013, Gerhard Mourani wrote: > /etc/aliases, has Rancid entry as follow: > rancid-admin-cisco: rancid-cisco > rancid-cisco: root > rancid-admin: root > rancid: root > root: myemail at domain.ca > > I use exim as mailer and has the following in /etc/exim.conf > begin rewrite > *@*.domain.ca monitoring at domain.ca > > The above mean to rewrite everything before @ and after @.domain.ca to > monitoring at domain.ca (i.e. rewrite > > rancid-cisco at host1.domain.ca -> monitoring at domain.ca > > My problem is that Rancid try to send the email to monitoring at domain.ca > instead of myemail at domain.ca (From: monitoring at domain.ca To: > monitoring at domain.ca) and I can't see why. I think this is the explanation: Exim's rewriting happens very early in its message processing, before any relevant alias processing might happen. So the address it is given will be something like rancid-cisco at host1.domain.ca, this matches the rewrite rule and gets converted to monitoring at domain.ca, as does any similar address. As you have it configured, this happens for all header fields and SMTP sender and recipient addresses. Once that rewriting has happened, the addresses no longer match in the alias file so doesn't convert to myemail at domain.ca. > However, if I run -> /usr/bin/rancid-run -m myemail at domain.ca, it work > and I receive the email. When you do this, you have explicitly provided the final recipient address you wanted, and it doesn't match the rewrite rule or the alias file entries, so it delivers as expected. If you are doing this as 'root' on 'host1.domain.ca', I imagine it arrives from 'monitoring at domain.ca', as the rewriting rule will match from 'root at host1.domain.ca'. You shouldn't use rewriting for routing of messages - the feature is intended to 'tidy up' and make addresses canonical. Instead, you probably want a router something like this: forward: driver = redirect domains = *.domain.ca data = myemail at domain.ca (I'm a bit rusty on writing these things from scratch - check the documentation and FAQ for more details.) As a quick fix, it might also work if you add the following to your aliases: monitoring: root which will catch your re-written address, but there are many factors about how you have your Exim configuration arranged that could affect alias processing. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From auzzik at gmail.com Thu Jan 10 06:02:24 2013 From: auzzik at gmail.com (Auzzik) Date: Thu, 10 Jan 2013 17:02:24 +1100 Subject: [rancid] Rancid can't authenticate on device even login and passwords are correct. Clogin is also successful. In-Reply-To: <50EE564E.5040709@gmail.com> References: <50EE564E.5040709@gmail.com> Message-ID: <50EE5970.50208@gmail.com> Good day, I am stacked with a minor problem which I can't fight. Rancid 2.3.6. I have a Cisco ASA. I configured Rancid user on it, but I want to restrict Rancid user on it. So I user privilege commands to do this: username rancid password encrypted privilege 5 It's know that level 5 on ASA is a read-only privileges by default. That's fine. I can login to ASA as a rancid user using SSH client. The problem here is that a rancid user must enable into 5th level using command 'enable 5'. Originally, 'clogin' script has these lines: ------------- # Enable proc do_enable { enauser enapasswd } { global do_saveconfig in_proc global prompt u_prompt e_prompt set in_proc 1 send "enable\r" ... ------------ So, I changed this script to send 'enable 3\r' instead of just 'enable'. I defined all settings for this box in .cloginrc and router.db files as well. It's defined as 'asa:cisco:up' When I use 'clogin' script it works fine: ---------------- $ /usr/libexec/rancid/clogin asa asa spawn ssh -c 3des -x -l rancid asa rancid@[ip]'s password: Type help or '?' for a list of available commands. asa1.local> enable 3 Password: ********************* asa1.local# configure ? ERROR: % Unrecognized command asa1.local# asa1.local# show version | in Hardware Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores) ---------------- As you can see I can't get 'conf t' mode, but I can do 'show' commands. That is what I want. The problem is that when I run '/usr/bin/rancid-run' rancid can't authenticate on device. I see the following in the logs: ----------------------------------------- Trying to get all of the configs. asa: End of run not found !DEBUG: ^ ===================================== Getting missed routers: round 1. asa: End of run not found !DEBUG: ^ ===================================== Getting missed routers: round 2. asa: End of run not found !DEBUG: ^ ending: Thu Jan 9 05:39:46 UTC 2013 ------------------------------------------ I thought rancid uses clogin script to login into cisco devices, but looks like it does not. Please point me out on what else I need to change/fix. Thanks. P.S. Do you have any diagram showing links between all rancid scripts? P.P.S. Is any yum repository with latest rancid packages for rhel6? Auzzik From GMourani at prival.ca Thu Jan 10 13:57:58 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Thu, 10 Jan 2013 13:57:58 +0000 Subject: [rancid] Rancid & email generation In-Reply-To: References: <312FF37225924E42A1D3D228EDBD119315D4911A@PRIVALEX.PrivalODC.lan> Message-ID: <312FF37225924E42A1D3D228EDBD119315D499BD@PRIVALEX.PrivalODC.lan> Thanks Jethro, That's helped a lot. I've changed the Exim rewrite rule (rewrite *@*.domain.ca monitoring at domain.ca) to make it rewrite sender addresses only (rewrite *@*.domain.ca monitoring at domain.ca Ffrs) because I want flexibility in final recipient email address and that part worked now. I can see that Rancid try to send the email to rancid-cisco at host1.domain.ca. Unfortunately, rancid-cisco at host1.domain.ca is not a valid email address and that`s why aliases file should redirect it to root (rancid-cisco: root) which send it to myemail at domain.ca (root: myemail at domain.ca). This part is not working, therefore I suspect Exim to not read the /etc/aliases file for some unknown reasons. So this is an Exim problem. Gerhard, -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jethro R Binks Sent: January-09-13 4:49 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid & email generation (I have slightly re-written your original question to make it clearer to me for answering) On Wed, 9 Jan 2013, Gerhard Mourani wrote: > /etc/aliases, has Rancid entry as follow: > rancid-admin-cisco: rancid-cisco > rancid-cisco: root > rancid-admin: root > rancid: root > root: myemail at domain.ca > > I use exim as mailer and has the following in /etc/exim.conf begin > rewrite *@*.domain.ca monitoring at domain.ca > > The above mean to rewrite everything before @ and after @.domain.ca to > monitoring at domain.ca (i.e. rewrite > > rancid-cisco at host1.domain.ca -> monitoring at domain.ca > > My problem is that Rancid try to send the email to > monitoring at domain.ca instead of myemail at domain.ca (From: monitoring at domain.ca To: > monitoring at domain.ca) and I can't see why. I think this is the explanation: Exim's rewriting happens very early in its message processing, before any relevant alias processing might happen. So the address it is given will be something like rancid-cisco at host1.domain.ca, this matches the rewrite rule and gets converted to monitoring at domain.ca, as does any similar address. As you have it configured, this happens for all header fields and SMTP sender and recipient addresses. Once that rewriting has happened, the addresses no longer match in the alias file so doesn't convert to myemail at domain.ca. > However, if I run -> /usr/bin/rancid-run -m myemail at domain.ca, it work > and I receive the email. When you do this, you have explicitly provided the final recipient address you wanted, and it doesn't match the rewrite rule or the alias file entries, so it delivers as expected. If you are doing this as 'root' on 'host1.domain.ca', I imagine it arrives from 'monitoring at domain.ca', as the rewriting rule will match from 'root at host1.domain.ca'. You shouldn't use rewriting for routing of messages - the feature is intended to 'tidy up' and make addresses canonical. Instead, you probably want a router something like this: forward: driver = redirect domains = *.domain.ca data = myemail at domain.ca (I'm a bit rusty on writing these things from scratch - check the documentation and FAQ for more details.) As a quick fix, it might also work if you add the following to your aliases: monitoring: root which will catch your re-written address, but there are many factors about how you have your Exim configuration arranged that could affect alias processing. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From jethro.binks at strath.ac.uk Thu Jan 10 14:14:47 2013 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 10 Jan 2013 14:14:47 +0000 (GMT) Subject: [rancid] Rancid & email generation In-Reply-To: <312FF37225924E42A1D3D228EDBD119315D499BD@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315D4911A@PRIVALEX.PrivalODC.lan> <312FF37225924E42A1D3D228EDBD119315D499BD@PRIVALEX.PrivalODC.lan> Message-ID: We'll take this discussion offlist as it appears not rancid related directly. Jethro. On Thu, 10 Jan 2013, Gerhard Mourani wrote: > Thanks Jethro, > > That's helped a lot. I've changed the Exim rewrite rule (rewrite *@*.domain.ca monitoring at domain.ca) to make it rewrite sender addresses only (rewrite *@*.domain.ca monitoring at domain.ca Ffrs) because I want flexibility in final recipient email address and that part worked now. I can see that Rancid try to send the email to rancid-cisco at host1.domain.ca. > > Unfortunately, rancid-cisco at host1.domain.ca is not a valid email address and that`s why aliases file should redirect it to root (rancid-cisco: root) which send it to myemail at domain.ca (root: myemail at domain.ca). This part is not working, therefore I suspect Exim to not read the /etc/aliases file for some unknown reasons. So this is an Exim problem. > > Gerhard, > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jethro R Binks > Sent: January-09-13 4:49 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Rancid & email generation > > (I have slightly re-written your original question to make it clearer to me for answering) > > On Wed, 9 Jan 2013, Gerhard Mourani wrote: > > > /etc/aliases, has Rancid entry as follow: > > rancid-admin-cisco: rancid-cisco > > rancid-cisco: root > > rancid-admin: root > > rancid: root > > root: myemail at domain.ca > > > > I use exim as mailer and has the following in /etc/exim.conf begin > > rewrite *@*.domain.ca monitoring at domain.ca > > > > The above mean to rewrite everything before @ and after @.domain.ca to > > monitoring at domain.ca (i.e. rewrite > > > > rancid-cisco at host1.domain.ca -> monitoring at domain.ca > > > > My problem is that Rancid try to send the email to > > monitoring at domain.ca instead of myemail at domain.ca (From: monitoring at domain.ca To: > > monitoring at domain.ca) and I can't see why. > > I think this is the explanation: > > Exim's rewriting happens very early in its message processing, before any relevant alias processing might happen. So the address it is given will be something like rancid-cisco at host1.domain.ca, this matches the rewrite rule and gets converted to monitoring at domain.ca, as does any similar address. As you have it configured, this happens for all header fields and SMTP sender and recipient addresses. Once that rewriting has happened, the addresses no longer match in the alias file so doesn't convert to myemail at domain.ca. > > > However, if I run -> /usr/bin/rancid-run -m myemail at domain.ca, it work > > and I receive the email. > > When you do this, you have explicitly provided the final recipient address you wanted, and it doesn't match the rewrite rule or the alias file entries, so it delivers as expected. If you are doing this as 'root' on 'host1.domain.ca', I imagine it arrives from 'monitoring at domain.ca', as the rewriting rule will match from 'root at host1.domain.ca'. > > You shouldn't use rewriting for routing of messages - the feature is intended to 'tidy up' and make addresses canonical. > > Instead, you probably want a router something like this: > > forward: > driver = redirect > domains = *.domain.ca > data = myemail at domain.ca > > (I'm a bit rusty on writing these things from scratch - check the documentation and FAQ for more details.) > > As a quick fix, it might also work if you add the following to your > aliases: > > monitoring: root > > which will catch your re-written address, but there are many factors about how you have your Exim configuration arranged that could affect alias processing. > > Jethro. > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From GMourani at prival.ca Thu Jan 10 14:43:07 2013 From: GMourani at prival.ca (Gerhard Mourani) Date: Thu, 10 Jan 2013 14:43:07 +0000 Subject: [rancid] Ranicd & Meru controllers Message-ID: <312FF37225924E42A1D3D228EDBD119315D49A78@PRIVALEX.PrivalODC.lan> Hello List, I would like to know is that someone has already made Rancid work with Meru controllers? I've a Meru 1500 Wireless Controller on which I can connect with SSH. Gerhard, -------------- next part -------------- An HTML attachment was scrubbed... URL: From agustin.roca at globant.com Mon Jan 14 14:36:00 2013 From: agustin.roca at globant.com (Agustin Roca) Date: Mon, 14 Jan 2013 11:36:00 -0300 Subject: [rancid] Issue with rancid and Juniper devices Message-ID: Getting Timeout after login. rancid]$ jlogin -d -c 'get system version' ar-device expect: does "Telmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match regular expression "(\r\n|\n)"? no "^[^ ]+>"? yes expect: set expect_out(0,string) "Telmex:AR-BADC-FS140-01(M)->" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Telmex:AR-BADC-FS140-01(M)->" send: sending "set cli complete-on-space off\r" to { exp6 } expect: does " " (spawn_id exp6) match regular expression "Telmex:AR-BADC-FS140-01(M)-[#>]"? no set cli complete-on-space off ^------unknown keyword cli Telmex:AR-BADC-FS140-01(M)-> expect: does " set cli complete-on-space off\r\n ^------unknown keyword cli\r\nTelmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match regular expression "Telmex:AR-BADC-FS140-01(M)-[#>]"? no expect: timed out Error: TIMEOUT reached write() failed to write anything - will sleep(1) and retry... My cloginrc for that device is: add user ar-* rancid add password ar-* {passwd} add method * ssh add autoenable ar-* 1 Any hint will be aprreciated. [image: http://www.globant.com/images/globant_130x25.gif] *Agustin Roca* GIST Information Security Analyst CEHv7 AR: +54 11 4109 1700 ext. 8098 Mobile: +15 5022 3042 agustin.roca at globant.com [image: http://www.globant.com/images/pxtransp.gif] *Having the right people is more important than having the right tools. ?Having the right people? requires hiring the right people, investing in them, and retaining them ? three processes we often get wrong.* -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 168 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1960 bytes Desc: not available URL: From daffster at gmail.com Tue Jan 15 10:13:25 2013 From: daffster at gmail.com (Kieran Murphy) Date: Tue, 15 Jan 2013 10:13:25 +0000 Subject: [rancid] Issue with rancid and Juniper devices In-Reply-To: References: Message-ID: Judging by that device prompt, it looks like you're trying to login to a Netscreen device. So you'll need to use device type netscreen, which uses nrancid and nlogin On Mon, Jan 14, 2013 at 2:36 PM, Agustin Roca wrote: > Getting Timeout after login. > > rancid]$ jlogin -d -c 'get system version' ar-device > > > expect: does "Telmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match regular > expression "(\r\n|\n)"? no > "^[^ ]+>"? yes > expect: set expect_out(0,string) "Telmex:AR-BADC-FS140-01(M)->" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "Telmex:AR-BADC-FS140-01(M)->" > send: sending "set cli complete-on-space off\r" to { exp6 } > > expect: does " " (spawn_id exp6) match regular expression > "Telmex:AR-BADC-FS140-01(M)-[#>]"? no > set cli complete-on-space off > ^------unknown keyword cli > Telmex:AR-BADC-FS140-01(M)-> > expect: does " set cli complete-on-space > off\r\n ^------unknown keyword > cli\r\nTelmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match regular > expression "Telmex:AR-BADC-FS140-01(M)-[#>]"? no > expect: timed out > > Error: TIMEOUT reached > write() failed to write anything - will sleep(1) and retry... > > > My cloginrc for that device is: > add user ar-* rancid > add password ar-* {passwd} > add method * ssh > add autoenable ar-* 1 > > Any hint will be aprreciated. > > [image: http://www.globant.com/images/globant_130x25.gif] > > *Agustin Roca* > GIST Information Security Analyst > CEHv7 > > AR: +54 11 4109 1700 ext. 8098 > Mobile: +15 5022 3042 > agustin.roca at globant.com > > [image: http://www.globant.com/images/pxtransp.gif] > *Having the right people is more important than having the right tools. > ?Having the right people? requires hiring the right people, investing in > them, and retaining them ? three processes we often get wrong.* > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1960 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 168 bytes Desc: not available URL: From agustin.roca at globant.com Tue Jan 15 12:28:09 2013 From: agustin.roca at globant.com (Agustin Roca) Date: Tue, 15 Jan 2013 09:28:09 -0300 Subject: [rancid] Issue with rancid and Juniper devices In-Reply-To: References: Message-ID: Yes! i did that yesterday while and it worked. I tried to answer my own mail but didnt get it. Thanks for the reply! [image: http://www.globant.com/images/globant_130x25.gif] *Agustin Roca* GIST Information Security Analyst CEHv7 AR: +54 11 4109 1700 ext. 8098 Mobile: +15 5022 3042 agustin.roca at globant.com [image: http://www.globant.com/images/pxtransp.gif] *Having the right people is more important than having the right tools. ?Having the right people? requires hiring the right people, investing in them, and retaining them ? three processes we often get wrong.* 2013/1/15 Kieran Murphy > Judging by that device prompt, it looks like you're trying to login to a > Netscreen device. > > So you'll need to use device type netscreen, which uses nrancid and nlogin > > > On Mon, Jan 14, 2013 at 2:36 PM, Agustin Roca wrote: > >> Getting Timeout after login. >> >> rancid]$ jlogin -d -c 'get system version' ar-device >> >> >> expect: does "Telmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match >> regular expression "(\r\n|\n)"? no >> "^[^ ]+>"? yes >> expect: set expect_out(0,string) "Telmex:AR-BADC-FS140-01(M)->" >> expect: set expect_out(spawn_id) "exp6" >> expect: set expect_out(buffer) "Telmex:AR-BADC-FS140-01(M)->" >> send: sending "set cli complete-on-space off\r" to { exp6 } >> >> expect: does " " (spawn_id exp6) match regular expression >> "Telmex:AR-BADC-FS140-01(M)-[#>]"? no >> set cli complete-on-space off >> ^------unknown keyword cli >> Telmex:AR-BADC-FS140-01(M)-> >> expect: does " set cli complete-on-space >> off\r\n ^------unknown keyword >> cli\r\nTelmex:AR-BADC-FS140-01(M)-> " (spawn_id exp6) match regular >> expression "Telmex:AR-BADC-FS140-01(M)-[#>]"? no >> expect: timed out >> >> Error: TIMEOUT reached >> write() failed to write anything - will sleep(1) and retry... >> >> >> My cloginrc for that device is: >> add user ar-* rancid >> add password ar-* {passwd} >> add method * ssh >> add autoenable ar-* 1 >> >> Any hint will be aprreciated. >> >> [image: http://www.globant.com/images/globant_130x25.gif] >> >> *Agustin Roca* >> GIST Information Security Analyst >> CEHv7 >> >> AR: +54 11 4109 1700 ext. 8098 >> Mobile: +15 5022 3042 >> agustin.roca at globant.com >> >> [image: http://www.globant.com/images/pxtransp.gif] >> *Having the right people is more important than having the right tools. >> ?Having the right people? requires hiring the right people, investing in >> them, and retaining them ? three processes we often get wrong.* >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1960 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 168 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1960 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 168 bytes Desc: not available URL: From fenner at gmail.com Sat Jan 19 14:43:27 2013 From: fenner at gmail.com (Bill Fenner) Date: Sat, 19 Jan 2013 09:43:27 -0500 Subject: [rancid] PfSense Package [semi-solved!] In-Reply-To: References: Message-ID: On Wed, Dec 19, 2012 at 12:01 PM, James Bensley wrote: > Hi Danilo > > Thanks for that link to the pfSense package. Finding a pfSense plugin > was on my to do list, I just hadn't gotten that far yet. I have this > working now although I had a few issues. > > To use this, unpack the three files into your RANCID bin directory. > This is likely something like /usr/lib/rancid/bin/ or > /usr/local/rancid/bin/. In there you will find an existing file > "rancid-fe", replace or merge with the new one to update your devices > definitions. Now you can add pfsense firewalls to your devices.db file > with the type of "m0n0", which is what you will use for pfSense. Even > it says m0n0 as pfSense is a fork of m0n0wall, m0n0walls don't support > SSH and this script tries telnet/ssh/rsh so it won't work on them. > > Also, note that you must enable SSH on your pfSense box if it isn't > already. I then added user which only has the right to SSH in. > > These scripts are a bit broken though and my scripting skills aren't > the best; so I am in fact stuck. I have hacked them about a bit and > now get the following output in my hourly rancid emails (which you can > trigger manually with (rancid-run -r my-pfsense-device.fqdn.com) > > Index: configs/my-pfsense-device.fqdn.com > =================================================================== > retrieving revision 1.2 > diff -U 4 -r1.2 my-pfsense-device.fqdn.com > @@ -1 +1,1769 @@ > - exec m0n0login -t 120 -c "uname -a;cat /cf/conf/config.xml" > my-pfsense-device.fqdn.com > + my-pfsense-device.fqdn.com > + spawn ssh -2 -x -l rancid my-pfsense-device.fqdn.com > + Password: > + Last login: Wed Dec 19 10:28:47 2012 from 89.21.224.35 > + Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 > + The Regents of the University of California. All rights reserved. > + > + > + [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid > [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] > [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m: > [0;40;37m > uname -a > + FreeBSD my-pfsense-device.fqdn.com 8.1-RELEASE-p6 FreeBSD > 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011 > root at FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 > i386 > + [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid > [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] > [0;1;32m/home/rancid [0;1;33m( [0;1;37m2 [0;1;33m) [0;1;36m [0;1;31m: > [0;40;37m > cat /cf/conf/config.xml > + > + > > As you can see from this opening snippet there are two problems; > Firstly, the expect script m0n0login is including the SSH MTOD/Banner > stuff (I said my scripting wasn't great, although this doesn't really > matter). Secondly, an issue which does actually matter, when you SSH > to a pfSense box they have coloured terminal output and SSH is > spitting this out (the colouring info) in to the expect script, so the > prompt on my test pfSense box which usually looks like this; > > [2.0.1-RELEASE][username at my-pfsense-device.fqdn.com]/home/username(1): > > Now looks like this; > > [0;1;33m[ [0;1;37m2.0.1-RELEASE [0;1;33m] [0;1;33m[ [0;1;37mrancid > [0;1;31m@ [0;1;37mmy-pfsense-device.fqdn.com [0;1;33m] > [0;1;32m/home/rancid [0;1;33m( [0;1;37m1 [0;1;33m) [0;1;36m [0;1;31m: > [0;40;37m > > I will continue to try and fix this by either of the below and post > back the fix here once it is solved, but I have no idea how long that > will take; > 1 - Someone wiser than me here can tell me how to stop SSH from either > accepting the colouring info from the pfSense box or not display it on > stdout > 2 - I find help else where My solution to this is to edit the rancid user's ~/.tcshrc on the pfsense box to only contain: set prompt="pfsense# " Not hugely scalable, but I only have a handful of pfsense boxes to collect from. I agree that it'd be nicer for m0n0login to be able to strip the ANSI escape sequences. Bill From heas at shrubbery.net Sat Jan 19 18:20:03 2013 From: heas at shrubbery.net (heasley) Date: Sat, 19 Jan 2013 18:20:03 +0000 Subject: [rancid] PfSense Package [semi-solved!] In-Reply-To: References: Message-ID: <20130119182003.GS54693@shrubbery.net> Sat, Jan 19, 2013 at 09:43:27AM -0500, Bill Fenner: > I agree that it'd be nicer for m0n0login to be able to strip the ANSI > escape sequences. try using hpuifilter, as in hlogin. i have yet to be sucessful getting pfsense to work in a vm, so i havent tried this myself.