[rancid] Fortigate additional tweaks and device filters
doug.hughes at keystonenap.com
Tue Jul 31 21:17:42 UTC 2018
On 7/31/2018 5:14 PM, heasley wrote:
> Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
>> Hi Heasley and folks,
>> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
>> filter out some additional chattiness, see:
>> A few people chimed in seeming to be OK with the propsed changes, which are
>> to filter these things:
>> next if (/^\s*IPS-ETDB: .*/);
>> next if (/^\s*APP-DB: .*/);
>> next if (/^\s*IPS Malicious URL Database: .*/);
>> next if (/^\s*Botnet DB: .*/);
>> Mentioning this as 3.8 came out and i didn't notice any of these included.
>> We have an additional fortigate tweak we make every time we update too,
>> which to change from 'show full-configuration' to just 'show' in
>> @commandtable. 'full-configuration' shows default config, just like the
>> cisco 'full' command. It's really not necessary IMO.
> This is from:
> r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines
> fnrancid: update recent fortinet software - Diego Ercolani
> Cleaned-up a little by me.
> afaict, the justification for full-configuration was so that VDOMs would
> be included in the output. perhaps this behavior has changed since this
> change?? I have none of these devices.
I think you are right.. I have a vague recollection of this as well.
Fairless Hills, PA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rancid-discuss