From xmin0s at gmail.com Wed May 1 16:24:49 2013 From: xmin0s at gmail.com (Tim Eberhard) Date: Wed, 1 May 2013 09:24:49 -0700 Subject: [rancid] backup problems with new element type Message-ID: Rancid folks, I've hit a wall and I was hoping you all might be able to provide some insight. In an attempt to get some palo alto firewalls added to rancid for config backup I'm having issues with rancid properly logging in. >From the logs I see this for all the firewalls: # firewall1 panlogin error: Error: Check your passwd for firewall1 firewall1: missed cmd(s): show config running,set cli pager off,set cli configuration-output-format set,set cli scripting-mode on,show system info firewall1: End of run not found # If I run it via CLI (sudo su - ranciduser before running it..) it completes correctly. Both are using the exact same clogin file as this works for a lot of routers and other firewalls. It's just specifically the palo alto firewalls that are failing. Suggestions on what to check or how to debug this behavior? # [ranciduser at tools ~]$ /usr/local/rancid/bin/panrancid -d firewall1 executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;set cli configuration-output-format set;show system info;show config running" firewall1 line: firewall1 line: spawn ssh -c 3des -x -l ranciduser firewall1 line: Password: line: Last login: Wed May 1 12:12:57 2013 from tools.removed.com line: ranciduser at fw1(passive)> line: ranciduser at fw1(passive)> line: ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> set cli scripting-mode on PROMPT MATCH: ranciduser at fw1\(passive\)[#>] HIT COMMAND:ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> set cli scripting-mode on COMMAND is: set cli scripting-mode on|EatCommand HIT COMMAND:ranciduser at fw1(passive)> set cli pager off COMMAND is: set cli pager off|EatCommand HIT COMMAND:ranciduser at fw1(passive)> set cli configuration-output-format set COMMAND is: set cli configuration-output-format set|EatCommand HIT COMMAND:ranciduser at fw1(passive)> show system info COMMAND is: show system info|ShowInfo In ShowInfo:: ranciduser at fw1(passive)> show system info HIT COMMAND:ranciduser at fw1(passive)> show config running COMMAND is: show config running|ShowConfig In ShowConfig: ranciduser at fw1(passive)> show config running line: exiting # Thanks for your help! -Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From Douglas.Hughes at DEShawResearch.com Wed May 1 19:13:07 2013 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Wed, 1 May 2013 19:13:07 +0000 Subject: [rancid] backup problems with new element type In-Reply-To: References: Message-ID: Hrm.. that is odd. I'd turn on debugging with panlogin and see what it's actually trying to send. It sure does seem like it's either a bad password or a failure to match the password prompt in some way. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Tim Eberhard Sent: Wednesday, May 01, 2013 12:25 PM To: rancid-discuss at shrubbery.net Subject: [rancid] backup problems with new element type Rancid folks, I've hit a wall and I was hoping you all might be able to provide some insight. In an attempt to get some palo alto firewalls added to rancid for config backup I'm having issues with rancid properly logging in. >From the logs I see this for all the firewalls: # firewall1 panlogin error: Error: Check your passwd for firewall1 firewall1: missed cmd(s): show config running,set cli pager off,set cli configuration-output-format set,set cli scripting-mode on,show system info firewall1: End of run not found # If I run it via CLI (sudo su - ranciduser before running it..) it completes correctly. Both are using the exact same clogin file as this works for a lot of routers and other firewalls. It's just specifically the palo alto firewalls that are failing. Suggestions on what to check or how to debug this behavior? # [ranciduser at tools ~]$ /usr/local/rancid/bin/panrancid -d firewall1 executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;set cli configuration-output-format set;show system info;show config running" firewall1 line: firewall1 line: spawn ssh -c 3des -x -l ranciduser firewall1 line: Password: line: Last login: Wed May 1 12:12:57 2013 from tools.removed.com line: ranciduser at fw1(passive)> line: ranciduser at fw1(passive)> line: ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> set cli scripting-mode on PROMPT MATCH: ranciduser at fw1\(passive\)[#>] HIT COMMAND:ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> set cli scripting-mode on COMMAND is: set cli scripting-mode on|EatCommand HIT COMMAND:ranciduser at fw1(passive)> set cli pager off COMMAND is: set cli pager off|EatCommand HIT COMMAND:ranciduser at fw1(passive)> set cli configuration-output-format set COMMAND is: set cli configuration-output-format set|EatCommand HIT COMMAND:ranciduser at fw1(passive)> show system info COMMAND is: show system info|ShowInfo In ShowInfo:: ranciduser at fw1(passive)> show system info HIT COMMAND:ranciduser at fw1(passive)> show config running COMMAND is: show config running|ShowConfig In ShowConfig: ranciduser at fw1(passive)> show config running line: exiting # Thanks for your help! -Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From xmin0s at gmail.com Wed May 1 20:11:50 2013 From: xmin0s at gmail.com (Tim Eberhard) Date: Wed, 1 May 2013 13:11:50 -0700 Subject: [rancid] backup problems with new element type In-Reply-To: References: Message-ID: I think I figured it out. The user account had a .cloginrc file in the home directory. I also found a .cloginrc file within the rancid directory. Looks like it was using the .clogin file in the rancid directory. I hadn't known about that and I had been making my changes to the .clogin in the home directory of the user. Interesting behavior I didn't see documented anywhere. Thanks for your help! -Tim On Wed, May 1, 2013 at 12:13 PM, Hughes, Doug < Douglas.Hughes at deshawresearch.com> wrote: > Hrm.. that is odd. I?d turn on debugging with panlogin and see what it?s > actually trying to send. It sure does seem like it?s either a bad password > or a failure to match the password prompt in some way.**** > > ** ** > > ** ** > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Tim Eberhard > *Sent:* Wednesday, May 01, 2013 12:25 PM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] backup problems with new element type**** > > ** ** > > Rancid folks,**** > > ** ** > > I've hit a wall and I was hoping you all might be able to provide some > insight. **** > > ** ** > > In an attempt to get some palo alto firewalls added to rancid for config > backup I'm having issues with rancid properly logging in.**** > > ** ** > > From the logs I see this for all the firewalls:**** > > #**** > > firewall1 panlogin error: Error: Check your passwd for firewall1**** > > firewall1: missed cmd(s): show config running,set cli pager off,set cli > configuration-output-format set,set cli scripting-mode on,show system info > **** > > firewall1: End of run not found**** > > #**** > > ** ** > > If I run it via CLI (sudo su - ranciduser before running it..) it > completes correctly. Both are using the exact same clogin file as this > works for a lot of routers and other firewalls. It's just specifically the > palo alto firewalls that are failing. Suggestions on what to check or how > to debug this behavior? **** > > ** ** > > ** ** > > #**** > > [ranciduser at tools ~]$ /usr/local/rancid/bin/panrancid -d firewall1**** > > executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager > off;set cli configuration-output-format set;show system info;show config > running" firewall1**** > > line: firewall1**** > > line: spawn ssh -c 3des -x -l ranciduser firewall1**** > > line: Password:**** > > line: Last login: Wed May 1 12:12:57 2013 from tools.removed.com**** > > line: ranciduser at fw1(passive)>**** > > line: ranciduser at fw1(passive)>**** > > line: ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli > ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> > set cli scripting-mode on**** > > PROMPT MATCH: ranciduser at fw1\(passive\)[#>]**** > > HIT COMMAND:ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli > ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> > set cli scripting-mode on**** > > COMMAND is: set cli scripting-mode on|EatCommand**** > > HIT COMMAND:ranciduser at fw1(passive)> set cli pager off**** > > COMMAND is: set cli pager off|EatCommand**** > > HIT COMMAND:ranciduser at fw1(passive)> set cli configuration-output-format > set**** > > COMMAND is: set cli configuration-output-format set|EatCommand**** > > HIT COMMAND:ranciduser at fw1(passive)> show system info**** > > COMMAND is: show system info|ShowInfo**** > > In ShowInfo:: ranciduser at fw1(passive)> show system info**** > > HIT COMMAND:ranciduser at fw1(passive)> show config running**** > > COMMAND is: show config running|ShowConfig**** > > In ShowConfig: ranciduser at fw1(passive)> show config running**** > > line:**** > > exiting**** > > #**** > > ** ** > > ** ** > > Thanks for your help!**** > > -Tim**** > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu May 2 05:55:25 2013 From: heas at shrubbery.net (heasley) Date: Thu, 2 May 2013 05:55:25 +0000 Subject: [rancid] backup problems with new element type In-Reply-To: References: Message-ID: <20130502055525.GH23797@shrubbery.net> Wed, May 01, 2013 at 01:11:50PM -0700, Tim Eberhard: > I think I figured it out. The user account had a .cloginrc file in the home > directory. I also found a .cloginrc file within the rancid directory. Looks > like it was using the .clogin file in the rancid directory. I hadn't known > about that and I had been making my changes to the .clogin in the home > directory of the user. > > Interesting behavior I didn't see documented anywhere. there is no such default behavior. a cloginrc can include another, or an environment variable can be set to another path, but it does not read multiple nor other that of users' by default. > Thanks for your help! > -Tim > > > On Wed, May 1, 2013 at 12:13 PM, Hughes, Doug < > Douglas.Hughes at deshawresearch.com> wrote: > > > Hrm.. that is odd. I?d turn on debugging with panlogin and see what it?s > > actually trying to send. It sure does seem like it?s either a bad password > > or a failure to match the password prompt in some way.**** > > > > ** ** > > > > ** ** > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Tim Eberhard > > *Sent:* Wednesday, May 01, 2013 12:25 PM > > *To:* rancid-discuss at shrubbery.net > > *Subject:* [rancid] backup problems with new element type**** > > > > ** ** > > > > Rancid folks,**** > > > > ** ** > > > > I've hit a wall and I was hoping you all might be able to provide some > > insight. **** > > > > ** ** > > > > In an attempt to get some palo alto firewalls added to rancid for config > > backup I'm having issues with rancid properly logging in.**** > > > > ** ** > > > > From the logs I see this for all the firewalls:**** > > > > #**** > > > > firewall1 panlogin error: Error: Check your passwd for firewall1**** > > > > firewall1: missed cmd(s): show config running,set cli pager off,set cli > > configuration-output-format set,set cli scripting-mode on,show system info > > **** > > > > firewall1: End of run not found**** > > > > #**** > > > > ** ** > > > > If I run it via CLI (sudo su - ranciduser before running it..) it > > completes correctly. Both are using the exact same clogin file as this > > works for a lot of routers and other firewalls. It's just specifically the > > palo alto firewalls that are failing. Suggestions on what to check or how > > to debug this behavior? **** > > > > ** ** > > > > ** ** > > > > #**** > > > > [ranciduser at tools ~]$ /usr/local/rancid/bin/panrancid -d firewall1**** > > > > executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager > > off;set cli configuration-output-format set;show system info;show config > > running" firewall1**** > > > > line: firewall1**** > > > > line: spawn ssh -c 3des -x -l ranciduser firewall1**** > > > > line: Password:**** > > > > line: Last login: Wed May 1 12:12:57 2013 from tools.removed.com**** > > > > line: ranciduser at fw1(passive)>**** > > > > line: ranciduser at fw1(passive)>**** > > > > line: ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli > > ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> > > set cli scripting-mode on**** > > > > PROMPT MATCH: ranciduser at fw1\(passive\)[#>]**** > > > > HIT COMMAND:ranciduser at fw1(passive)> set ranciduser at fw1(passive)> set cli > > ranciduser at fw1(passive)> set cli scripting-mode ranciduser at fw1(passive)> > > set cli scripting-mode on**** > > > > COMMAND is: set cli scripting-mode on|EatCommand**** > > > > HIT COMMAND:ranciduser at fw1(passive)> set cli pager off**** > > > > COMMAND is: set cli pager off|EatCommand**** > > > > HIT COMMAND:ranciduser at fw1(passive)> set cli configuration-output-format > > set**** > > > > COMMAND is: set cli configuration-output-format set|EatCommand**** > > > > HIT COMMAND:ranciduser at fw1(passive)> show system info**** > > > > COMMAND is: show system info|ShowInfo**** > > > > In ShowInfo:: ranciduser at fw1(passive)> show system info**** > > > > HIT COMMAND:ranciduser at fw1(passive)> show config running**** > > > > COMMAND is: show config running|ShowConfig**** > > > > In ShowConfig: ranciduser at fw1(passive)> show config running**** > > > > line:**** > > > > exiting**** > > > > #**** > > > > ** ** > > > > ** ** > > > > Thanks for your help!**** > > > > -Tim**** > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dariusjs at gmail.com Wed May 8 11:01:07 2013 From: dariusjs at gmail.com (Darius Seroka) Date: Wed, 8 May 2013 13:01:07 +0200 Subject: [rancid] Rancid on CentOS 6.3 In-Reply-To: References: Message-ID: I havent deployed RANCID for a while but last time I used this git repo as it seemed to have been quite patched up. https://github.com/dotwaffle/rancid-git The stuff on epel was quite outdated at the time. -- Regards, Darius Jan Seroka dariusjs at gmail.com On Sun, Apr 28, 2013 at 11:59 PM, Andrew S. Meyer wrote: > Hi, > i'm trying to setup Rancid on CentOS 6.3 from the EPEL yum repo. I was > able to get it installed but, but can't seem to get it working. > > This is what is in my /var/log/rancid/rancidlog.log > > starting: Sun Apr 28 15:01:01 CDT 2013 > > ending: Sun Apr 28 15:01:01 CDT 2013 > [root at server rancid]# > > > > Is there a reason why there are no details in the log files? > > > > Also I have no idea where the backup files are going too... > > Can anyone shed some light on this? Or should I uninstall and install > from source? Is there a RPM avaialble elsewhere? > > > > Thank you > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthew at walster.org Thu May 9 11:31:03 2013 From: matthew at walster.org (Matthew Walster) Date: Thu, 9 May 2013 12:31:03 +0100 Subject: [rancid] Rancid on CentOS 6.3 In-Reply-To: References: Message-ID: On 8 May 2013 12:01, Darius Seroka wrote: > I havent deployed RANCID for a while but last time I used this git repo as > it seemed to have been quite patched up. > https://github.com/dotwaffle/rancid-git The stuff on epel was quite > outdated at the time. > ?As the guy who maintains that repo, I'd be very wary of it. Try and use the RANCID tarball on the shrubbery.net website if you can, it's almost certainly tested to a very much higher degree than my changesets. Essentially, that repo was created because I wanted to add git support and have a sane way of merging in the latest releases. Then a bunch of other things got hacked in -- HTML colorized emails, Netgear support, F5 >=v10? support, stuff that really only gets tested about once a year when I get something new in front of me that RANCID mainline doesn't support quite as well as it could do given an unlimited supply of free time. It also seems to attract every crazy out there who emails me personally asking for help installing RANCID but not understanding it's a Next>Next>Next>Finish affair. I'm hoping that once RANCID 3 becomes stable that my repo can be retired as I imagine it gives quite a few people headaches. M -------------- next part -------------- An HTML attachment was scrubbed... URL: From natxo.asenjo at gmail.com Tue May 14 08:04:18 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Tue, 14 May 2013 10:04:18 +0200 Subject: [rancid] cannot login to sf302-08P managed swictch Message-ID: hi, http://www.cisco.com/en/US/products/ps10898/prod_models_comparison.html we have a few of those cheap(er) managed switches by cisco and I cannot seem to login: $ bin/clogin switch switch spawn telnet switch Trying ip.ad.dr.ess... Connected to swtich Escape character is '^]'. SWITCH Authorized access only! You have entered a secured system. Disconnect IMMEDIATELY if you are not an authorized user! User Name: This is the relevant part of my .cloginrc: add user switch add password switch {paassword} add method switch {telnet} I tried enclosing the user name in {} but that does not help either. Any clues? Does anyone have those devices on their networks? I am aware this is a SOHO device, but this is is full of enterprisey features. -- Groeten, natxo -------------- next part -------------- An HTML attachment was scrubbed... URL: From ntop at ale.cx Tue May 14 16:02:01 2013 From: ntop at ale.cx (Alex DEKKER) Date: Tue, 14 May 2013 17:02:01 +0100 Subject: [rancid] cannot login to sf302-08P managed swictch In-Reply-To: References: Message-ID: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> On 2013-05-14 09:04, Natxo Asenjo wrote: > User Name: I'm guessing that clogin is waiting for something it recognises as a username prompt and in the mean time the switch closes the connection: $ clogin 192.168.253.20 192.168.253.20 spawn ssh -c 3des -x -l admin 192.168.253.20 User Name: Error: Connection closed (ssh): 192.168.253.20 > This is the relevant part of my .cloginrc: > > add user switch ??? I don't see a username in here ^^^ > add password switch {paassword} > add method switch {telnet} > > I tried enclosing the user name in {} but that does not help either. > > Any clues? Does anyone have those devices on their networks? Yes, I'd like to do the same with some SG500x. alexd From peo at chalmers.se Wed May 15 05:16:46 2013 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 15 May 2013 07:16:46 +0200 Subject: [rancid] cannot login to sf302-08P managed swictch In-Reply-To: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> References: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> Message-ID: <51931A3E.3040209@chalmers.se> On 05/14/2013 06:02 PM, Alex DEKKER wrote: > On 2013-05-14 09:04, Natxo Asenjo wrote: > >> User Name: > > I'm guessing that clogin is waiting for something it recognises as a username prompt and in the mean time the > switch closes the connection: > > $ clogin 192.168.253.20 > 192.168.253.20 > spawn ssh -c 3des -x -l admin 192.168.253.20 > > > > User Name: > Error: Connection closed (ssh): 192.168.253.20 > > Or just a new prompter for user name default from clogin ... set u_prompt "(Username|Login|login|user name|User):" ... it will not match from .cloginrc ... # add userprompt # What the router prints to prompt for the username. # Default: {"(Username|login|user name):"} ... So what about testing add userprompt switch {User name:} in your .cloginrc >> This is the relevant part of my .cloginrc: >> >> add user switch > > I don't see a username in here ^^^ > >> add password switch {paassword} >> add method switch {telnet} >> >> I tried enclosing the user name in {} but that does not help either. >> >> Any clues? Does anyone have those devices on their networks? > > Yes, I'd like to do the same with some SG500x. > > alexd > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From rancid at ale.cx Wed May 15 09:19:31 2013 From: rancid at ale.cx (Alex DEKKER) Date: Wed, 15 May 2013 10:19:31 +0100 Subject: [rancid] cannot login to sf302-08P managed swictch In-Reply-To: <51931A3E.3040209@chalmers.se> References: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> <51931A3E.3040209@chalmers.se> Message-ID: <8e937ee271cb6c6616a8a712a2ff5ff5@ale.cx> On 2013-05-15 06:16, Per-Olof Olsson wrote: > So what about testing > add userprompt switch {User name:} > in your .cloginrc Thanks for that Per-Olof. Adding add userprompt 192.168.253.20 {"User Name:"} to .cloginrc has done the trick. alexd From rancid at ale.cx Wed May 15 09:24:57 2013 From: rancid at ale.cx (Alex DEKKER) Date: Wed, 15 May 2013 10:24:57 +0100 Subject: [rancid] cannot login to sf302-08P managed swictch In-Reply-To: <8e937ee271cb6c6616a8a712a2ff5ff5@ale.cx> References: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> <51931A3E.3040209@chalmers.se> <8e937ee271cb6c6616a8a712a2ff5ff5@ale.cx> Message-ID: <341a16402eacf24dd921eb955ad49616@ale.cx> On 2013-05-15 10:19, Alex DEKKER wrote: > Adding > > add userprompt 192.168.253.20 {"User Name:"} > > to .cloginrc has done the trick. Of course I should have known that it was never going to be that easy. These are not IOS devices and the commands they support only intersect in a small way with IOS, so it's probably going to need a new router type. Trying to get all of the configs. 192.168.253.20 clogin error: Error: TIMEOUT reached 192.168.253.20: missed cmd(s): show env all,show module,admin show diag,show rsp chassis-info,admin show env all,show controllers,admin show version,show diagbus,show diag,more system:running-config,show gsr chassis,show debug,show idprom backplane,show diag chassis-info,write term,show vtp status,show spe version,show install active,show bootvar,show vlan,show controllers cbus,show version,show vlan-switch,show redundancy secondary,admin show variables boot,show variables boot,show running-config,show c7200,show boot,show inventory raw 192.168.253.20: End of run not found ! alexd From natxo.asenjo at gmail.com Wed May 15 09:42:16 2013 From: natxo.asenjo at gmail.com (Natxo Asenjo) Date: Wed, 15 May 2013 11:42:16 +0200 Subject: [rancid] cannot login to sf302-08P managed swictch In-Reply-To: <51931A3E.3040209@chalmers.se> References: <60bd5f841a11ad6bae4accffe162b81b@ale.cx> <51931A3E.3040209@chalmers.se> Message-ID: On Wed, May 15, 2013 at 7:16 AM, Per-Olof Olsson wrote: hi, > > So what about testing > add userprompt switch {User name:} > in your .cloginrc > > getting closer ;-) add user switch {username} add password switch {pwd} add userprompt switch {"User Name:"} # add passprompt switch {"Password:"} # add method switch {telnet} adding the userprotmt allows rancid to go on, but it enters the username/password three times and the authentication fails. I have verified the user name/password combination are correct, I can log in manually with those credentials. I tried (as you see it is now commented out) the passprompt, but that does not affect it. I see clogin type something 3 times and fail. Now I have gone digging a bit further. We have radius configured in the network devices. I used the radiusd -X logging of freeradius to see what was coming from the switch and to my surprise I saw that the username was correct but the password that was coming to the radius server corresponded to the next .clogin defined for the 'normal' cisco devices. Strange. so, to be clear, I have at the end of my cloginrc file a catchall rule like so: add user *.domain.tld {username} add password *.domain.tld {pwd} {enablepwd} add method *.domain.tld ssh and befor that I add the config for the small switches. And yet rancid sent the *.domain.tld password to the device. I have now changed the *.domain.tld {username} to use radius authentication instead of local user. Now it works. Thanks for the userprompt tip! -- groet, natxo -------------- next part -------------- An HTML attachment was scrubbed... URL: From sheshkaoss at gmail.com Wed May 15 19:38:13 2013 From: sheshkaoss at gmail.com (Aliaksei Sheshka) Date: Wed, 15 May 2013 15:38:13 -0400 Subject: [rancid] clogin doesn't send explicitly set new lines Message-ID: Hi! I'm facing rather strange clogin issue. Consider file : ----begin nyy-r14-confg.sample file --- sh clock copy system:/running-config tftp://10.18.15.11/nyy-r14-confg sh clock ----end nyy-r14-confg.sample file --- There are four lines with '\n' only. My idea was that: cisco says -> Address or name of remote host [10.18.15.11]? clogin sends -> '\n' cisco says -> Destination filename [nyy-r14-confg]? clogin sends -> '\n' And then two times '\n' just for test. Nope, clogin just stuck. Debug message for "$clogin -d -t 3600 -x nyy-r14-confg.sample nyy-r14" : expect: does "Address or name of remote host [10.18.15.11]? " (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) gate=yes re=no "^[^\n\r *]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*nyy-r14*"? gate=no "^[^\n\r]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*nyy-r14*"? gate=no "^--More--[\r\n]+"? Gate "--More--*"? gate=no "[^\r\n]*[\n\r]+"? (No Gate, RE only) gate=yes re=no "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no And then nothing, timeout. System is Debian wheezy expect 5.44.1.15-4 rancid 2.3.8-3 I added some lines: $diff /usr/lib/rancid/bin/clogin.orig /usr/lib/rancid/bin/clogin 707a708,715 > -re "Destination filename" { > send_user -- "$expect_out(buffer)" > send "\n" > exp_continue } > -re "Address or name of remote host" { > send_user -- "$expect_out(buffer)" > send "\n" > exp_continue } and that suddenly fixed the issue. That puzzled me, because I had a FreeBSD system with expect 5.44 and rancid 2.3.6 and the same nyy-r14-confg.sample was processed without any issues. What could be wrong ? From ameyer at tsg2.com Thu May 16 03:52:48 2013 From: ameyer at tsg2.com (Andrew S. Meyer) Date: Wed, 15 May 2013 22:52:48 -0500 Subject: [rancid] Rancid on CentOS 6.3 In-Reply-To: References: Message-ID: So I've gotten Rancid installed and somewhat working. I was able to follow Brian Gill's website - http://www.thebriangill.info/2012/12/configuring-rancid-to-backup-your.html . It is emailing me when it can't contact the ASA or access point but that's all its doing.. I'm not sure why it can't access it, but I've tested it through telnet and ssh and it works fine when I do it manually. Rancid won't login. Any ideas? Thank you, Andrew From: Darius Seroka [mailto:dariusjs at gmail.com] Sent: Wednesday, May 08, 2013 6:01 AM To: Andrew S. Meyer Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid on CentOS 6.3 I havent deployed RANCID for a while but last time I used this git repo as it seemed to have been quite patched up. https://github.com/dotwaffle/rancid-git The stuff on epel was quite outdated at the time. -- Regards, Darius Jan Seroka dariusjs at gmail.com On Sun, Apr 28, 2013 at 11:59 PM, Andrew S. Meyer > wrote: Hi, i'm trying to setup Rancid on CentOS 6.3 from the EPEL yum repo. I was able to get it installed but, but can't seem to get it working. This is what is in my /var/log/rancid/rancidlog.log starting: Sun Apr 28 15:01:01 CDT 2013 ending: Sun Apr 28 15:01:01 CDT 2013 [root at server rancid]# Is there a reason why there are no details in the log files? Also I have no idea where the backup files are going too... Can anyone shed some light on this? Or should I uninstall and install from source? Is there a RPM avaialble elsewhere? Thank you _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu May 16 15:22:09 2013 From: heas at shrubbery.net (heasley) Date: Thu, 16 May 2013 08:22:09 -0700 Subject: [rancid] clogin doesn't send explicitly set new lines In-Reply-To: References: Message-ID: <20130516152209.GB53371@shrubbery.net> Wed, May 15, 2013 at 03:38:13PM -0400, Aliaksei Sheshka: > Hi! > > I'm facing rather strange clogin issue. > Consider file : > ----begin nyy-r14-confg.sample file --- > sh clock > copy system:/running-config tftp://10.18.15.11/nyy-r14-confg > > > > > sh clock > ----end nyy-r14-confg.sample file --- > There are four lines with '\n' only. > My idea was that: > cisco says -> Address or name of remote host [10.18.15.11]? > clogin sends -> '\n' > cisco says -> Destination filename [nyy-r14-confg]? > clogin sends -> '\n' > And then two times '\n' just for test. > Nope, clogin just stuck. Debug message for "$clogin -d -t 3600 -x > nyy-r14-confg.sample nyy-r14" : > > expect: does "Address or name of remote host [10.18.15.11]? " > (spawn_id exp6) match regular expression "\u0008+"? (No Gate, RE only) > gate=yes re=no > "^[^\n\r *]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?"? Gate "*nyy-r14*"? gate=no > "^[^\n\r]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?."? Gate "*nyy-r14*"? gate=no > "^--More--[\r\n]+"? Gate "--More--*"? gate=no > "[^\r\n]*[\n\r]+"? (No Gate, RE only) gate=yes re=no > "[^\r\n]*Press to cont[^\r\n]*"? Gate "*Press to cont*"? gate=no > "^ *--More--[^\n\r]*"? Gate "*--More--*"? gate=no > "^<-+ More -+>[^\n\r]*"? (No Gate, RE only) gate=yes re=no its looking for stuff that matches the prompt regex it has concocted: ^[^\n\r]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?. if you want to embed commands in commands with alternate prompting, they must be embedded on one line: show clock copy blah blah\n\n show clock or use the -s option instead and see rancid/share/*.exp. > And then nothing, timeout. > System is Debian wheezy > expect 5.44.1.15-4 > rancid 2.3.8-3 > > I added some lines: > $diff /usr/lib/rancid/bin/clogin.orig /usr/lib/rancid/bin/clogin > 707a708,715 > > -re "Destination filename" { > > send_user -- "$expect_out(buffer)" > > send "\n" > > exp_continue } > > -re "Address or name of remote host" { > > send_user -- "$expect_out(buffer)" > > send "\n" > > exp_continue } > > and that suddenly fixed the issue. > > That puzzled me, because I had a FreeBSD system with expect 5.44 and > rancid 2.3.6 and the same nyy-r14-confg.sample was processed without > any issues. > What could be wrong ? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From sheshkaoss at gmail.com Thu May 16 17:26:23 2013 From: sheshkaoss at gmail.com (Aliaksei Sheshka) Date: Thu, 16 May 2013 13:26:23 -0400 Subject: [rancid] clogin doesn't send explicitly set new lines In-Reply-To: <20130516152209.GB53371@shrubbery.net> References: <20130516152209.GB53371@shrubbery.net> Message-ID: On Thu, May 16, 2013 at 11:22 AM, heasley wrote: > > its looking for stuff that matches the prompt regex it has concocted: > ^[^\n\r]*nyy-r14([^#>\r\n]+)?[#>](\([^)\r\n]+\))?. > > if you want to embed commands in commands with alternate prompting, they > must be embedded on one line: > show clock > copy blah blah\n\n > show clock > > or use the -s option instead and see rancid/share/*.exp. Thank you for explanation! As as side question, I'm using clogin for force10 routers as well and see: router1#terminal width 132^M ^^M % Error: Invalid input at "^" marker it's safe to ignore, only extra lines in logs. As much as I understand there is no separate f10login ? (not needed I guess, mostly cisco style cmd there) From mpn at icabs.co.zw Thu May 16 10:47:04 2013 From: mpn at icabs.co.zw (MP Netsai) Date: Thu, 16 May 2013 12:47:04 +0200 Subject: [rancid] Rancid on CentOS 6.3 In-Reply-To: References: Message-ID: <519BC29EB9164C1282DE5AFA2EA1D3C3@jedi> have you tried with: rancid-user~$ clogin host also check the logs. From: Andrew S. Meyer Sent: Thursday, May 16, 2013 5:52 AM Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid on CentOS 6.3 So I?ve gotten Rancid installed and somewhat working. I was able to follow Brian Gill?s website - http://www.thebriangill.info/2012/12/configuring-rancid-to-backup-your.html . It is emailing me when it can?t contact the ASA or access point but that?s all its doing.. I?m not sure why it can?t access it, but I?ve tested it through telnet and ssh and it works fine when I do it manually. Rancid won?t login. Any ideas? Thank you, Andrew From: Darius Seroka [mailto:dariusjs at gmail.com] Sent: Wednesday, May 08, 2013 6:01 AM To: Andrew S. Meyer Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid on CentOS 6.3 I havent deployed RANCID for a while but last time I used this git repo as it seemed to have been quite patched up. https://github.com/dotwaffle/rancid-git The stuff on epel was quite outdated at the time. -- Regards, Darius Jan Seroka dariusjs at gmail.com On Sun, Apr 28, 2013 at 11:59 PM, Andrew S. Meyer wrote: Hi, i'm trying to setup Rancid on CentOS 6.3 from the EPEL yum repo. I was able to get it installed but, but can't seem to get it working. This is what is in my /var/log/rancid/rancidlog.log starting: Sun Apr 28 15:01:01 CDT 2013 ending: Sun Apr 28 15:01:01 CDT 2013 [root at server rancid]# Is there a reason why there are no details in the log files? Also I have no idea where the backup files are going too... Can anyone shed some light on this? Or should I uninstall and install from source? Is there a RPM avaialble elsewhere? Thank you _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------------------------------------------------------------------------- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesvds at yahoo.com Mon May 20 10:24:19 2013 From: charlesvds at yahoo.com (Charles van der Spuy) Date: Mon, 20 May 2013 12:24:19 +0200 Subject: [rancid] Fortigate problem Message-ID: <5199F9D3.1050504@yahoo.com> I hope someone can assist me. I have recently upgraded to rancid 2.3.8 and this seems to have broken the Fortigate module. Cisco devices still work and I am able to manually login to Fortigate devices using clogin. When I run the full rancid-run I get the following in the logfile: *Trying to get all of the configs.** **ftg1-universal fnlogin error: Error: Couldn't login: ftg1-universal** **ftg1-universal: missed cmd(s): show full-configuration,get system status** **0: found end** **ftg1-universal: End of run not found* etc..... I'm getting to the end of my tether on this one and don't want to have to degrade to an earlier version. Has anybody been experiencing the same ? Charles van der Spuy. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobthebaritone at gmail.com Mon May 20 11:37:29 2013 From: bobthebaritone at gmail.com (bob watson) Date: Mon, 20 May 2013 21:37:29 +1000 Subject: [rancid] Fortigate problem In-Reply-To: <5199F9D3.1050504@yahoo.com> References: <5199F9D3.1050504@yahoo.com> Message-ID: Charles, Key to debugging login errors is to ensure that your environment since upgrade has stayed the same for authentication. I have no knowledge specific to fortigate, but make sure you make use of the debugging switches to see what happening with the device login. Expect has wonderful debugging switches on its own, and all output can be logged. Unfortunately you don't list what you have tried, so it makes it hard for us to give anything but general advice. Granted, that there may be something peculiar to the device, but this can generally be captured by using the EXPECT exp_internal switches. Cheers, Bob Watson BAppSci, MACS, CP View Robert Watson's profile on LinkedIn On 20 May 2013 20:24, Charles van der Spuy wrote: > I hope someone can assist me. > > I have recently upgraded to rancid 2.3.8 and this seems to have broken the > Fortigate module. > Cisco devices still work and I am able to manually login to Fortigate > devices using clogin. > > When I run the full rancid-run I get the following in the logfile: > > *Trying to get all of the configs.** > **ftg1-universal fnlogin error: Error: Couldn't login: ftg1-universal** > **ftg1-universal: missed cmd(s): show full-configuration,get system status > ** > **0: found end** > **ftg1-universal: End of run not found* > etc..... > > I'm getting to the end of my tether on this one and don't want to have to > degrade to an earlier version. > Has anybody been experiencing the same ? > > Charles van der Spuy. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From DSearle at geminigroup.net Mon May 20 13:48:39 2013 From: DSearle at geminigroup.net (Dean Searle) Date: Mon, 20 May 2013 13:48:39 +0000 Subject: [rancid] Fortigate problem In-Reply-To: References: <5199F9D3.1050504@yahoo.com> Message-ID: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> I agree with Bob, more information would be helpful to assist with your problem. What version of software is your Fortigate running? What have you tried to resolve your problem so far? Do want to send you the same steps that you might have already done. I have Both Fotrigate 300C and 100D in house. I had version 2.3.8 running prior to the Fortigates being installed though. We have FortiGate 5.0.1 (build 147) on the 300C and 5.0.2 (build 179) on our 100D. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of bob watson Sent: Monday, May 20, 2013 7:37 AM To: Charles van der Spuy Cc: Rancid Subject: Re: [rancid] Fortigate problem Charles, Key to debugging login errors is to ensure that your environment since upgrade has stayed the same for authentication. I have no knowledge specific to fortigate, but make sure you make use of the debugging switches to see what happening with the device login. Expect has wonderful debugging switches on its own, and all output can be logged. Unfortunately you don't list what you have tried, so it makes it hard for us to give anything but general advice. Granted, that there may be something peculiar to the device, but this can generally be captured by using the EXPECT exp_internal switches. Cheers, Bob Watson BAppSci, MACS, CP View Robert Watson's profile on LinkedIn On 20 May 2013 20:24, Charles van der Spuy > wrote: I hope someone can assist me. I have recently upgraded to rancid 2.3.8 and this seems to have broken the Fortigate module. Cisco devices still work and I am able to manually login to Fortigate devices using clogin. When I run the full rancid-run I get the following in the logfile: Trying to get all of the configs. ftg1-universal fnlogin error: Error: Couldn't login: ftg1-universal ftg1-universal: missed cmd(s): show full-configuration,get system status 0: found end ftg1-universal: End of run not found etc..... I'm getting to the end of my tether on this one and don't want to have to degrade to an earlier version. Has anybody been experiencing the same ? Charles van der Spuy. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From charlesvds at yahoo.com Mon May 20 14:43:30 2013 From: charlesvds at yahoo.com (Charles van der Spuy) Date: Mon, 20 May 2013 16:43:30 +0200 Subject: [rancid] Fortigate problem In-Reply-To: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> Message-ID: <519A3692.8080404@yahoo.com> Gentlemen, Thanks for all the input to my problem. Gareth, you get the prize. As a quickfix I've changed ssh to ssh:22 in .cloginrc and the sun suddenly rose in the east !! Thanks to Bob and Dean I'd already started the debug process and picked up some kind of problem with the port number but I was still a way away from fixing it. Clearly the problem is in fnlogin (not fnrancid Gareth :-) and I feel this should be changed in the package so that others don't have the same problem. Any help on what I can do to get this changed in the original package ? I guess a note to Shrubbery would be a good start. Again, thanks all and greetings from a sunny Durban, South Africa. Charles. From heas at shrubbery.net Mon May 20 15:24:59 2013 From: heas at shrubbery.net (heasley) Date: Mon, 20 May 2013 08:24:59 -0700 Subject: [rancid] Fortigate problem In-Reply-To: <519A3692.8080404@yahoo.com> References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> Message-ID: <20130520152459.GA83016@shrubbery.net> Mon, May 20, 2013 at 04:43:30PM +0200, Charles van der Spuy: > Gentlemen, > > Thanks for all the input to my problem. > Gareth, you get the prize. As a quickfix I've changed ssh to ssh:22 in > .cloginrc and the sun suddenly rose in the east !! > Thanks to Bob and Dean I'd already started the debug process and picked > up some kind of problem with the port number but I was still a way away > from fixing it. > > Clearly the problem is in fnlogin (not fnrancid Gareth :-) and I feel > this should be changed in the package so that others don't have the same > problem. > Any help on what I can do to get this changed in the original package ? > I guess a note to Shrubbery would be a good start. I do not see the problem with executing ssh. fnlogin does not set a port or do anything unusual. you will have to be more specific. > Again, thanks all and greetings from a sunny Durban, South Africa. > > Charles. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Robert.Skoog at safelite.com Mon May 20 15:41:13 2013 From: Robert.Skoog at safelite.com (Skoog, Robert) Date: Mon, 20 May 2013 15:41:13 +0000 Subject: [rancid] Fortigate problem In-Reply-To: <20130520152459.GA83016@shrubbery.net> References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> Message-ID: Actually you put up a patch to the mailing list previously which resolves this issue: http://www.gossamer-threads.com/lists/rancid/users/6488 I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715.html -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley Sent: Monday, May 20, 2013 11:25 AM To: Charles van der Spuy Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate problem Mon, May 20, 2013 at 04:43:30PM +0200, Charles van der Spuy: > Gentlemen, > > Thanks for all the input to my problem. > Gareth, you get the prize. As a quickfix I've changed ssh to ssh:22 in > .cloginrc and the sun suddenly rose in the east !! > Thanks to Bob and Dean I'd already started the debug process and > picked up some kind of problem with the port number but I was still a > way away from fixing it. > > Clearly the problem is in fnlogin (not fnrancid Gareth :-) and I feel > this should be changed in the package so that others don't have the > same problem. > Any help on what I can do to get this changed in the original package ? > I guess a note to Shrubbery would be a good start. I do not see the problem with executing ssh. fnlogin does not set a port or do anything unusual. you will have to be more specific. > Again, thanks all and greetings from a sunny Durban, South Africa. > > Charles. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ____________________________________________________________ This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. From heas at shrubbery.net Mon May 20 16:06:28 2013 From: heas at shrubbery.net (heasley) Date: Mon, 20 May 2013 09:06:28 -0700 Subject: [rancid] Fortigate problem In-Reply-To: References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> Message-ID: <20130520160628.GE83016@shrubbery.net> Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert: > Actually you put up a patch to the mailing list previously which resolves this issue: > > http://www.gossamer-threads.com/lists/rancid/users/6488 thanks; that had been committed. I missed the difference when I looked at 2.3.8. > I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715.html what effect does that have when vdoms are not in use? what is being matched here: + expect { + -re "tion: ena" { expect -re $prompt; send "config global\r"} + -re "tion: dis" {} + } From Robert.Skoog at safelite.com Mon May 20 16:43:58 2013 From: Robert.Skoog at safelite.com (Skoog, Robert) Date: Mon, 20 May 2013 16:43:58 +0000 Subject: [rancid] Fortigate problem In-Reply-To: <20130520160628.GE83016@shrubbery.net> References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> <20130520160628.GE83016@shrubbery.net> Message-ID: The command before it gives this output: Somefortinethost # get system status Version: FortiWiFi-80CM v4.0,build0637,120817 (MR3 Patch 9) Virus-DB: 17.00657(2013-05-19 11:39) Extended DB: 14.00000(2011-08-24 17:09) IPS-DB: 4.00343(2013-05-16 00:16) FortiClient application signature package: 4.343(2013-05-20 01:43) Serial-Number: FW80CM111111111111 BIOS version: 04000004 Log hard disk: Not available Internal Switch mode: switch Hostname: SomeHostName Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 2 in NAT mode, 0 in TP mode Virtual domain configuration: enable FIPS-CC mode: disable Current HA mode: standalone Wifi Chipset: Ralink RT2860 WiFi firmware version: 2.1.3.0 Distribution: International Branch point: 637 Release Version Information: MR3 Patch 9 System time: Mon May 20 12:36:30 2013 SomeHostname # That Regex matches for this line: Virtual domain configuration: enable I tried some longer regexes, but had problems with the output being chunked or something. If vdoms are enabled the "config global" command is sent if they aren't it just picks up at the next prompt. While the command currently used by fnrancid work fine without the patch we noticed issues when we tried to also the configuration of a device using a list of commands if the config global was sent by rancid and the device didn't use vdoms. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Monday, May 20, 2013 12:06 PM To: Skoog, Robert Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate problem Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert: > Actually you put up a patch to the mailing list previously which resolves this issue: > > http://www.gossamer-threads.com/lists/rancid/users/6488 thanks; that had been committed. I missed the difference when I looked at 2.3.8. > I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715.ht > ml what effect does that have when vdoms are not in use? what is being matched here: + expect { + -re "tion: ena" { expect -re $prompt; send "config global\r"} + -re "tion: dis" {} + } ____________________________________________________________ This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. From heas at shrubbery.net Mon May 20 17:43:23 2013 From: heas at shrubbery.net (heasley) Date: Mon, 20 May 2013 10:43:23 -0700 Subject: [rancid] Fortigate problem In-Reply-To: References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> <20130520160628.GE83016@shrubbery.net> Message-ID: <20130520174323.GA90985@shrubbery.net> Mon, May 20, 2013 at 04:43:58PM +0000, Skoog, Robert: > The command before it gives this output: > > Somefortinethost # get system status > Version: FortiWiFi-80CM v4.0,build0637,120817 (MR3 Patch 9) > Virus-DB: 17.00657(2013-05-19 11:39) > Extended DB: 14.00000(2011-08-24 17:09) > IPS-DB: 4.00343(2013-05-16 00:16) > FortiClient application signature package: 4.343(2013-05-20 01:43) > Serial-Number: FW80CM111111111111 > BIOS version: 04000004 > Log hard disk: Not available > Internal Switch mode: switch > Hostname: SomeHostName > Operation Mode: NAT > Current virtual domain: root > Max number of virtual domains: 10 > Virtual domains status: 2 in NAT mode, 0 in TP mode > Virtual domain configuration: enable > FIPS-CC mode: disable > Current HA mode: standalone > Wifi Chipset: Ralink RT2860 > WiFi firmware version: 2.1.3.0 > Distribution: International > Branch point: 637 > Release Version Information: MR3 Patch 9 > System time: Mon May 20 12:36:30 2013 > > SomeHostname # > > That Regex matches for this line: > Virtual domain configuration: enable > > I tried some longer regexes, but had problems with the output being chunked or something. If vdoms are enabled the "config global" command is sent if they aren't it just picks up at the next prompt. While the command currently used by fnrancid work fine without the patch we noticed issues when we tried to also the configuration of a device using a list of commands if the config global was sent by rancid and the device didn't use vdoms. Your match is just as likely to be missed. what happens is that the data does not necessary arrive all at once or even be read from the socket all at once. you can't rely on having a complete line unless you force the behavior by using line mode if the device supports it or expect { something else the other -re "^\[^\n\r]*\[\r\n]" { # stuff we dont care about exp_continue } } anyway, I expect that removing that stuff from fnlogin and handling the paging without making config changes would be a better path. > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Monday, May 20, 2013 12:06 PM > To: Skoog, Robert > Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Fortigate problem > > Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert: > > Actually you put up a patch to the mailing list previously which resolves this issue: > > > > http://www.gossamer-threads.com/lists/rancid/users/6488 > > thanks; that had been committed. I missed the difference when I looked at 2.3.8. > > > I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715.ht > > ml > > what effect does that have when vdoms are not in use? > > what is being matched here: > + expect { > + -re "tion: ena" { expect -re $prompt; send "config global\r"} > + -re "tion: dis" {} > + } > > ____________________________________________________________ > This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. From Robert.Skoog at safelite.com Mon May 20 19:23:17 2013 From: Robert.Skoog at safelite.com (Skoog, Robert) Date: Mon, 20 May 2013 19:23:17 +0000 Subject: [rancid] Fortigate problem In-Reply-To: <20130520174323.GA90985@shrubbery.net> References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> <20130520160628.GE83016@shrubbery.net> <20130520174323.GA90985@shrubbery.net> Message-ID: Yes, just handling the paging would be a better option. Unfortunately I don't think anyone has gotten it working without disabling paging. I tried for a bit, but then gave up and implemented that hack to determine if vdoms were enabled or not just to get it working for us. -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Monday, May 20, 2013 1:43 PM To: Skoog, Robert Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net Subject: Re: [rancid] Fortigate problem Mon, May 20, 2013 at 04:43:58PM +0000, Skoog, Robert: > The command before it gives this output: > > Somefortinethost # get system status > Version: FortiWiFi-80CM v4.0,build0637,120817 (MR3 Patch 9) > Virus-DB: 17.00657(2013-05-19 11:39) > Extended DB: 14.00000(2011-08-24 17:09) > IPS-DB: 4.00343(2013-05-16 00:16) > FortiClient application signature package: 4.343(2013-05-20 01:43) > Serial-Number: FW80CM111111111111 > BIOS version: 04000004 > Log hard disk: Not available > Internal Switch mode: switch > Hostname: SomeHostName > Operation Mode: NAT > Current virtual domain: root > Max number of virtual domains: 10 > Virtual domains status: 2 in NAT mode, 0 in TP mode Virtual domain > configuration: enable FIPS-CC mode: disable Current HA mode: > standalone Wifi Chipset: Ralink RT2860 WiFi firmware version: 2.1.3.0 > Distribution: International > Branch point: 637 > Release Version Information: MR3 Patch 9 System time: Mon May 20 > 12:36:30 2013 > > SomeHostname # > > That Regex matches for this line: > Virtual domain configuration: enable > > I tried some longer regexes, but had problems with the output being chunked or something. If vdoms are enabled the "config global" command is sent if they aren't it just picks up at the next prompt. While the command currently used by fnrancid work fine without the patch we noticed issues when we tried to also the configuration of a device using a list of commands if the config global was sent by rancid and the device didn't use vdoms. Your match is just as likely to be missed. what happens is that the data does not necessary arrive all at once or even be read from the socket all at once. you can't rely on having a complete line unless you force the behavior by using line mode if the device supports it or expect { something else the other -re "^\[^\n\r]*\[\r\n]" { # stuff we dont care about exp_continue } } anyway, I expect that removing that stuff from fnlogin and handling the paging without making config changes would be a better path. > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Monday, May 20, 2013 12:06 PM > To: Skoog, Robert > Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Fortigate problem > > Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert: > > Actually you put up a patch to the mailing list previously which resolves this issue: > > > > http://www.gossamer-threads.com/lists/rancid/users/6488 > > thanks; that had been committed. I missed the difference when I looked at 2.3.8. > > > I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715. > > ht > > ml > > what effect does that have when vdoms are not in use? > > what is being matched here: > + expect { > + -re "tion: ena" { expect -re $prompt; send "config global\r"} > + -re "tion: dis" {} > + } > > ____________________________________________________________ > This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. ____________________________________________________________ This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. From heas at shrubbery.net Mon May 20 22:48:14 2013 From: heas at shrubbery.net (heasley) Date: Mon, 20 May 2013 22:48:14 +0000 Subject: [rancid] Fortigate problem In-Reply-To: References: <02D688AC1099C94C892202CA743C4322946BE1@MAIL1.ggroup.local> <519A3692.8080404@yahoo.com> <20130520152459.GA83016@shrubbery.net> <20130520160628.GE83016@shrubbery.net> <20130520174323.GA90985@shrubbery.net> Message-ID: <20130520224814.GK97348@shrubbery.net> Mon, May 20, 2013 at 07:23:17PM +0000, Skoog, Robert: > Yes, just handling the paging would be a better option. Unfortunately I don't think anyone has gotten it working without disabling paging. I tried for a bit, but then gave up and implemented that hack to determine if vdoms were enabled or not just to get it working for us. Well, I do not have access to one of these. it shouldnt be hard to add; there are a few devices with rancid scripts whose pager can not be disabled. The PIX for example. You could look at clogin for pager handling clues. > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Monday, May 20, 2013 1:43 PM > To: Skoog, Robert > Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net > Subject: Re: [rancid] Fortigate problem > > Mon, May 20, 2013 at 04:43:58PM +0000, Skoog, Robert: > > The command before it gives this output: > > > > Somefortinethost # get system status > > Version: FortiWiFi-80CM v4.0,build0637,120817 (MR3 Patch 9) > > Virus-DB: 17.00657(2013-05-19 11:39) > > Extended DB: 14.00000(2011-08-24 17:09) > > IPS-DB: 4.00343(2013-05-16 00:16) > > FortiClient application signature package: 4.343(2013-05-20 01:43) > > Serial-Number: FW80CM111111111111 > > BIOS version: 04000004 > > Log hard disk: Not available > > Internal Switch mode: switch > > Hostname: SomeHostName > > Operation Mode: NAT > > Current virtual domain: root > > Max number of virtual domains: 10 > > Virtual domains status: 2 in NAT mode, 0 in TP mode Virtual domain > > configuration: enable FIPS-CC mode: disable Current HA mode: > > standalone Wifi Chipset: Ralink RT2860 WiFi firmware version: 2.1.3.0 > > Distribution: International > > Branch point: 637 > > Release Version Information: MR3 Patch 9 System time: Mon May 20 > > 12:36:30 2013 > > > > SomeHostname # > > > > That Regex matches for this line: > > Virtual domain configuration: enable > > > > I tried some longer regexes, but had problems with the output being chunked or something. If vdoms are enabled the "config global" command is sent if they aren't it just picks up at the next prompt. While the command currently used by fnrancid work fine without the patch we noticed issues when we tried to also the configuration of a device using a list of commands if the config global was sent by rancid and the device didn't use vdoms. > > Your match is just as likely to be missed. what happens is that the data does not necessary arrive all at once or even be read from the socket all at once. you can't rely on having a complete line unless you force the behavior by using line mode if the device supports it or > expect { > something > else > the other > -re "^\[^\n\r]*\[\r\n]" { # stuff we dont care about > exp_continue > } > } > > anyway, I expect that removing that stuff from fnlogin and handling the paging without making config changes would be a better path. > > > -----Original Message----- > > From: heasley [mailto:heas at shrubbery.net] > > Sent: Monday, May 20, 2013 12:06 PM > > To: Skoog, Robert > > Cc: heasley; Charles van der Spuy; rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Fortigate problem > > > > Mon, May 20, 2013 at 03:41:13PM +0000, Skoog, Robert: > > > Actually you put up a patch to the mailing list previously which resolves this issue: > > > > > > http://www.gossamer-threads.com/lists/rancid/users/6488 > > > > thanks; that had been committed. I missed the difference when I looked at 2.3.8. > > > > > I can't seem to find the post on the shrubbery archives though. I know the patch resolved my issues when using SSH to connect to fortinets. I also put up a patch a while ago dealing with devices with and without vdoms. Devices without vdoms seem not to like having configuration commands sent after the config global command is sent. > > > > > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-March/006715. > > > ht > > > ml > > > > what effect does that have when vdoms are not in use? > > > > what is being matched here: > > + expect { > > + -re "tion: ena" { expect -re $prompt; send "config global\r"} > > + -re "tion: dis" {} > > + } > > > > ____________________________________________________________ > > This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. > ____________________________________________________________ > This message, including any attachments, may contain confidential information intended for a specific individual and purpose, and may be protected by law. If you are not the intended recipient please delete this message immediately. Any disclosure, copying or distribution of this message, or the taking of any action based on it, by any unintended recipient is strictly prohibited. From gabbawp at gmail.com Mon May 20 14:02:59 2013 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 20 May 2013 16:02:59 +0200 Subject: [rancid] Fortigate problem In-Reply-To: <5199F9D3.1050504@yahoo.com> References: <5199F9D3.1050504@yahoo.com> Message-ID: Hi Charles, I had the same issue as per http://www.shrubbery.net/pipermail/rancid-discuss/2012-May/006382.html The following change in fnrancid should work Replace } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd if {"$port" == ""} { #BAD!! set cmd "$cmd -p $port" } with } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd if {"$port" != ""} { set cmd "$cmd -p $port" } Regards, Gareth On 20 May 2013, at 12:24 PM, Charles van der Spuy wrote: > I hope someone can assist me. > > I have recently upgraded to rancid 2.3.8 and this seems to have broken the Fortigate module. > Cisco devices still work and I am able to manually login to Fortigate devices using clogin. > > When I run the full rancid-run I get the following in the logfile: > > Trying to get all of the configs. > ftg1-universal fnlogin error: Error: Couldn't login: ftg1-universal > ftg1-universal: missed cmd(s): show full-configuration,get system status > 0: found end > ftg1-universal: End of run not found > etc..... > > I'm getting to the end of my tether on this one and don't want to have to degrade to an earlier version. > Has anybody been experiencing the same ? > > Charles van der Spuy. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From mwlucas at michaelwlucas.com Tue May 21 19:04:24 2013 From: mwlucas at michaelwlucas.com (Michael W. Lucas) Date: Tue, 21 May 2013 15:04:24 -0400 Subject: [rancid] timeout in mtlogin Message-ID: <20130521190424.GA44354@bewilderbeast.blackhelicopters.org> Hi, I'm migrating my rancid install to a new server. Previously, I had a problem with timeouts it mtlogin. Heasley was kind enough to send a patch, which worked, as discussed at: http://www.gossamer-threads.com/lists/rancid/users/6354 But the new install seems to be disregarding the timeout. I migrated to the new server by tarring up my rancid user's directory and extracting it on the new server. New rancid install from tarball, applying both 2.3.8 patches and the mtlogin patch from the thread above. Copied rancid.conf from the old server to the new. But the timeout kicks in after the usual 90 seconds, despite the timeout in .cloginrc: add password router-1 blahblahblah add timeout router-1 400 add user router-1 admin+ct add method router-1 ssh add noenable router-1 {1} I can run $ time mtlogin -t 400 -c "export compact; quit" router-1 ... 0.026u 0.047s 3:16.36 0.0% 102+9081k 0+0io 0pf+0w and the timeout works at the command line, but not during rancid-run. On a whim, I copied the entire /usr/local/rancid directory from the old machine to the new. The timeout problem persists. Could this be a problem with expect or tcl versions? The old server runs tcl-8.5.8 and expect-5.44.1.15. The new server runs tcl-8.5.12 and expect-5.44.1.15. Any suggestions on what else might be causing this? Thanks, ==ml -- Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code "ILUVMICHAEL" gets you 30% off & helps me. From jzp-rancid at rsuc.gweep.net Thu May 23 16:44:00 2013 From: jzp-rancid at rsuc.gweep.net (Joe Provo) Date: Thu, 23 May 2013 12:44:00 -0400 Subject: [rancid] Rancid with A10 networks In-Reply-To: <20111123220655.GA22760@srv03.cluenet.de> References: <4ECB25C9.6070705@antracnetworks.com> <20111123220655.GA22760@srv03.cluenet.de> Message-ID: <20130523164400.GA56278@gweep.net> On Wed, Nov 23, 2011 at 11:06:55PM +0100, Daniel Roesen wrote: > On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: > > Has anybody written any modifications to Rancid for A10 Load Balancer > > devices? > > Yes, A10. :-) Ask them about it - IIRC they slightly modified the > fnrancid script. Seems like it could use some optimization - any reason it hasn't been folded into the main distro? Cheers, Joe -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG From heas at shrubbery.net Thu May 23 17:06:28 2013 From: heas at shrubbery.net (heasley) Date: Thu, 23 May 2013 17:06:28 +0000 Subject: [rancid] Rancid with A10 networks In-Reply-To: <20130523164400.GA56278@gweep.net> References: <4ECB25C9.6070705@antracnetworks.com> <20111123220655.GA22760@srv03.cluenet.de> <20130523164400.GA56278@gweep.net> Message-ID: <20130523170628.GL18126@shrubbery.net> Thu, May 23, 2013 at 12:44:00PM -0400, Joe Provo: > On Wed, Nov 23, 2011 at 11:06:55PM +0100, Daniel Roesen wrote: > > On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: > > > Has anybody written any modifications to Rancid for A10 Load Balancer > > > devices? > > > > Yes, A10. :-) Ask them about it - IIRC they slightly modified the > > fnrancid script. > > Seems like it could use some optimization - any reason it hasn't been > folded into the main distro? i havent seem them, but we dont have A10s either - in which case, to try to keep our support effort low, we would like to see a few folks use and confirm that it works, before adding it. From andrew.brennan+rancid at drexel.edu Thu May 23 17:16:28 2013 From: andrew.brennan+rancid at drexel.edu (andrew.brennan+rancid at drexel.edu) Date: Thu, 23 May 2013 13:16:28 -0400 (EDT) Subject: [rancid] Rancid with A10 networks In-Reply-To: <20130523170628.GL18126@shrubbery.net> References: <4ECB25C9.6070705@antracnetworks.com> <20111123220655.GA22760@srv03.cluenet.de> <20130523164400.GA56278@gweep.net> <20130523170628.GL18126@shrubbery.net> Message-ID: We've got some A10 gear coming online in the next month or so, I'll be sure to get it in my RANCID backups ASAP. :) On Thu, 23 May 2013, heasley wrote: > Thu, May 23, 2013 at 12:44:00PM -0400, Joe Provo: >> On Wed, Nov 23, 2011 at 11:06:55PM +0100, Daniel Roesen wrote: >>> On Mon, Nov 21, 2011 at 08:32:09PM -0800, Patty Luxton wrote: >>>> Has anybody written any modifications to Rancid for A10 Load Balancer >>>> devices? >>> >>> Yes, A10. :-) Ask them about it - IIRC they slightly modified the >>> fnrancid script. >> >> Seems like it could use some optimization - any reason it hasn't been >> folded into the main distro? > > i havent seem them, but we dont have A10s either - in which case, to try > to keep our support effort low, we would like to see a few folks use and > confirm that it works, before adding it. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From GM-Douglas at wiu.edu Fri May 24 13:48:55 2013 From: GM-Douglas at wiu.edu (Gary Douglas) Date: Fri, 24 May 2013 08:48:55 -0500 Subject: [rancid] Device into routers.down Message-ID: <981E3C4D-A554-4705-8589-3D6CFA2CDB30@wiu.edu> We have been running Rancid for a couple of years on our core devices. I am moving it to VM with Unbuntu Server and setting it up for all our network devices. I have it working on our egress groups with no problem. I add the core group and it moves every device to the routers.down file automagically. I run the clogin for the device in question and this logs me in just fine. I have removed then added the devices back into router.db and this does not help. The devices I am trying to connect to are the same type device that is working in the egress group. How can I troubleshoot this problem? Thank you Gary Douglas -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Sat May 25 09:11:38 2013 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Sat, 25 May 2013 11:11:38 +0200 Subject: [rancid] Device into routers.down In-Reply-To: <981E3C4D-A554-4705-8589-3D6CFA2CDB30@wiu.edu> References: <981E3C4D-A554-4705-8589-3D6CFA2CDB30@wiu.edu> Message-ID: <51A0804A.7070601@gmail.com> On 24/05/2013 15:48, Gary Douglas wrote: > We have been running Rancid for a couple of years on our core devices. I > am moving it to VM with Unbuntu Server and setting it up for all our > network devices. I have it working on our egress groups with no problem. > I add the core group and it moves every device to the routers.down file > automagically. I run the clogin for the device in question and this logs > me in just fine. I have removed then added the devices back into > router.db and this does not help. The devices I am trying to connect to > are the same type device that is working in the egress group. How can I > troubleshoot this problem? Most likely you have different versions of utility tools such as expect and friends. Start by examining the logs in $RANCIDDIR/var/logs for that device - the cause of failure is usually there. You can also check for dumb human mistakes like mistyping :up in router.db and a typo in GROUPS in rancid.conf [yes indeed, I've made those mistakes myself - more than once :-) ] -- Alan McKinnon alan.mckinnon at gmail.com From Drikus.Brits at vodacom.co.za Mon May 27 06:19:12 2013 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 27 May 2013 06:19:12 +0000 Subject: [rancid] Fortigate reports Message-ID: <6581768FDA03C94BB585650903B4F1EB394A3FAB@ZABLV02100.vodacom.corp> Hi All, How would I configure an exclusion in fnrancid to prevent changes in forti reports from showing up every time a customer changes his reports on the forti ? Thx d. Index: configs/ filtered-fortigate =================================================================== retrieving revision 1.1580 diff -U 4 -r1.1580 filtered-fortigate @@ -50977,10 +50977,9 @@ next end next edit "traffic.sessions.app_cats.user" - set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions fro - m traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10" + set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10" config field edit 1 set type text set displayname "Application Category" @@ -51004,9 +51003,10 @@ next end next edit "traffic.bandwidth.dstcountries" - set query "create temp table top_dst_country(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0" + set query "create temp table top_dst_cou + ntry(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0" config field edit 1 set type text set displayname "Country" This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html " From GM-Douglas at wiu.edu Tue May 28 13:08:52 2013 From: GM-Douglas at wiu.edu (Gary Douglas) Date: Tue, 28 May 2013 08:08:52 -0500 Subject: [rancid] Device into routers.down In-Reply-To: <51A0804A.7070601@gmail.com> References: <981E3C4D-A554-4705-8589-3D6CFA2CDB30@wiu.edu> <51A0804A.7070601@gmail.com> Message-ID: <17DDB90F-0A51-4670-8B7F-0B363685FD02@wiu.edu> Stupid mistake in the router.db. Had \t\n on the end of some lines. Removed them and all is good. Thank you Gary Douglas On May 25, 2013, at May 25, 20134:11 AM, Alan McKinnon wrote: > On 24/05/2013 15:48, Gary Douglas wrote: >> We have been running Rancid for a couple of years on our core devices. I >> am moving it to VM with Unbuntu Server and setting it up for all our >> network devices. I have it working on our egress groups with no problem. >> I add the core group and it moves every device to the routers.down file >> automagically. I run the clogin for the device in question and this logs >> me in just fine. I have removed then added the devices back into >> router.db and this does not help. The devices I am trying to connect to >> are the same type device that is working in the egress group. How can I >> troubleshoot this problem? > > Most likely you have different versions of utility tools such as expect > and friends. > > Start by examining the logs in $RANCIDDIR/var/logs for that device - the > cause of failure is usually there. > > > You can also check for dumb human mistakes like mistyping :up in > router.db and a typo in GROUPS in rancid.conf [yes indeed, I've made > those mistakes myself - more than once :-) ] > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From randy.johnson at rpiprint.com Tue May 28 20:51:44 2013 From: randy.johnson at rpiprint.com (Randy Johnson) Date: Tue, 28 May 2013 20:51:44 +0000 Subject: [rancid] Issues with Dell Switches - Message-ID: <98166A3DD9F85B46A437B3A1A4586AF9B27ECE@SEAMAIL02.rpiprint.com> Greetings, List: I'm attempting to use Rancid for a couple Dell switches, 'PowerConnect 6248P' models. After a bit of research, I found RickyNinja's 'extensions' to Rancid, and added in 'dlogin', 'drancid' and added a line to rancid-fe indicating that Rancid should use 'drancid' : 'dell' => 'drancid', It appears to be working up to this point, but when trying rancid-run, my logs indicate: opened network stream from 10.4.1.2 if () at /usr/local/rancid/bin/drancid line 221. wrong # args: should be "set varName ?newValue?" while executing "set do_command 0 set do_script 0" (file "/usr/local/rancid/bin/dlogin" line 26) found_end = 0, clean_run = 0 10.4.1.2: missed cmd(s): show version,show running-config,show vlan 10.4.1.2: End of run not found ! ===================================== Getting missed routers: round 1. opened network stream from 10.4.1.2 if () at /usr/local/rancid/bin/drancid line 221. wrong # args: should be "set varName ?newValue?" while executing "set do_command 0 set do_script 0" (file "/usr/local/rancid/bin/dlogin" line 26) found_end = 0, clean_run = 0 10.4.1.2: missed cmd(s): show version,show running-config,show vlan 10.4.1.2: End of run not found ! Has anyone seen this / solved it ? Thanks !! ________________________________ NOTICE: The information contained in this communication (including attachments) may be confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message and any copy of it from your computer system. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chuck.liggett at mongoosemetrics.com Fri May 31 00:01:31 2013 From: chuck.liggett at mongoosemetrics.com (Chuck Liggett) Date: Fri, 31 May 2013 00:01:31 +0000 Subject: [rancid] jrancid excess revisions due to expect prompt mismatches? Message-ID: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> While querying a Juniper SRX 650 firewall cluster from a CentOS 6.4 box running Rancid 2.3.6 (rpm from Epel), Expect 5.44.1.15, where Rancid is run out of /etc/cron.d/rancid and scheduled every quarter hour: Several times a day, I get excess revisions where it looks as though a Juniper Rancid command appears in the body of the config as if more than one command is being sent in response to a prompt. Every time I run it manually in expect debugging mode, it does not experience the issue. Here's an illustration: Index: configs/firewall =================================================================== - -- configs/firewall (revision 619) @@ -2,6 +2,7 @@ # # username at host.domain.com> show chassis clocks # username at host.domain.com> show chassis environment + # show chassis firmware # node0: # -------------------------------------------------------------------------- # Class Item Status Sometimes, the commands are well within the body of other command output, like in this example: Index: configs/firewall =================================================================== - -- configs/firewall (revision 604) @@ -4,6 +4,7 @@ # username at host.domain.com> show chassis environment # node0: # -------------------------------------------------------------------------- + # show chassis firmware # Class Item Status # Temp Routing Engine OK # Routing Engine CPU OK @@ -36,6 +37,7 @@ # FPC 0 O/S Version 11.4R6.6 by builder on 2013-01-05 1 # FPC 2 O/S Version 11.4R6.6 by builder on 2013-01-05 1 # FWDD O/S Version 11.4R6.6 by builder on 2013-01-05 1 + # show chassis fpc detail # # node1: # -------------------------------------------------------------------------- @@ -46,6 +48,7 @@ # # {primary:node0} # username at host.domain.com> show chassis fpc detail + # show chassis hardware detail # node0: # -------------------------------------------------------------------------- # Slot 0 information: Does anyone have any suggestions? Thank you! Chuck -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Fri May 31 06:28:24 2013 From: heas at shrubbery.net (heasley) Date: Fri, 31 May 2013 06:28:24 +0000 Subject: [rancid] jrancid excess revisions due to expect prompt mismatches? In-Reply-To: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> References: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> Message-ID: <20130531062824.GB65245@shrubbery.net> Fri, May 31, 2013 at 12:01:31AM +0000, Chuck Liggett: > While querying a Juniper SRX 650 firewall cluster from a CentOS 6.4 box running Rancid 2.3.6 (rpm from Epel), Expect 5.44.1.15, > where Rancid is run out of /etc/cron.d/rancid and scheduled every quarter hour: > > Several times a day, I get excess revisions where it looks as though a Juniper Rancid command appears in the body of the config as if more than one command is being sent in response to a prompt. > > Every time I run it manually in expect debugging mode, it does not experience the issue. > > Here's an illustration: > > > > Index: configs/firewall > > =================================================================== > > - -- configs/firewall (revision 619) > > @@ -2,6 +2,7 @@ > > # > > # username at host.domain.com> show chassis clocks > > # username at host.domain.com> show chassis environment > > + # show chassis firmware > > # node0: > > # -------------------------------------------------------------------------- > > # Class Item Status > > Sometimes, the commands are well within the body of other command output, like in this example: > > > > > Index: configs/firewall > > =================================================================== > > - -- configs/firewall (revision 604) > > @@ -4,6 +4,7 @@ > > # username at host.domain.com> show chassis environment > > # node0: > > # -------------------------------------------------------------------------- > > + # show chassis firmware > > # Class Item Status > > # Temp Routing Engine OK > > # Routing Engine CPU OK > > @@ -36,6 +37,7 @@ > > # FPC 0 O/S Version 11.4R6.6 by builder on 2013-01-05 1 > > # FPC 2 O/S Version 11.4R6.6 by builder on 2013-01-05 1 > > # FWDD O/S Version 11.4R6.6 by builder on 2013-01-05 1 > > + # show chassis fpc detail > > # > > # node1: > > # -------------------------------------------------------------------------- > > @@ -46,6 +48,7 @@ > > # > > # {primary:node0} > > # username at host.domain.com> show chassis fpc detail > > + # show chassis hardware detail > > # node0: > > # -------------------------------------------------------------------------- > > # Slot 0 information: > > Does anyone have any suggestions? is it, what oscillates, random or consistent? From chuck.liggett at mongoosemetrics.com Fri May 31 11:45:03 2013 From: chuck.liggett at mongoosemetrics.com (Chuck Liggett) Date: Fri, 31 May 2013 11:45:03 +0000 Subject: [rancid] jrancid excess revisions due to expect prompt mismatches? In-Reply-To: <20130531062824.GB65245@shrubbery.net> References: <93c1029749024f178987abd8f74de64b@BY2PR07MB075.namprd07.prod.outlook.com> <20130531062824.GB65245@shrubbery.net> Message-ID: Friday, May 31, 2013 02:28, heasley wrote: > Fri, May 31, 2013 at 12:01:31AM +0000, Chuck Liggett: > > While querying a Juniper SRX 650 firewall cluster from a CentOS 6.4 > > box running Rancid 2.3.6 (rpm from Epel), Expect 5.44.1.15, > > where Rancid is run out of /etc/cron.d/rancid and scheduled every > > quarter hour: > > > > Several times a day, I get excess revisions where it looks as though > > a Juniper Rancid command appears in the body of the config as if more > > than one command is being sent in response to a prompt. > > > > Every time I run it manually in expect debugging mode, it does not > > experience the issue. > > > > Here's an illustration: > > > > Index: configs/firewall > > =================================================================== > > - -- configs/firewall (revision 619) > > @@ -2,6 +2,7 @@ > > # > > # username at host.domain.com> show chassis clocks > > # username at host.domain.com> show chassis environment > > + # show chassis firmware > > # node0: > > # ----------------------------------------------------------------- > > # Class Item Status > > > > Sometimes, the commands are well within the body of other command > > output, like in this example: > > > > > > Index: configs/firewall > > =================================================================== > > - -- configs/firewall (revision 604) > > @@ -4,6 +4,7 @@ > > # username at host.domain.com> show chassis environment > > # node0: > > # ----------------------------------------------------------------- > > + # show chassis firmware > > # Class Item Status > > # Temp Routing Engine OK > > # Routing Engine CPU OK > > @@ -36,6 +37,7 @@ > > # FPC 0 O/S Version 11.4R6.6 by builder > > on 2013-01-05 1 > > # FPC 2 O/S Version 11.4R6.6 by builder > > on 2013-01-05 1 > > # FWDD O/S Version 11.4R6.6 by builder > > on 2013-01-05 1 > > + # show chassis fpc detail > > # > > # node1: > > # ----------------------------------------------------------------- > > @@ -46,6 +48,7 @@ > > # > > # {primary:node0} > > # username at host.domain.com> show chassis fpc detail > > + # show chassis hardware detail > > # node0: > > # ----------------------------------------------------------------- > > # Slot 0 information: > > > > Does anyone have any suggestions? > > is it, what oscillates, random or consistent? Its always involving commands, and usually starts at the "show chassis firmware". It sometimes oscillates between the + and - of example one, and then randomly starts with other commands and has multiple commands in the body at various points. From jcbuitrago at edatel.com.co Fri May 31 21:28:03 2013 From: jcbuitrago at edatel.com.co (Juan Carlos Buitrago Zapata) Date: Fri, 31 May 2013 16:28:03 -0500 Subject: [rancid] Support Switch Huawei Quidway S5328 Message-ID: <4E1C4F9611985D459D0120612854BD90040D71E829@EDATEL-MBX-01.edatel.com.co> Hello, I've tried to use rancid for our switch Huawei Quidway S5328, the commands are the same to our Switch 3Com, Although the backup isn't working. I would like to know if I have to do something additional to support this new brand. # h3crancid -d sw-acceso-frontino defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line 121. (Maybe you should just omit the defined()?) executing h3clogin -t 20 -c"screen-length 0 temporary;display version;display boot-loader;display ip routing-table;display current-configuration" sw-acceso-frontino sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' position. sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' position. sw-acceso-frontino: clean_run=0 found_end=0 sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version sw-acceso-frontino: End of run not found sw-acceso-frontino: End of run not found ------------ With the same Switch : #env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid/ h3crancid -d 192.168.40.61 defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line 121. (Maybe you should just omit the defined()?) executing h3clogin -t 20 -c"screen-length 0 temporary;display version;display boot-loader;display ip routing-table;display current-configuration" 192.168.40.61 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. 192.168.40.61: clean_run=0 found_end=0 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip routing-table,display current-configuration,display boot-loader,display version 192.168.40.61: End of run not found 192.168.40.61: End of run not found ! This Execution generate this file: 192.168.40.61.raw and this file has all commands results as shown on next. [rancid at mde-costal ~/Switch]$ cat 192.168.40.61.raw 192.168.40.61 spawn telnet 192.168.40.61 Trying 192.168.40.61... Connected to sw-acceso-frontino. Escape character is '^]'. Login authentication Username:rancid Password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. super Now user privilege is 3 level, and only those commands whose level is equal to or less than this level can be used. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE undo terminal monitor Info: Current terminal monitor is off. screen-length disable ^ Error: Wrong parameter found at '^' position. screen-length 0 temporary Info: The configuration takes effect on the current user terminal interface only. display version Huawei Versatile Routing Platform Software VRP (R) software, Version 5.70 (S5300 V100R005C01SPC100) Copyright (C) 2000-2011 HUAWEI TECH CO., LTD Quidway S5328C-EI-24S Routing Switch uptime is 30 weeks, 2 days, 8 hours, 44 minutes EFGF 0(Master) : uptime is 30 weeks, 2 days, 8 hours, 43 minutes 256M bytes DDR Memory 32M bytes FLASH Pcb Version : VER B Basic BOOTROM Version : 107 Compiled at Jan 18 2011, 22:52:53 CPLD Version : 69 Software Version : VRP (R) Software, Version 5.70 (S5300 V100R005C01SPC100) HINDCARD information Pcb Version : CX22ETPC VER B FANCARD information Pcb Version : FAN VER B PWRCARD I information Pcb Version : PWR VER A PWRCARD II information Pcb Version : PWR VER A display boot-loader ^ Error: Unrecognized command found at '^' position. display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.50.50.0/24 Direct 0 0 D 10.50.50.50 Vlanif1945 10.50.50.50/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.90.90.0/24 Direct 0 0 D 10.90.90.90 Vlanif1941 10.90.90.90/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.40.0/23 Direct 0 0 D 192.168.40.61 Vlanif40 192.168.40.61/32 Direct 0 0 D 127.0.0.1 InLoopBack0 200.35.33.7/32 Static 60 0 RD 192.168.40.1 Vlanif40 200.35.33.13/32 Static 60 0 RD 192.168.40.1 Vlanif40 display current-configuration # !Software Version V100R005C01SPC100 sysname SW-ACCESO-FRONTINO # vlan batch 40 49 to 50 69 90 98 225 227 434 456 706 vlan batch 824 909 to 910 1539 1614 1769 1781 1941 1945 2034 2344 vlan batch 2415 2514 2737 2838 to 2839 # domain edatel domain edatel admin # undo cluster enable undo ntdp enable undo ndp enable # undo http server enable # hwtacacs-server template edatel hwtacacs-server authentication hwtacacs-server authorization hwtacacs-server accounting hwtacacs-server shared-key cipher AA")[K_!5\1%`DJL.:OE)Q!! undo hwtacacs-server user-name domain-included # acl name AZTECA-BW 4999 description [BW-CONTROL-AZTECA] rule 5 permit vlan-id 1945 rule 6 permit vlan-id 1941 # vlan description NODO.B_REP.EL.TOYO_ZTE # ................... Omitted output # interface NULL0 # user-interface con 0 authentication-mode aaa user privilege level 15 user-interface vty 0 4 authentication-mode aaa user privilege level 15 # return quit Info: The max number of VTY users is 5, and the number of current VTY users on line is 0.Connection closed by foreign host. Thank you in adavance!! Regards, JUAN CARLOS BUITRAGO ZAPATA ________________________________ Este mensaje y/o sus anexos son para uso exclusivo de su destinatario intencional y puede contener informaci?n legalmente protegida por ser confidencial. Si usted no es el destinatario intencional del mensaje por favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, le comunicamos que cualquier retenci?n, revisi?n no autorizada, distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso por da?os derivados de la recepci?n del presente mensaje. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobthebaritone at gmail.com Fri May 31 23:21:05 2013 From: bobthebaritone at gmail.com (bob watson) Date: Sat, 1 Jun 2013 09:21:05 +1000 Subject: [rancid] Support Switch Huawei Quidway S5328 In-Reply-To: <4E1C4F9611985D459D0120612854BD90040D71E829@EDATEL-MBX-01.edatel.com.co> References: <4E1C4F9611985D459D0120612854BD90040D71E829@EDATEL-MBX-01.edatel.com.co> Message-ID: Juan, Should there be a space between the parameter -c and the argument? Always try to run your login with exp_internal parameter. Then you can see with what expect is having a problem. See http://www.cotse.com/dlf/man/expect/exp_internal.htm. Cheers Bob Watson BAppSci, MACS, CP View Robert Watson's profile on LinkedIn On 1 June 2013 07:28, Juan Carlos Buitrago Zapata wrote: > Hello,**** > > ** ** > > I?ve tried to use rancid for our switch Huawei Quidway S5328, the > commands are the same to our Switch 3Com, Although the backup isn?t working. > **** > > ** ** > > I would like to know if I have to do something additional to support this > new brand.**** > > ** ** > > # h3crancid -d sw-acceso-frontino**** > > ** ** > > defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line > 121.**** > > (Maybe you should just omit the defined()?)**** > > executing h3clogin -t 20 -c"screen-length 0 temporary;display > version;display boot-loader;display ip routing-table;display > current-configuration" sw-acceso-frontino**** > > sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' > position.**** > > sw-acceso-frontino h3clogin error: Error: Wrong parameter found at '^' > position.**** > > sw-acceso-frontino: clean_run=0 found_end=0**** > > sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > sw-acceso-frontino: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > sw-acceso-frontino: End of run not found**** > > sw-acceso-frontino: End of run not found**** > > ** ** > > ------------**** > > With the same Switch :**** > > ** ** > > #env NOPIPE=YES PATH=${PATH}:/usr/local/libexec/rancid/ h3crancid -d > 192.168.40.61**** > > ** ** > > defined(%hash) is deprecated at /usr/local/libexec/rancid/h3crancid line > 121.**** > > (Maybe you should just omit the defined()?)**** > > executing h3clogin -t 20 -c"screen-length 0 temporary;display > version;display boot-loader;display ip routing-table;display > current-configuration" 192.168.40.61**** > > 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. > **** > > 192.168.40.61 h3clogin error: Error: Wrong parameter found at '^' position. > **** > > 192.168.40.61: clean_run=0 found_end=0**** > > 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > 192.168.40.61: missed cmd(s): screen-length 0 temporary,display ip > routing-table,display current-configuration,display boot-loader,display > version**** > > 192.168.40.61: End of run not found**** > > 192.168.40.61: End of run not found**** > > !**** > > ** ** > > This Execution generate this file: 192.168.40.61.raw and this file has all > commands results as shown on next.**** > > ** ** > > [rancid at mde-costal ~/Switch]$ cat 192.168.40.61.raw**** > > 192.168.40.61**** > > spawn telnet 192.168.40.61**** > > Trying 192.168.40.61...**** > > Connected to sw-acceso-frontino.**** > > Escape character is '^]'.**** > > ** ** > > ** ** > > Login authentication**** > > ** ** > > ** ** > > Username:rancid**** > > Password:**** > > Info: The max number of VTY users is 5, and the number**** > > of current VTY users on line is 1.**** > > super**** > > Now user privilege is 3 level, and only those commands whose level is > equal to or less than this level can be used.**** > > Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE**** > > **** > > undo terminal monitor**** > > Info: Current terminal monitor is off.**** > > screen-length disable**** > > ^**** > > Error: Wrong parameter found at '^' position.**** > > screen-length 0 temporary**** > > Info: The configuration takes effect on the current user terminal > interface only.**** > > display version**** > > Huawei Versatile Routing Platform Software**** > > VRP (R) software, Version 5.70 (S5300 V100R005C01SPC100)**** > > Copyright (C) 2000-2011 HUAWEI TECH CO., LTD**** > > Quidway S5328C-EI-24S Routing Switch uptime is 30 weeks, 2 days, 8 hours, > 44 minutes**** > > ** ** > > EFGF 0(Master) : uptime is 30 weeks, 2 days, 8 hours, 43 minutes**** > > 256M bytes DDR Memory**** > > 32M bytes FLASH**** > > Pcb Version : VER B**** > > Basic BOOTROM Version : 107 Compiled at Jan 18 2011, 22:52:53**** > > CPLD Version : 69**** > > Software Version : VRP (R) Software, Version 5.70 (S5300 V100R005C01SPC100) > **** > > HINDCARD information**** > > Pcb Version : CX22ETPC VER B**** > > FANCARD information**** > > Pcb Version : FAN VER B**** > > PWRCARD I information**** > > Pcb Version : PWR VER A**** > > PWRCARD II information**** > > Pcb Version : PWR VER A**** > > ** ** > > display boot-loader**** > > ^**** > > Error: Unrecognized command found at '^' position.**** > > display ip routing-table**** > > Route Flags: R - relay, D - download to fib**** > > > ------------------------------------------------------------------------------ > **** > > Routing Tables: Public**** > > Destinations : 10 Routes : 10**** > > ** ** > > Destination/Mask Proto Pre Cost Flags NextHop Interface > **** > > ** ** > > 10.50.50.0/24 Direct 0 0 D 10.50.50.50 > Vlanif1945**** > > 10.50.50.50/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 10.90.90.0/24 Direct 0 0 D 10.90.90.90 > Vlanif1941**** > > 10.90.90.90/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 127.0.0.0/8 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 127.0.0.1/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 192.168.40.0/23 Direct 0 0 D 192.168.40.61 Vlanif40* > *** > > 192.168.40.61/32 Direct 0 0 D 127.0.0.1 > InLoopBack0**** > > 200.35.33.7/32 Static 60 0 RD 192.168.40.1 Vlanif40* > *** > > 200.35.33.13/32 Static 60 0 RD 192.168.40.1 Vlanif40* > *** > > ** ** > > display current-configuration**** > > #**** > > !Software Version V100R005C01SPC100**** > > sysname SW-ACCESO-FRONTINO**** > > #**** > > vlan batch 40 49 to 50 69 90 98 225 227 434 456 706**** > > vlan batch 824 909 to 910 1539 1614 1769 1781 1941 1945 2034 2344**** > > vlan batch 2415 2514 2737 2838 to 2839**** > > #**** > > domain edatel**** > > domain edatel admin**** > > #**** > > undo cluster enable**** > > undo ntdp enable**** > > undo ndp enable**** > > #**** > > undo http server enable**** > > #**** > > hwtacacs-server template edatel**** > > hwtacacs-server authentication **** > > hwtacacs-server authorization **** > > hwtacacs-server accounting **** > > hwtacacs-server shared-key cipher AA")[K_!5\1%`DJL.:OE)Q!!**** > > undo hwtacacs-server user-name domain-included**** > > #**** > > acl name AZTECA-BW 4999**** > > description [BW-CONTROL-AZTECA]**** > > rule 5 permit vlan-id 1945**** > > rule 6 permit vlan-id 1941**** > > #**** > > vlan **** > > description NODO.B_REP.EL.TOYO_ZTE**** > > #**** > > ??????. Omitted output**** > > #**** > > interface NULL0**** > > #**** > > user-interface con 0**** > > authentication-mode aaa**** > > user privilege level 15**** > > user-interface vty 0 4**** > > authentication-mode aaa**** > > user privilege level 15**** > > #**** > > return**** > > quit**** > > Info: The max number of VTY users is 5, and the number**** > > of current VTY users on line is 0.Connection closed by foreign host. > **** > > ** ** > > Thank you in adavance!!**** > > ** ** > > Regards,**** > > ** ** > > ** ** > > *JUAN CARLOS BUITRAGO ZAPATA > * > > **** > > ** ** > > ------------------------------ > Este mensaje y/o sus anexos son para uso exclusivo de su destinatario > intencional y puede contener informaci?n legalmente protegida por ser > confidencial. Si usted no es el destinatario intencional del mensaje por > favor inf?rmenos de inmediato y elim?nelo, as? como sus anexos. Igualmente, > le comunicamos que cualquier retenci?n, revisi?n no autorizada, > distribuci?n, divulgaci?n, reenv?o, copia, impresi?n, reproducci?n, o uso > indebido de este mensaje y/o sus anexos, est? estrictamente prohibida y > sancionada legalmente. EDATEL S.A. no se hace responsable en ning?n caso > por da?os derivados de la recepci?n del presente mensaje. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: