[rancid] RANCID SEC Cisco intergration

Georgi Lakovski bakapo at gmail.com
Fri Jan 17 14:13:10 UTC 2014

    I need some help for the work of RANCID with SEC.pl.

    I need to achieve the following functionality observing the syslog of
Cisco devices.

1) look for a description of an interface that matches specific pattern. If
there is a match to check whether there is a "SYS-5-CONFIG_I" message in the
log and initiate a new poll of the specific device reported the messages.
The log message for the description of an interface and write config should
be for the same device and user and in 5 min interval. Otherwise nothing
should be done.

2) if the above conditions are not met as described to poll the device only
by a "SYS-5-CONFIG_I" message

  All this is with the idea to match a specific "change ID", coded in the
description and to pass it together with the user, who made the change to
RANCID. This data will appear in the logs of RANCID as global varaibles
passed to RANCID in the "bin/control_rancid" file to the 

"if [ "X$device" != "X" ] ; then
    $RCSSYS commit -m "$EXECUTOR via $SOURCE_IP due to JOB_ID updated $mailrcpt"
    subject="$GROUP/$device $subject"
    $RCSSYS commit -m "$EXECUTOR via $SOURCE_IP due to JOB_ID update"
    subject="$GROUP $subject"


I imagine it to something like the following, but I can't make it work.

# in case of change to an interface description combined with write config

pattern=\S (\w+-\w+-\w+\d) .*%PARSER-5-CFGLOG_LOGGEDCMD.* User:(\w+)  logged
command:description.*Job Id# = (\d+) .*
desc=This is the description of the changed interface
action=eval %TEST1 ( $ENV {'JOB_ID'}="$3" )
pattern2=\S $1 .*SYS-5-CONFIG_I.* by $2 on vty\d+ \((\d+.\d+.\d+.\d+)\) 
desc2=Please verify. There is a change in the config of $1 by $2
action2=eval %TEST2 ( $ENV {'EXECUTOR'}="$2" );\ 
        eval %TEST3 ( $ENV {'SOURCE_IP'}="$3" );\
        shellcmd /usr/local/rancid/bin/rancid-run -r $1

# in case there is no change of description, only changes not related to
interface description 

pattern=\S (\w+-\w+-\w+\d) .*SYS-5-CONFIG_I.* by (\w+) on vty\d+
desc=Please verify. There is a change in the config of $1 by $2
action=eval %TEST2 ( $ENV {'EXECUTOR'}="$2" );\
       eval %TEST3 ( $ENV {'SOURCE_IP'}="$3" );\
       shellcmd /usr/local/rancid/bin/rancid-run -r $1

Probably the first part may be done with CONTEXTs....
Any ideas? I will appreciate any help how to accomplish my ideas.


More information about the Rancid-discuss mailing list