[rancid] question about backup on PaloAlto firewalls

heasley heas at shrubbery.net
Thu May 7 19:45:59 UTC 2015


Thu, May 07, 2015 at 02:32:03PM -0400, Scott Granados:
> So the interesting thing is I have this working well under 2.3.6 but 3.2 seems quite different with out a lot of documentation to show the differences so I hope someone can help.
> 
> I am trying to backup a Paloalto Networks firewall and ending up with blank files and the following log output.
> starting: Thu May 7 14:08:48 EDT 2015
> 
> /usr/local/rancid/bin/control_rancid: 363: /usr/local/rancid/bin/control_rancid: -t: not found
> svn: warning: 'paloalto-01-prod-na-02.abc.com' is already under version control
> Added paloalto-01-prod-na-02.abc.com
> svn: warning: 'paloalto-02-prod-na-02.abc.com' is already under version control
> Added paloalto-02-prod-na-02.abc.com
> 
> 
> 
> Trying to get all of the configs.
> paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands
> paloalto-02-prod-na-02.abc.com: End of run not found
> paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands
> paloalto-01-prod-na-02.abc.com: End of run not found
> =====================================
> Getting missed routers: round 1.
> paloalto-01-prod-na-02.abc.com: missed cmd(s): all commands
> paloalto-01-prod-na-02.abc.com: End of run not found
> paloalto-02-prod-na-02.abc.com: missed cmd(s): all commands
> paloalto-02-prod-na-02.abc.com: End of run not found
> =====================================
> 
> I tried uploading my pan rancid file with no luck, doesn’t seem like it’s called.  I also see the rancid-fe file has changed and there’s no more %vendortable to set.  I set 
> hostname;paloalto;up
> in the router.db and insured that it matched the paloalto in rancid.types.conf which seems to be where the vendor data is stored.
> 
> What have I missed, any ideas would be most helpful.  The panlogin process is successful when testing that way.

see rancid.types.conf(5).  its possible to add older style scripts w/o
modification.  but, the panos stuff was imported and should be in 3.2;
where you'd manually run with
	rancid -t paloalto hostname


More information about the Rancid-discuss mailing list