From jlambert at ften.com Wed Jul 9 17:56:01 2008 From: jlambert at ften.com (Justin Lambert) Date: Wed, 9 Jul 2008 10:56:01 -0700 Subject: [rancid] Incomplete output Message-ID: <95AD5EB0BCCF284CB0194E8300A23E4A11062CF4@EXVDMBX003-1.exch003intermedia.net> I am trying to set up rancid and must be missing something simple. This is a manual run with clogin using expect 5.43 compiled with the expect-hack1. Destination switch is a Cisco 3020 (blade chassis switch). ~$ clogin -t 90 -c"show running-config write term"" The output I get for both commands is: Building configuration... Current configuration : 159 bytes ! ! Last configuration change at 18:07:19 EDT Wed Jul 9 2008 by jlambert ! NVRAM config last updated at 13:40:03 EDT Wed Jul 9 2008 by jlambert ! ! ! ! ! end I tried adding 'terminal length 0' to the start of the clogin command hoping maybe that would be sufficient to print out the whole config without hanging on a 'more', but to no avail. I ran expect -d <....> and didn't see anything in the output that looked wrong. Is this related to the expect issues that for some reason are still manifesting itself on my machine? I have tried this on my gentoo machine and on a CentoOS 5.2 machine. Thanks, Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080709/20e9e2c0/attachment.html From SMartin at sourceinterlink.com Wed Jul 9 18:02:19 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Wed, 9 Jul 2008 14:02:19 -0400 Subject: [rancid] Re: Incomplete output In-Reply-To: <95AD5EB0BCCF284CB0194E8300A23E4A11062CF4@EXVDMBX003-1.exch003intermedia.net> Message-ID: <79B77295FBC9F247A32A6C98B67B1E140159D269@srv-1exch01.sourceinterlink.com> Are you sure you are getting logged into the device with the appropriate privilege level? What if you just use ./clogin devicename does it give you an enable prompt, and if so can you execute the show run command then manually from the prompt it gives you? _____________________________________________________________________ Seth Martin ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Justin Lambert Sent: Wednesday, July 09, 2008 1:56 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Incomplete output I am trying to set up rancid and must be missing something simple. This is a manual run with clogin using expect 5.43 compiled with the expect-hack1. Destination switch is a Cisco 3020 (blade chassis switch). ~$ clogin -t 90 -c"show running-config write term"" The output I get for both commands is: Building configuration... Current configuration : 159 bytes ! ! Last configuration change at 18:07:19 EDT Wed Jul 9 2008 by jlambert ! NVRAM config last updated at 13:40:03 EDT Wed Jul 9 2008 by jlambert ! ! ! ! ! end I tried adding 'terminal length 0' to the start of the clogin command hoping maybe that would be sufficient to print out the whole config without hanging on a 'more', but to no avail. I ran expect -d <....> and didn't see anything in the output that looked wrong. Is this related to the expect issues that for some reason are still manifesting itself on my machine? I have tried this on my gentoo machine and on a CentoOS 5.2 machine. Thanks, Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080709/8f1ed719/attachment.html From jlambert at ften.com Wed Jul 9 19:08:23 2008 From: jlambert at ften.com (Justin Lambert) Date: Wed, 9 Jul 2008 12:08:23 -0700 Subject: [rancid] Re: Incomplete output In-Reply-To: <79B77295FBC9F247A32A6C98B67B1E140159D269@srv-1exch01.sourceinterlink.com> References: <95AD5EB0BCCF284CB0194E8300A23E4A11062CF4@EXVDMBX003-1.exch003intermedia.net> <79B77295FBC9F247A32A6C98B67B1E140159D269@srv-1exch01.sourceinterlink.com> Message-ID: <95AD5EB0BCCF284CB0194E8300A23E4A11062D25@EXVDMBX003-1.exch003intermedia.net> That is exactly what it was. Even though I had given that privilege level rights to the show running-config and write term command you are only able to see what you can modify. It looks like with TACAS+ I could set a user to read only, but for now had to just change the user rancid uses to priv level 15. Thanks for pointing out the obvious. Justin From: Martin, Seth [mailto:SMartin at sourceinterlink.com] Sent: Wednesday, July 09, 2008 12:02 PM To: Justin Lambert; rancid-discuss at shrubbery.net Subject: RE: [rancid] Incomplete output Are you sure you are getting logged into the device with the appropriate privilege level? What if you just use ./clogin devicename does it give you an enable prompt, and if so can you execute the show run command then manually from the prompt it gives you? _____________________________________________________________________ Seth Martin ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Justin Lambert Sent: Wednesday, July 09, 2008 1:56 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Incomplete output I am trying to set up rancid and must be missing something simple. This is a manual run with clogin using expect 5.43 compiled with the expect-hack1. Destination switch is a Cisco 3020 (blade chassis switch). ~$ clogin -t 90 -c"show running-config write term"" The output I get for both commands is: Building configuration... Current configuration : 159 bytes ! ! Last configuration change at 18:07:19 EDT Wed Jul 9 2008 by jlambert ! NVRAM config last updated at 13:40:03 EDT Wed Jul 9 2008 by jlambert ! ! ! ! ! end I tried adding 'terminal length 0' to the start of the clogin command hoping maybe that would be sufficient to print out the whole config without hanging on a 'more', but to no avail. I ran expect -d <....> and didn't see anything in the output that looked wrong. Is this related to the expect issues that for some reason are still manifesting itself on my machine? I have tried this on my gentoo machine and on a CentoOS 5.2 machine. Thanks, Justin -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080709/09fcb659/attachment.html From gingabire at rwandatel.rw Thu Jul 10 09:44:18 2008 From: gingabire at rwandatel.rw (Ingabire Grace) Date: Thu, 10 Jul 2008 11:44:18 +0200 Subject: [rancid] clogin error Message-ID: Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080710/0f77bf94/attachment.html From steve at host-it.co.uk Thu Jul 10 09:52:25 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 10 Jul 2008 10:52:25 +0100 Subject: [rancid] Re: clogin error In-Reply-To: References: Message-ID: <12fd01c8e272$a8635390$f929fab0$@co.uk> Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080710/fd804603/attachment.html From gingabire at rwandatel.rw Thu Jul 10 10:00:47 2008 From: gingabire at rwandatel.rw (Ingabire Grace) Date: Thu, 10 Jul 2008 12:00:47 +0200 Subject: [rancid] Re: clogin error In-Reply-To: <12fd01c8e272$a8635390$f929fab0$@co.uk> Message-ID: I don't have have the word enable. The syntax is: Add password router IP router password router enable password Should I change it to something similar as this? Add password router IP rancid password enable password As suggested? Thanks for your quick reply. Regards, Grace _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 11:52 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080710/17744371/attachment.html From steve at host-it.co.uk Thu Jul 10 10:05:05 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Thu, 10 Jul 2008 11:05:05 +0100 Subject: [rancid] Re: clogin error In-Reply-To: References: <12fd01c8e272$a8635390$f929fab0$@co.uk> Message-ID: <130f01c8e274$6d51f2f0$47f5d8d0$@co.uk> The "rancid password" I forgot to mention will be the password that rancid uses to login. This will be the user that is specified in the line like: add user * Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: Ingabire Grace [mailto:gingabire at rwandatel.rw] Sent: 10 July 2008 11:01 To: 'Steve Ousley'; rancid-discuss at shrubbery.net Subject: RE: [rancid] Re: clogin error I don't have have the word enable. The syntax is: Add password router IP router password router enable password Should I change it to something similar as this? Add password router IP rancid password enable password As suggested? Thanks for your quick reply. Regards, Grace _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 11:52 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080710/494fb652/attachment.html From SMartin at sourceinterlink.com Thu Jul 10 11:30:07 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Thu, 10 Jul 2008 07:30:07 -0400 Subject: [rancid] Re: clogin error In-Reply-To: <130f01c8e274$6d51f2f0$47f5d8d0$@co.uk> Message-ID: <79B77295FBC9F247A32A6C98B67B1E140159D456@srv-1exch01.sourceinterlink.com> If your password uses special characters you may need to enclose it in {} _____________________________________________________________________ Seth Martin ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 6:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error The "rancid password" I forgot to mention will be the password that rancid uses to login. This will be the user that is specified in the line like: add user * Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: Ingabire Grace [mailto:gingabire at rwandatel.rw] Sent: 10 July 2008 11:01 To: 'Steve Ousley'; rancid-discuss at shrubbery.net Subject: RE: [rancid] Re: clogin error I don't have have the word enable. The syntax is: Add password router IP router password router enable password Should I change it to something similar as this? Add password router IP rancid password enable password As suggested? Thanks for your quick reply. Regards, Grace ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 11:52 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080710/ade113f0/attachment.html From gingabire at rwandatel.rw Mon Jul 14 08:36:10 2008 From: gingabire at rwandatel.rw (Ingabire Grace) Date: Mon, 14 Jul 2008 10:36:10 +0200 Subject: [rancid] Re: clogin error In-Reply-To: <79B77295FBC9F247A32A6C98B67B1E140159D456@srv-1exch01.sourceinterlink.com> Message-ID: I' m still getting the same error even after enclose them in {}. _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Martin, Seth Sent: Thursday, July 10, 2008 1:30 PM To: Steve Ousley; rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error If your password uses special characters you may need to enclose it in {} _____________________________________________________________________ Seth Martin _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 6:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error The "rancid password" I forgot to mention will be the password that rancid uses to login. This will be the user that is specified in the line like: add user * Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: Ingabire Grace [mailto:gingabire at rwandatel.rw] Sent: 10 July 2008 11:01 To: 'Steve Ousley'; rancid-discuss at shrubbery.net Subject: RE: [rancid] Re: clogin error I don't have have the word enable. The syntax is: Add password router IP router password router enable password Should I change it to something similar as this? Add password router IP rancid password enable password As suggested? Thanks for your quick reply. Regards, Grace _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 11:52 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080714/a693f68e/attachment.html From gingabire at rwandatel.rw Mon Jul 14 08:43:10 2008 From: gingabire at rwandatel.rw (Ingabire Grace) Date: Mon, 14 Jul 2008 10:43:10 +0200 Subject: [rancid] Re: clogin error In-Reply-To: Message-ID: Here is the syntax of my file: add password 196.xx.xx.xx {rancid123 ghy_#tpe} rancid123: rancid password ghy_#tpe: enable password Regards, Grace _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: Monday, July 14, 2008 10:36 AM To: 'Martin, Seth'; 'Steve Ousley'; rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error I' m still getting the same error even after enclose them in {}. _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Martin, Seth Sent: Thursday, July 10, 2008 1:30 PM To: Steve Ousley; rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error If your password uses special characters you may need to enclose it in {} _____________________________________________________________________ Seth Martin _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 6:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error The "rancid password" I forgot to mention will be the password that rancid uses to login. This will be the user that is specified in the line like: add user * Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: Ingabire Grace [mailto:gingabire at rwandatel.rw] Sent: 10 July 2008 11:01 To: 'Steve Ousley'; rancid-discuss at shrubbery.net Subject: RE: [rancid] Re: clogin error I don't have have the word enable. The syntax is: Add password router IP router password router enable password Should I change it to something similar as this? Add password router IP rancid password enable password As suggested? Thanks for your quick reply. Regards, Grace _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Thursday, July 10, 2008 11:52 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin error Do you actually have the word "enable" in there? The format of the lines I have is: add password Also, I am not sure wether this particularly matters, but I have some routers that have different login details to all others, and these are specified above the rule that states the password for all other routers. So I have like: add password firewall1 add password firewall2 add password * Not sure if the order does matter, but I would have thought rancid would simply look for the first matching line. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ingabire Grace Sent: 10 July 2008 10:44 To: rancid-discuss at shrubbery.net Subject: [rancid] clogin error Hello, I have configured rancid but I m getting an error: clogin error: Error: extra characters after close-brace In my.clogin file, here is the syntax of all the routers that I added: add password router password enable password Has any one get a problem like this? Thanks for your prompt reply. Regards, Grace -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080714/4433b56b/attachment.html From gabbawp at gmail.com Mon Jul 14 09:40:58 2008 From: gabbawp at gmail.com (Gareth Hopkins) Date: Mon, 14 Jul 2008 11:40:58 +0200 Subject: [rancid] Re: clogin error In-Reply-To: References: Message-ID: <9a0178110807140240l4983f2edw6374c2c5871e7ba4@mail.gmail.com> Hi, You need to enclose the login and the enable password seperately. add password host {login} {enable} There is alot more you can specify. More info availalbe at http://www.shrubbery.net/rancid/man/cloginrc.5.html On Mon, Jul 14, 2008 at 10:43 AM, Ingabire Grace wrote: > Here is the syntax of my file: > > > > add password 196.xx.xx.xx {rancid123 ghy_#tpe} > > rancid123: rancid password > > ghy_#tpe: enable password > > > > Regards, > > Grace > > > > > ------------------------------ > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Ingabire Grace > *Sent:* Monday, July 14, 2008 10:36 AM > *To:* 'Martin, Seth'; 'Steve Ousley'; rancid-discuss at shrubbery.net > *Subject:* [rancid] Re: clogin error > > > > I' m still getting the same error even after enclose them in {}. > > > > > > > ------------------------------ > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Martin, Seth > *Sent:* Thursday, July 10, 2008 1:30 PM > *To:* Steve Ousley; rancid-discuss at shrubbery.net > *Subject:* [rancid] Re: clogin error > > > > If your password uses special characters you may need to enclose it in {} > > > > _____________________________________________________________________ > Seth Martin > ------------------------------ > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Steve Ousley > *Sent:* Thursday, July 10, 2008 6:05 AM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] Re: clogin error > > > > The "rancid password" I forgot to mention will be the password that rancid > uses to login. This will be the user that is specified in the line like: > > > > add user * > > > > Steve Ousley - SO620-RIPE > > Nuco Technologies Ltd > > steve at host-it.co.uk > > www.nucotechnologies.com > > Tel. 0870 165 1300 > > > > Nuco Technologies Ltd is a company registered in England and Wales > with company number 04470751 > > > > *From:* Ingabire Grace [mailto:gingabire at rwandatel.rw] > *Sent:* 10 July 2008 11:01 > *To:* 'Steve Ousley'; rancid-discuss at shrubbery.net > *Subject:* RE: [rancid] Re: clogin error > > > > I don't have have the word enable. > > The syntax is: > > Add password router IP router password router enable password > > Should I change it to something similar as this? > > > > Add password router IP rancid password enable password > > As suggested? > > > > Thanks for your quick reply. > > > > Regards, > > Grace > > > ------------------------------ > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Steve Ousley > *Sent:* Thursday, July 10, 2008 11:52 AM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] Re: clogin error > > > > Do you actually have the word "enable" in there? The format of the lines I > have is: > > > > add password > > > > Also, I am not sure wether this particularly matters, but I have some > routers that have different login details to all others, and these are > specified above the rule that states the password for all other routers. > > > > So I have like: > > > > add password firewall1 > > add password firewall2 > > add password * > > > > Not sure if the order does matter, but I would have thought rancid would > simply look for the first matching line. > > > > Regards > > > > Steve Ousley - SO620-RIPE > > Nuco Technologies Ltd > > steve at host-it.co.uk > > www.nucotechnologies.com > > Tel. 0870 165 1300 > > > > Nuco Technologies Ltd is a company registered in England and Wales > with company number 04470751 > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Ingabire Grace > *Sent:* 10 July 2008 10:44 > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] clogin error > > > > *Hello,* > > * * > > *I have configured rancid but I m getting an error:* > > *clogin error: Error: extra characters after close-brace* > > *In my.clogin file, here is the syntax of all the routers that I added:* > > * * > > *add password router password enable password* > > * * > > *Has any one get a problem like this?* > > * * > > *Thanks for your prompt reply.* > > * * > > *Regards,* > > * * > > *Grace* > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080714/52af098d/attachment.html From ml at kenweb.org Mon Jul 14 16:40:40 2008 From: ml at kenweb.org (Mailing Lists) Date: Mon, 14 Jul 2008 12:40:40 -0400 (EDT) Subject: [rancid] clogin error: Error: missing close-bracket Message-ID: <10123.72.13.143.12.1216053640.squirrel@www.kenweb.org> I've started getting this error all of a sudden. It seems as if every host cannot be contacted and my logs are filled with this error message. When attempting to use 'clogin' from the command-line I get the same error. The errors started between 1 and 2 AM Eastern Standard time when no one should have be changing anything. Any idea what happened? Thanks in advance. From asmirnoff at gldn.net Mon Jul 14 13:10:24 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Mon, 14 Jul 2008 17:10:24 +0400 Subject: [rancid] Nortel Passport Message-ID: <986544234AB0A44BADE40DF502E2012A01770233@SPBMAIL.spb.sovintel.net> Hello, Dwi Chandra ! Can you show you scripts for Nortel Passport? >Hi All, >Just managed to get out from my routine tasks :-) > >I have a modified blogin and brancid into pplogin and pprancid (including >adding 'passport' in rancid-fe as well) > >I claim to be the beginner at this case ;) Because somehow, the prancid >keeps quitting due to 'end of run not found' > >I have tried changing several possible part in prancid as to what I could >understand, but no luck. > >pplogin works like charm and I keep using it for several remote login tasks >(several 12 - 15 passport 8600 is not easy to tame ;) ) > >If anyone would like to have a look, I'll be happy to post it tomorrow on >those two (modified) scripts. > >Cheers, >Dwi -- Regards, Alexandr Smirnov +7(812)3468600 # 54682 Head of Data Transmission Networks Monitoring Service mailto:asmirnoff at gldn.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080714/d98e3d5c/attachment.html From steve at host-it.co.uk Tue Jul 15 11:19:57 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Tue, 15 Jul 2008 12:19:57 +0100 Subject: [rancid] Problems with getting configuration from a PIX 501. Message-ID: <172a01c8e66c$b6baa1c0$242fe540$@co.uk> I have had rancid installed a little while now, and am noticing problems with rancid on one pix (not sure if it's on more or not, but this is the only one I can confirm without going through manually checking all of them). The problem is that it doesn't seem to be updating the CVS repo with the latest configurations. I do know that we occasionally get problems like this with pix's where the ssh connection doesn't work (usually tell this by running clogin to the pix) however this manages to ssh in no problems, and gets the enable prompt, see below: [CODE] nagios-1:/usr/local/rancid/var/asa# clogin spawn ssh -c 3des -x -l @'s password: Type help or '?' for a list of available commands. > > enable Password: * # [/CODE] As you can see, this is logging into the pix no problems (I have changed any instance of the hostname to and the rancid user, and no the password isn't 1 character long). Using clogin to log into the firewall, I can also run various commands successfully (sh run, sh ver etc). However the firewall still will not update. Does anyone have any ideas? I have also set the pix to "down" and back to "up" and ran rancid again, to no avail. This is really confusing me! Since all our other pix's seem to be working no problems, Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080715/53e55181/attachment.html From steve at host-it.co.uk Tue Jul 15 11:28:52 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Tue, 15 Jul 2008 12:28:52 +0100 Subject: [rancid] Re: Problems with getting configuration from a PIX 501. In-Reply-To: <172a01c8e66c$b6baa1c0$242fe540$@co.uk> References: <172a01c8e66c$b6baa1c0$242fe540$@co.uk> Message-ID: <173501c8e66d$f5942690$e0bc73b0$@co.uk> Sorry for the fast follow on to this. I have now found out that it is actually like this on ALL pix's that we have. Any ASA that we have is working fine, however no pix is updating. I have tried running rancid-r and that runs, for about 1 second, then finishes, where running this on an ASA takes approximately 10 seconds. There is however no error on the command line when I run "rancid -r ". This is now confusing me even more! As far as I can tell, rancid is trying to get the pix configurations, but failing somewhere that I cannot tell. Is there a way to manually run the process that rancid-run would do in order to try and see if there's a problem somewhere? Thanks Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: 15 July 2008 12:20 To: rancid-discuss at shrubbery.net Subject: [rancid] Problems with getting configuration from a PIX 501. I have had rancid installed a little while now, and am noticing problems with rancid on one pix (not sure if it's on more or not, but this is the only one I can confirm without going through manually checking all of them). The problem is that it doesn't seem to be updating the CVS repo with the latest configurations. I do know that we occasionally get problems like this with pix's where the ssh connection doesn't work (usually tell this by running clogin to the pix) however this manages to ssh in no problems, and gets the enable prompt, see below: [CODE] nagios-1:/usr/local/rancid/var/asa# clogin spawn ssh -c 3des -x -l @'s password: Type help or '?' for a list of available commands. > > enable Password: * # [/CODE] As you can see, this is logging into the pix no problems (I have changed any instance of the hostname to and the rancid user, and no the password isn't 1 character long). Using clogin to log into the firewall, I can also run various commands successfully (sh run, sh ver etc). However the firewall still will not update. Does anyone have any ideas? I have also set the pix to "down" and back to "up" and ran rancid again, to no avail. This is really confusing me! Since all our other pix's seem to be working no problems, Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080715/b644185f/attachment.html From steve at host-it.co.uk Tue Jul 15 12:00:13 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Tue, 15 Jul 2008 13:00:13 +0100 Subject: [rancid] Re: Problems with getting configuration from a PIX 501. In-Reply-To: <173501c8e66d$f5942690$e0bc73b0$@co.uk> References: <172a01c8e66c$b6baa1c0$242fe540$@co.uk> <173501c8e66d$f5942690$e0bc73b0$@co.uk> Message-ID: <174801c8e672$572a4f70$057eee50$@co.uk> Problem solved I had a stunning idea to check the logs for the pix on rancid... lord only knows why I didn't think to do this sooner, but in there it stated that /tmp/.pix.run.lock existed. Knowing that rancid was not running, I removed this file, and ran rancid, and now we have updates on all the pix firewalls. :) The stupid thing is that I had ran ls /tmp numerous times, and not seen anything there, so assumed that the lock file wasn't there. Stupid me forgot to run -a with ls so I see hidden files!! I might change rancid's scripts to not make the lock file a hidden file so ls will see it by default hehe Anyway, thanks for the help on this one!! More often than not explaining your actions to someone gives you a clue. Note to self... check logs for problems first! Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: 15 July 2008 12:29 To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Problems with getting configuration from a PIX 501. Sorry for the fast follow on to this. I have now found out that it is actually like this on ALL pix's that we have. Any ASA that we have is working fine, however no pix is updating. I have tried running rancid-r and that runs, for about 1 second, then finishes, where running this on an ASA takes approximately 10 seconds. There is however no error on the command line when I run "rancid -r ". This is now confusing me even more! As far as I can tell, rancid is trying to get the pix configurations, but failing somewhere that I cannot tell. Is there a way to manually run the process that rancid-run would do in order to try and see if there's a problem somewhere? Thanks Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: 15 July 2008 12:20 To: rancid-discuss at shrubbery.net Subject: [rancid] Problems with getting configuration from a PIX 501. I have had rancid installed a little while now, and am noticing problems with rancid on one pix (not sure if it's on more or not, but this is the only one I can confirm without going through manually checking all of them). The problem is that it doesn't seem to be updating the CVS repo with the latest configurations. I do know that we occasionally get problems like this with pix's where the ssh connection doesn't work (usually tell this by running clogin to the pix) however this manages to ssh in no problems, and gets the enable prompt, see below: [CODE] nagios-1:/usr/local/rancid/var/asa# clogin spawn ssh -c 3des -x -l @'s password: Type help or '?' for a list of available commands. > > enable Password: * # [/CODE] As you can see, this is logging into the pix no problems (I have changed any instance of the hostname to and the rancid user, and no the password isn't 1 character long). Using clogin to log into the firewall, I can also run various commands successfully (sh run, sh ver etc). However the firewall still will not update. Does anyone have any ideas? I have also set the pix to "down" and back to "up" and ran rancid again, to no avail. This is really confusing me! Since all our other pix's seem to be working no problems, Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080715/b973c3d9/attachment.html From steve at host-it.co.uk Tue Jul 15 15:56:30 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Tue, 15 Jul 2008 16:56:30 +0100 Subject: [rancid] Re: Problems with getting configuration from a PIX 501. In-Reply-To: <20080715155359.GA5526@shrubbery.net> References: <172a01c8e66c$b6baa1c0$242fe540$@co.uk> <173501c8e66d$f5942690$e0bc73b0$@co.uk> <174801c8e672$572a4f70$057eee50$@co.uk> <20080715155359.GA5526@shrubbery.net> Message-ID: <177501c8e693$58f4ac30$0ade0490$@co.uk> Oh, ok, I hadn't checked if it was still running, but I do remember running killall -9 rancid-run before I had done that anyway. So I guess inadvertently I had made sure it wasn't running, but not really consciously. =/ Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: 15 July 2008 16:54 To: Steve Ousley Subject: Re: [rancid] Re: Problems with getting configuration from a PIX 501. Tue, Jul 15, 2008 at 01:00:13PM +0100, Steve Ousley: > Problem solved > > > > I had a stunning idea to check the logs for the pix on rancid... lord only > knows why I didn't think to do this sooner, but in there it stated that > /tmp/.pix.run.lock existed. Knowing that rancid was not running, I removed > this file, and ran rancid, and now we have updates on all the pix firewalls. > :) you should actually check that its really not running before removing that. it could have been stuck or it could be a left-over from a system crash. From steve at host-it.co.uk Wed Jul 16 08:36:35 2008 From: steve at host-it.co.uk (Steve Ousley) Date: Wed, 16 Jul 2008 09:36:35 +0100 Subject: [rancid] Re: Problems with getting configuration from a PIX 501. In-Reply-To: References: <177501c8e693$58f4ac30$0ade0490$@co.uk> Message-ID: <17d401c8e71f$0e608c70$2b21a550$@co.uk> Hi Ingabire I have had a look, and when rancid runs, I also see a fair few instances of expect running. However looking at the times on these (840 hours for one), that looks like a bit of a problem, it may just be that it has locked up, and crashed. Also stuff in [] I think is usually defunct stuff that has died, but not properly. I would suggest to ensure that tancid isnot running, and then killing these processes manually. Ensure that no processes exist, and that the lock files (usually in /tmp) are not there, and then try rancid again. This is all I can really offer from my limited experience. Regards Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: Ingabire Grace [mailto:gingabire at rwandatel.rw] Sent: 15 July 2008 17:26 To: 'Steve Ousley' Subject: RE: [rancid] Re: Problems with getting configuration from a PIX 501. Hi Steve, Congrats as your rancid is now working. When trying to run rancid, I m seeing a lot of processes: is this normal? I think no. I could not see what I made wrong... rancid 74842 24.1 0.2 2756 2464 ?? R 11:30AM 135:08.47 [expect] rancid 74924 24.1 0.2 2756 2464 ?? R 11:31AM 133:50.24 [expect] rancid 76016 24.0 0.2 2756 2464 ?? R 6:01PM 4:40.78 [expect] rancid 69761 23.9 0.2 2756 2464 ?? R Mon11AM 840:14.06 [expect] rancid 74837 0.0 0.1 1728 1236 ?? I 11:30AM 0:00.00 [sh] rancid 75976 0.0 0.2 2856 2436 ?? I 6:01PM 0:00.02 /usr/bin/perl5 /usr/local/libexec/rancid//par -q -n 5 -c rancid-fe \\{} /usr/local/var/rancid rancid 76000 0.0 0.1 1724 1228 ?? I 6:01PM 0:00.00 sh -c (rancid-fe \\196.xx.xx.xx:cisco) rancid 76002 0.0 0.3 3596 3124 ?? I 6:01PM 0:00.04 /usr/bin/perl5 /usr/local/libexec/rancid//rancid 196.xx.xx.xx (perl5.8.8) rancid 76012 0.0 0.1 1728 1236 ?? I 6:01PM 0:00.00 [sh] rancid 69610 0.0 0.1 1732 1372 p0- I Mon11AM 0:00.00 /bin/sh /usr/local/libexec/rancid/rancid-run rancid 69613 0.0 0.1 1740 1380 p0- I Mon11AM 0:00.04 /bin/sh /usr/local/libexec/rancid//control_rancid all Can you please share your knowledge as you make yours working. Thanks. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Steve Ousley Sent: Tuesday, July 15, 2008 5:56 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Problems with getting configuration from a PIX 501. Oh, ok, I hadn't checked if it was still running, but I do remember running killall -9 rancid-run before I had done that anyway. So I guess inadvertently I had made sure it wasn't running, but not really consciously. =/ Steve Ousley - SO620-RIPE Nuco Technologies Ltd steve at host-it.co.uk www.nucotechnologies.com Tel. 0870 165 1300 Nuco Technologies Ltd is a company registered in England and Wales with company number 04470751 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: 15 July 2008 16:54 To: Steve Ousley Subject: Re: [rancid] Re: Problems with getting configuration from a PIX 501. Tue, Jul 15, 2008 at 01:00:13PM +0100, Steve Ousley: > Problem solved > > > > I had a stunning idea to check the logs for the pix on rancid... lord only > knows why I didn't think to do this sooner, but in there it stated that > /tmp/.pix.run.lock existed. Knowing that rancid was not running, I removed > this file, and ran rancid, and now we have updates on all the pix firewalls. > :) you should actually check that its really not running before removing that. it could have been stuck or it could be a left-over from a system crash. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From ab at lists.gxis.de Sat Jul 19 09:14:33 2008 From: ab at lists.gxis.de (Alexander Bochmann) Date: Sat, 19 Jul 2008 11:14:33 +0200 Subject: [rancid] Re: Alcatel Omniswitch and Rancid Message-ID: <20080719091433.GJ1252@gxis.de> Hi, ...on Fri, Jul 18, 2008 at 07:55:30PM -0700, David Newman wrote: > Per your posting: > http://www.shrubbery.net/pipermail/rancid-discuss/2008-June/003148.html > Yes, I'm very interesting in taking a look. Have you posted your changes > anywhere? No yet, but I already promised someone else to finally send the files out yesterday, so here we go. The files are ologin and orancid, based on the rancid 2.3.2a7 versions. There's lots of unused code in them, as I didn't get very far beyond tweaking my changes in. A new vendor "alcatel" is defined in rancid-fe. It's what you use in your router.db Things that work: Logs into an Omniswitch via ssh (I think telnet works too, but I can't actually remember right now - I'll check on monday) and runs the following commands: show configuration status show chassis show module show microcode show configuration snapshot all Output is minimally parsed, not shure if the ProcessHistory() parameters are used in the way they were intended. Things that should be fixed in some way: Currently, the prompt needs to end in the characters "->" (which is the default I think, otherwise use session config prompt). I had a strange problem with some older AOS versions where rancid couldn't find the prompt, a leftover from debugging that is that you will get a line (commented out) with the exit command at the end of your config if your system runs a more recent software release. I'm not shure if I did something to the autoenable code, so set add autoenable 1 for your alcatel systems in cloginrc to be shure. Need to throw out all the unused code or try to merge with the main rancid scripts. I hope it's of any use to you, otherwise just ask back and I'll try help getting it to work. Alex. -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid-fe.diff Type: text/x-diff Size: 488 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080719/a2d18141/attachment.bin -------------- next part -------------- #! /usr/bin/expect -- ## ## $Id: clogin.in,v 1.107 2006/12/08 21:28:25 heas Exp $ ## ## rancid 2.3.2a7 ## Copyright (C) 1997-2006 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # The login expect scripts were based on Erik Sherk's gwtn, by permission. # # ologin - OmniSwitch login hacks by Alexander Bochmann # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 0 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 1 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # set send_human {.4 .4 .7 .3 5} # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[ info exists env(CLOGINRC) ]} { set password_file $env(CLOGINRC) } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Version string } -V* { send_user "rancid 2.3.2a7\n" exit 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { global command if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } set commands [split $command \;] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [ catch {spawn rsh $user@$router [lindex $commands $i] } reason ] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; wait; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; wait; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; wait; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; wait send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; wait } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# exit\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable: $router\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" return 1 } "Press any key to continue." { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue } -re "Last login:" { exp_continue } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send "$userpswd\r" exp_continue } -re "$u_prompt" { send "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send "$userpswd\r" } else { send "$passwd\r" } exp_continue } -re "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; wait; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc platform set in_proc 1 # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". # skip if its an extreme (since the pager can not be disabled on a # per-vty basis). if { [ string compare "extreme" "$platform" ] } { if [ regexp -- ".*> .*enable" "$prompt" ] { # send "set length 0\r" # This is ugly, but reduces code duplication, allowing the # subsequent expects to handle everything as normal. set command "set logging session disable;$command" } else { # send "term length 0\r" send "no more\r" } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } } else { regsub -all "\[)(]" $prompt {\\&} reprompt } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } } else { # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. send "[subst -nocommands $command]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } log_user 1 if { [ string compare "extreme" "$platform" ] } { send -h "exit\r" } else { send -h "quit\r" } expect { -re "^\[^\n\r *]*$reprompt" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send -h "exit\r" exp_continue; } "Would you like to save them now" { # Force10 send "n\r" exp_continue } "Configuration changes have occurred.*" { # Cisco CSS send "n\r" exp_continue } "Do you wish to save your configuration changes" { send "n\r" exp_continue } -re "\[\n\r]+" { exp_continue } timeout { catch {close}; wait return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # Figure out the prompt. # autoenable is off by default. If we have it defined, it was done # on the command line. If it is not specifically set on the command # line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set autoenable 0 set enable $avenable set prompt ">" } } # OmniSwitch set prompt "->" # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd)\ for.*method:" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { # if login failed or rsh was unsuccessful, move on to the next device continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { catch {close}; catch {wait} continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 ($prompt)" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.*->" { # our configured OmniSwitch prompt set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" send "set logging session disable\r" } else { send "term length 0\r" } expect -re $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- #! /usr/bin/perl ## ## $Id: rancid.in,v 1.218 2006/10/05 04:27:43 heas Exp $ ## ## rancid 2.3.2a7 ## Copyright (C) 1997-2006 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-dV] [-l] [-f filename | hostname] # # Alcatel OmniSwitch hack by Alexander Bochmann # use Getopt::Std; getopts('dflV'); if ($opt_V) { print "rancid 2.3.2a7\n"; exit(0); } $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $found_version = 0; $found_env = 0; $found_diag = 0; $timeo = 90; # ologin timeout in seconds my(@commandtable, %commands, @commands);# command lists my(%filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string) = (@_); if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show configuration status" sub ShowCfgstat { print STDERR " In ShowCfgstat: $_" if ($debug); while () { tr/\015//d; # only want the "Running configuration and saved configuration..." line if (/^Running configuration and saved configuration/) { ProcessHistory("COMMENTS","keysort","A1","!Cfg: $_"); ProcessHistory("COMMENTS","keysort","A1","! \n"); $found_end++; last; } } return(0); } # This routine parses "show configuration snapshot" sub ShowConfig { print STDERR " In ShowConfig: $_" if ($debug); while () { tr/\015//d; next if (/^(\s*|\s*$cmd\s*)$/); next if (/^$/); # drop empty lines return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; if (/^$prompt/) { ProcessHistory("","","","!$_"); $found_end++; last; } # catch all output ProcessHistory("","","","$_"); } return(0); } # This routine parses "show chassis" sub ShowChassis { print STDERR " In ShowChassis: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { ProcessHistory("COMMENTS","keysort","F1","! \n"); last; } next if (/^(\s*|\s*$cmd\s*)$/); next if (/^$/); # drop empty lines return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; ProcessHistory("COMMENTS","keysort","F1","!Hw: $_") && next; } return(0); } # This routine parses "show module" sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { ProcessHistory("COMMENTS","keysort","F2","! \n"); last; } next if (/^(\s*|\s*$cmd\s*)$/); next if (/^$/); # drop empty lines return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; ProcessHistory("COMMENTS","keysort","F2","!Mod: $_") && next; } return(0); } # This routine parses "show microcode" sub ShowMicrocode { print STDERR " In ShowMicrocode: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { ProcessHistory("COMMENTS","keysort","F3","! \n"); last; } next if (/^(\s*|\s*$cmd\s*)$/); next if (/^$/); # drop empty lines return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; ProcessHistory("COMMENTS","keysort","F3","!Sw: $_") && next; } return(0); } # This routine parses "show hardware info" sub ShowHw { print STDERR " In ShowHw: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; ProcessHistory("COMMENTS","keysort","F5","!Hw: $_") && next; } return(0); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); my($slaveslot); while () { tr/\015//d; if (/^$prompt/) { $found_version=1; last}; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); return(0) if ($found_version); # Only do this routine once # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^Slave in slot (\d+) is running/) { $slave = " Slave:"; $slaveslot = ", slot $1"; next; } if (/^Application and Content Networking Software/) { $type="CE"; } /^Application and Content Networking Software Release /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; /^Cisco Secure PIX /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; # PIX 6 fail-over license, as in "This PIX has an Unrestricted (UR) # license." PIX 7 as "his platform has ..." /^This (PIX|platform) has an?\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","D1", "!$_") && next; /^(Cisco )?IOS .* Software,? \(([A-Za-z-0-9_]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $2, $3\n") && next; /^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ && ProcessHistory("COMMENTS","keysort","F2", "!Image:$slave $1 Synced to mainline version: $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G1", "!ROM Bootstrap: $3\n") && next; if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) { ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1 - a PIX\n"); ProcessHistory("COMMENTS","keysort","A2", "!CPU: $3\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory: $2\n"); } /^Serial Number:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; # More PIX stuff /^Encryption hardware device\s+:\s+(.*)/ && ProcessHistory("COMMENTS","keysort","A3", "!Encryption: $1\n") && next; /^running activation key\s*:\s+(.*)/i && ProcessHistory("COMMENTS","keysort","D2", "!Key: $1\n") && next; # Flash on the PIX or FWSM (FireWall Switch Module) /^Flash(\s+\S+)+ \@ 0x\S+,\s+(\S+)/ && ProcessHistory("COMMENTS","keysort","B2", "!Memory: Flash $2\n") && next; # CatOS 3500xl stuff /^System serial number(:\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!Serial Number$1\n") && next; /^Model / && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^Motherboard / && ProcessHistory("COMMENTS","keysort","C3", "!$_") && next; /^Power supply / && ProcessHistory("COMMENTS","keysort","C4", "!$_") && next; /^Activation Key:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^ROM: \d+ Bootstrap .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G2", "!ROM Image: Bootstrap $1\n!\n") && next; /^ROM: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G3","!ROM Image: $1\n") && next; /^BOOTFLASH: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTFLASH: $1\n") && next; /^BOOTLDR: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTLDR: $1\n") && next; /^System image file is "([^\"]*)", booted via (\S*)/ && # removed the booted source due to # CSCdk28131: cycling info in 'sh ver' # ProcessHistory("COMMENTS","keysort","F4","!Image: booted via $2, $1\n") && ProcessHistory("COMMENTS","keysort","F4","!Image: booted $1\n") && next; /^System image file is "([^\"]*)"$/ && ProcessHistory("COMMENTS","keysort","F5","!Image: $1\n") && next; if (/(\S+)\s+(?:\((\S+)\)\s+processor|\(revision[^)]+\)).*\s+with (\S+k) bytes/i) { my($proc) = $1; my($cpu) = $2; my($mem) = $3; my($device) = "router"; # the next line ought to be the more specific cpu info, grab it. # yet, some boards/IOS vers have a processor ID line between these # two. grrr. make sure we dont grab the "software" junk that # follows these lines by looking for "CPU at " or the 2600s # "processor: " unique string. there are undoubtedly many other # incantations. for a slave, we dont get this info and its just a # blank line. $_ = ; if (/processor board id/i) { my($sn); if (/processor board id (\S+)/i) { $sn = $1; $sn =~ s/,$//; ProcessHistory("COMMENTS","keysort","D9", "!Processor ID: $sn\n"); } $_ = ; } $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i); tr/\015//d; s/implementation/impl/i; if ($_ !~ /^\s*$/) { chomp; s/^/, /; } if ($proc eq "CSC") { $type = "AGS"; } elsif ($proc eq "CSC4") { $type = "AGS+"; } elsif ($proc =~ /^(AS)?25[12][12]/) { $type = "2500"; } elsif ($proc =~ /261[01]/ || $proc =~ /262[01]/ ) { $type = "2600"; } elsif ($proc =~ /^36[0246][0-9]/) { $type = "3600"; } elsif ($proc =~ /^37/) { $type = "3700"; } elsif ($proc =~ /^38/) { $type = "3800"; } elsif ($proc eq "RSP7000") { $type = "7500"; } elsif ($proc =~ /RSP\d/) { $type = "7500"; } elsif ($proc eq "RP1") { $type = "7000"; } elsif ($proc eq "RP") { $type = "7000"; } elsif ($proc =~ /720[246]/) { $type = "7200"; } elsif ($proc =~ /1200[48]\/GRP/ || $proc =~ /1201[26]\/GRP/) { $type = "12000"; } elsif ($proc =~ /1201[26]-8R\/GRP/) { $type = "12000"; } elsif ($proc =~ /WS-C29/) { $type = "2900XL"; $device = "switch"; } elsif ($proc =~ /WS-C355/) { $type = "3550"; $device = "switch"; } elsif ($proc =~ /WS-C35/) { $type = "3500XL"; $device = "switch"; } elsif ($proc =~ /WS-C45/) { $type = "4500"; $device = "switch"; } elsif ($proc =~ /6000/) { $type = "6000"; $device = "switch"; } elsif ($proc =~ /CISCO76/) { $type = "7600"; $device = "router"; } elsif ($proc =~ /1900/) { $type = "1900"; $device = "switch"; } elsif ( $proc =~ /^73/) { $type = "7300"; } else { $type = $proc; } print STDERR "TYPE = $type\n" if ($debug); ProcessHistory("COMMENTS","keysort","A1", "!Chassis type:$slave $proc - a $type $device\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory:$slave main $mem\n"); if (defined($cpu)) { ProcessHistory("COMMENTS","keysort","A3", "!CPU:$slave $cpu$_$slaveslot\n"); } next; } if (/(\S+) Silicon\s*Switch Processor/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C2","!SSP: $1\n"); $ssp = 1; $sspmem = $1; next; } /^(\d+[kK]) bytes of multibus/ && ProcessHistory("COMMENTS","keysort","B2", "!Memory: multibus $1\n") && next; /^(\d+[kK]) bytes of (non-volatile|NVRAM)/ && ProcessHistory("COMMENTS","keysort","B3", "!Memory: nvram $1\n") && next; /^(\d+[kK]) bytes of flash memory/ && ProcessHistory("COMMENTS","keysort","B5","!Memory: flash $1\n") && next; /^(\d+[kK]) bytes of .*flash partition/ && ProcessHistory("COMMENTS","keysort","B6", "!Memory: flash partition $1\n") && next; /^(\d+[kK]) bytes of Flash internal/ && ProcessHistory("COMMENTS","keysort","B4", "!Memory: bootflash $1\n") && next; if (/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i) { ProcessHistory("COMMENTS","keysort","B7", "!Memory: pcmcia $2 $3$4 $1\n"); next; } if (/^WARNING/) { if (!defined($I0)) { $I0=1; ProcessHistory("COMMENTS","keysort","I0","!\n"); } ProcessHistory("COMMENTS","keysort","I1","! $_"); } if (/^Configuration register is (.*)$/) { $config_register=$1; next; } if (/^Configuration register on node \S+ is (.*)$/) { $config_register=$1 if $config_register eq ""; next; } } return(0); } # This routine parses "show redundancy" sub ShowRedundancy { print STDERR " In ShowRedundancy: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /^IOS .* Software \(([A-Za-z-0-9_]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $1, $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; } return(0); } # This routine parses "show IDprom" sub ShowIDprom { my($tmp); print STDERR " In ShowIDprom: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /FRU is .(.*)\'/ && ($tmp = $1); /Product Number = .(.*)\'/ && ProcessHistory("COMMENTS","keysort","D0", "!Catalyst Chassis type: $1, $tmp\n"); /Serial Number = .([0-9A-Za-z]+)/ && ProcessHistory("COMMENTS","keysort","D1", "!Catalyst Chassis S/N: $1\n"); /Manufacturing Assembly Number = .([-0-9]+)/ && ($tmp = $1); /Manufacturing Assembly Revision = .(.*)\'/ && ($tmp .= ", rev " . $1); /Hardware Revision = ([0-9.]+)/ && ProcessHistory("COMMENTS","keysort","D2", "!Catalyst Chassis assembly: $tmp, ver $1\n"); } return(0); } # This routine parses "show install active" sub ShowInstallActive { print STDERR " In ShowInstallActive: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("COMMENTS","keysort","F5","!Image: $_") && next; } return(0); } # This routine parses "show env all" sub ShowEnv { # Skip if this is not a 7500, 7200, or 7000. print STDERR " In ShowEnv: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { $found_env=1; last}; next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); return(0) if ($found_env); # Only do this routine once # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (!defined($E0)) { $E0=1; ProcessHistory("COMMENTS","keysort","E0","!\n"); } if (/^Arbiter type (\d), backplane type (\S+)/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C1", "!Enviromental Arbiter Type: $1\n"); ProcessHistory("COMMENTS","keysort","A2", "!Chassis type: $2 backplane\n"); next; } /^Power Supply Information$/ && next; /^\s*Power Module\s+Voltage\s+Current$/ && next; /^\s*(Power [^:\n]+)$/ && ProcessHistory("COMMENTS","keysort","E1","!Power: $1\n") && next; /^\s*(Lower Power .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(redundant .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(RPS is .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show rsp chassis-info" for the rsp # This will create arrays for hw info. sub ShowRSP { print STDERR " In ShowRSP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /^$/ && next; /^\s+Chassis model: (\S+)/ && ProcessHistory("COMMENTS","keysort","D1", "!RSP Chassis model: $1\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!RSP Chassis S/N: $1\n") && next; } return(0); } # This routine parses "show gsr chassis-info" for the gsr # This will create arrays for hw info. sub ShowGSR { # Skip if this is not a 1200n. print STDERR " In ShowGSR: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /^$/ && next; /^\s+Chassis: type (\S+) Fab Ver: (\S+)/ && ProcessHistory("COMMENTS","keysort","D1", "!GSR Chassis type: $1 Fab Ver: $2\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!GSR Chassis S/N: $1\n") && next; /^\s+PCA: (\S+)\s*rev: (\S+)\s*dev: \S+\s*HW ver: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D3", "!GSR Backplane PCA: $1, rev $2, ver $3\n") && next; /^\s+Backplane S\/N: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D4", "!GSR Backplane S/N: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show boot" sub ShowBoot { # Pick up boot variables if 7000/7200/7500/12000/2900/3500; # otherwise pick up bootflash. print STDERR " In ShowBoot: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /Ambiguous command/i; return(1) if /(Open device \S+ failed|Error opening \S+:)/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } next if /CONFGEN variable/; if (!defined($H0)) { $H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n"); } if ($type !~ /^(12[04]|7)/) { if ($type !~ /^(29|35)00/) { ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_"); } else { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } elsif (/variable/) { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show flash" sub ShowFlash { # skip if this is 7000, 7200, 7500, or 12000; else we end up with # redundant data from dir /all slot0: print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if ($type =~ /^(12[40]|7)/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); return; } # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { # Skip if this is not a 3600, 7000, 7200, 7500, or 12000. print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|7|36)/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(No such device|Error Sending Request)/i; return(1) if /\%Error: No such file or directory/; return(1) if /No space information available/; return(-1) if /\%Error calling/; return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("FLASH","","","!Flash: $dev: $_"); } ProcessHistory("","","","!\n"); return(0); } # This routine parses "show controllers" sub ShowContAll { # Skip if this is a 70[01]0, 7500, or 12000. print STDERR " In ShowContAll: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type =~ /^(12[40]|7[05])/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^Interface ([^ \n(]*)/) { $INT = "$1, "; next; } /^(BRI unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^LANCE unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^(LANCE unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /(Media Type is \S+),/ && ProcessHistory("INT","","","!\t$1\n"); if (/(M\dT[^ :]*:) show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr $_"); } if (/^(\S+) : show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr: $_"); } /^(HD unit \d), idb/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^HD unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ HD unit \d, (.*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^AM79970 / && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ (Universal Serial: .*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^Hardware is (.*)/ && ProcessHistory("INT","","","!Interface: $INT$1\n") && next; /^(QUICC Serial unit \d),/ && ProcessHistory("INT","","","!$1\n") && next; /^QUICC Ethernet .*/ && ProcessHistory("INT","","","!$_") && next; /^DTE .*\.$/ && ProcessHistory("INT","","","!\t$_") && next; /^(cable type :.*),/ && ProcessHistory("INT","","","!\t$1\n") && next; /^(.* cable.*), received clockrate \d+$/ && ProcessHistory("INT","","","!\t$1\n") && next; /^.* cable.*$/ && ProcessHistory("INT","","","!\t$_") && next; } return(0); } # This routine parses "show controllers cbus" # Some of this is printed out in ShowDiagbus. sub ShowContCbus { # Skip if this is not a 7000 or 7500. print STDERR " In ShowContCbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]0/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^\s*slot(\d+): ([^,]+), hw (\S+), sw (\S+), ccb/) { $slot = $1; $board{$slot} = $2; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/^\s*(\S+) (\d+), hardware version (\S+), microcode version (\S+)/) { $slot = $2; $board{$slot} = $1; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/(Microcode .*)/) { $ucode{$slot} = $1; } elsif (/(software loaded .*)/) { $ucode{$slot} = $1; } elsif (/(\d+) Kbytes of main memory, (\d+) Kbytes cache memory/) { $hwmemd{$slot} = $1; $hwmemc{$slot} = $2; } elsif (/byte buffers/) { chop; s/^\s*//; $hwbuf{$slot} = $_; } elsif (/Interface (\d+) - (\S+ \S+),/) { $interface = $1; ProcessHistory("HW","","", "!\n!Int $interface: in slot $slot, named $2\n"); next; } elsif (/(\d+) buffer RX queue threshold, (\d+) buffer TX queue limit, buffer size (\d+)/) { ProcessHistory("HW","","","!Int $interface: rxq $1, txq $2, bufsize $3\n"); next; } } return(0); } # This routine parses "show debug" sub ShowDebug { print STDERR " In ShowDebug: $_" if ($debug); my($lines) = 0; while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /^No matching debug flags set$/ && next; ProcessHistory("COMMENTS","keysort","J1","!DEBUG: $_"); $lines++; } if ($lines) { ProcessHistory("COMMENTS","keysort","J0","!\n"); } return(0); } # This routine parses "show diagbus" # This will create arrarys for hw info. sub ShowDiagbus { # Skip if this is not a 7000, 70[01]0, or 7500. print STDERR " In ShowDiagbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^\s*Slot (\d+):/i) { $slot = $1; next; } elsif (/^\s*Slot (\d+) \(virtual\):/i) { $slot = $1; next; } elsif (/^\s*(.*Processor.*|.*controller|.*controler|.*Chassis Interface)(, FRU\s?:.*)?, HW rev (\S+), board revision (\S+)/i) { $board = $1; $hwver = $3; $boardrev = $4; if ($board =~ /Processor/) { if ($board =~ /7000 Route\/Switch/) { $board = "RSP7000"; } elsif ($board =~ /Route\/Switch Processor (\d)/) { $board = "RSP$1"; } elsif ($board =~ /Route/) { $board = "RP"; } elsif ($board =~ /Silicon Switch/) { $board = "SSP"; } elsif ($board =~ /Switch/) { $board = "SP"; $board = "SSP $sspmem" if $ssp; } elsif ($board =~ /ATM/) { $board = "AIP"; } } elsif ($board =~ /(.*) controller/i) { $board = $1; } # hwucode{$slot} defined in ShowContCbus if (defined $hwucode{$slot}) { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev ucode $hwucode{$slot}\n"); } else { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev\n"); } # These are also from the ShowContCbus ProcessHistory("SLOT","","","!Slot $slot/$board: $ucode{$slot}\n") if (defined $ucode{$slot}); ProcessHistory("SLOT","","","!Slot $slot/$board: memd $hwmemd{$slot}, cache $hwmemc{$slot}\n") if ((defined $hwmemd{$slot}) && (defined $hwmemc{$slot})); ProcessHistory("SLOT","","","!Slot $slot/$board: $hwbuf{$slot}\n") if (defined $hwbuf{$slot}); next; } /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","", "!Slot $slot/$board: part $2, serial $1\n") && next; /^\s*Controller Memory Size: (.*)$/ && ProcessHistory("SLOT","","","!Slot $slot/$board: $1\n") && next; if (/PA Bay (\d) Information/) { $pano = $1; if ("PA" =~ /$board/) { ($s,$c) = split(/\//,$board); $board = "$s/$c/PA $pano"; } else { $board =~ s/\/PA \d//; $board = "$board/PA $pano"; } next; } /\s+(.*) (IP|PA), (\d) ports?,( \S+,)? (FRU\s?: )?(\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $6, $3 ports\n") && next; /\s+(.*) (IP|PA)( \(\S+\))?, (\d) ports?/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $1$3, $4 ports\n") && next; /^\s*HW rev (\S+), Board revision (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: hvers $1 rev $2\n") && next; /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: part $2, serial $1\n") && next; } return(0); } # This routine parses "show diag" for the gsr, 7200, 3700, 3600, 2600. # This will create arrarys for hw info. sub ShowDiag { # Skip if this is not a 12000. print STDERR " In ShowDiag: $_" if ($debug); while () { REDUX: tr/\015//d; if (/^$prompt/) { $found_diag=1; last}; next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|720|36|26)/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); return(0) if ($found_diag); # Only do this routine once /^$/ && next; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } s/Port Packet Over SONET/POS/; if (/^\s*SLOT\s+(\d+)\s+\((.*)\): (.*)/) { $slot = $1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $3\n"); next; } if (/^\s*NODE\s+(\S+) : (.*)/) { $slot = $1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $2\n"); next; } if (/^\s*PLIM\s+(\S+) : (.*)/) { $slot = $1 . " PLIM"; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $2\n"); next; } if (/^\s*RACK\s+(\S+) : (.*)/) { $slot = "Rack/" . $1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $2\n"); next; } if (/^\s+MAIN:\s* type \S+,\s+(.*)/) { local($part) = $1; $_ = ; if (/^\s+(HW version|Design Release) (\S+)\s+S\/N (\S+)/i) { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part, serial $3\n"); ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: hvers $2\n"); } else { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part\n"); goto REDUX; } next; } if (/^\s+MAIN:\s* board type \S+$/) { $_ = ; tr/\015//d; if (/^\s+(.+)$/) { local($part) = $1; $_ = ; tr/\015//d; if (/^\s+dev (.*)$/) { local($dev) = $1; $_ = ; if (/^\s+S\/N (\S+)/) { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part, dev $dev, serial $1\n"); } else { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part, dev $dev\n"); goto REDUX; } } else { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $part\n"); goto REDUX; } } else { goto REDUX; } next; } if (/^c3700\s+(io-board|mid-plane)/i) { $slot=$1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: part $1\n"); next; } if (/ Engine:\s+(.*)/) { ProcessHistory("SLOT","keysort","AE","!Slot $slot/Engine: $1\n"); } if (/FRU:\s+Linecard\/Module:\s+(\S+)/) { ProcessHistory("SLOT","keysort","AF","!Slot $slot/FRU: Linecard/Module: $1\n"); next; } if (/\s+Processor Memory:\s+(\S+)/) { ProcessHistory("SLOT","keysort","AF","!Slot $slot/FRU: Processor Memory: $1\n"); next; } if (/\s+Packet Memory:\s+(\S+)/) { ProcessHistory("SLOT","keysort","AF","!Slot $slot/FRU: Packet Memory: $1\n"); next; } if (/^\s+PCA:\s+(.*)/) { local($part) = $1; $_ = ; if (/^\s+(HW version|design release) (\S+)\s+S\/N (\S+)/i) { ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $3\n"); ProcessHistory("SLOT","keysort","C2","!Slot $slot/PCA: hvers $2\n"); } else { ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part\n"); goto REDUX; } next; } if (/^\s+MBUS: .*\)\s+(.*)/) { local($tmp) = "!Slot $slot/MBUS: part $1"; $_ = ; /^\s+HW version (\S+)\s+S\/N (\S+)/ && ProcessHistory("SLOT","keysort","MB1","$tmp, serial $2\n") && ProcessHistory("SLOT","keysort","MB2","!Slot $slot/MBUS: hvers $1\n"); next; } if (/^\s+MBUS Agent Software version (.*)/) { ProcessHistory("SLOT","keysort","MB3","!Slot $slot/MBUS: software $1\n"); next; } if (/^\s+PLD: (.*)/) { ProcessHistory("SLOT","keysort","P","!Slot $slot/PLD: $1\n"); next; } if (/^\s+MONLIB: (.*)/) { ProcessHistory("SLOT","keysort","Q","!Slot $slot/MONLIB: $1\n"); next; } if (/^\s+ROM Monitor version (.*)/) { ProcessHistory("SLOT","keysort","R","!Slot $slot/ROM Monitor: version $1\n"); next; } if (/^\s+ROMMON: Version (.*)/) { ProcessHistory("SLOT","keysort","R","!Slot $slot/ROMMON: version $1\n"); next; } if (/^\s+Fabric Downloader version used (.*)/) { ProcessHistory("SLOT","keysort","Z","!Slot $slot/Fabric Downloader: version $1\n"); next; } if (/^\s+DRAM size: (\d+)/) { local($dram) = $1 / 1048576; $_ = ; if (/^\s+FrFab SDRAM size: (\d+)/) { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM, " . $1 / 1024 . " Kbytes SDRAM\n"); } else { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM\n"); goto REDUX; } next; } # 7200, 3600, 2600, and 1700 stuff if (/^(Slot)\s+(\d+(\/\d+)?):/ || /^\s+(WIC|VIC|WIC\/VIC) Slot (\d):/ || /^(Encryption AIM) (\d):/) { if ($1 eq "WIC") { $WIC = "/$2"; } elsif ($1 eq "VIC") { $WIC = "/$2"; } elsif ($1 eq "WIC/VIC") { $WIC = "/$2"; } elsif ($1 eq "DSP") { $WIC = "/$2"; } elsif ($1 eq "Encryption AIM") { $slot = "$2"; undef($WIC); ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1\n"); next; } else { $slot = $2; undef($WIC); } $_ = ; tr/\015//d; # clean up hideous 7200/etc formats to look more like 7500 output s/Fast-ethernet on C7200 I\/O card/FE-IO/; s/ with MII or RJ45/-TX/; s/Fast-ethernet /100Base/; s/[)(]//g; s/intermediate reach/IR/i; ProcessHistory("SLOT","","","!\n"); /\s+(.*) port adapter,?\s+(\d+)\s+/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n") && next; # I/O controller with no interfaces /\s+(.*)\s+port adapter\s*$/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n") && next; /\s+(.*)\s+daughter card(.*)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n") && next; /\s+(FT1)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n") && next; # handle WICs lacking "daughter card" in the 2nd line of their # show diag o/p if (defined($WIC)) { s/^\s+//; ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $_"); } next; } elsif (/^\s+(.* (DSP) Module) Slot (\d):/) { # The 1760 (at least) has yet another format...where it has two # dedicated DSP slots, and thus two slot 0s. my($TYPE) = $1; $WIC = "/$3"; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","B", "!Slot $slot$WIC: type $TYPE\n"); next; } # yet another format. seen on 2600s w/ 12.1, but appears to be all # 12.1, including 7200s & 3700s. Sometimes the PCB serial appears # before the hardware revision. if (/(pcb serial number|hardware revision)\s+:\s+(\S+)$/i) { my($hw, $pn, $rev, $sn); if ($1 =~ /^pcb/i) { $sn = $2; } else { $hw = $2; } while () { tr/\015//d; if (/0x..: / || /^$/) { # no effing idea why break does not work there goto PerlSucks; } if (/hardware revision\s+:\s+(\S+)/i) { $hw = $1; } if (/part number\s+:\s+(\S+)/i) { $pn = $1; } if (/board revision\s+:\s+(\S+)/i) { $rev = $1; } if (/pcb serial number\s+:\s+(\S+)/i) { $sn = $1; } } PerlSucks: ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: hvers $hw rev $rev\n"); ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: part $pn, serial $sn\n"); } /revision\s+(\S+).*revision\s+(\S+)/ && ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: hvers $1 rev $2\n") && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ProcessHistory("SLOT","keysort","D","!Slot $slot$WIC: part $2, serial $1\n") && next; } ProcessHistory("SLOT","","","!\n"); return(0); } # This routine parses "show inventory". sub ShowInventory { print STDERR " In ShowInventory: $_" if ($debug); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^(NAME: "[^"]*",) (DESCR: "[^"]+")/) { ProcessHistory("INVENTORY","","", sprintf("!%-30s %s\n", $1, $2)); next; } # split PID/VID/SN line if (/^PID: (\S*)\s*, VID: (\S*)\s*, SN: (\S*)\s*$/) { my($entries) = ""; $entries .= "!PID: $1\n" if ($1); $entries .= "!VID: $2\n" if ($2); $entries .= "!SN: $3\n" if ($3); ProcessHistory("INVENTORY","","", "$entries"); next; } ProcessHistory("INVENTORY","","","!$_"); } ProcessHistory("INVENTORY","","","!\n"); return(0); } # This routine parses "show module". #sub ShowModule { # print STDERR " In ShowModule: $_" if ($debug); # # my(@lines); # my($slot, $pa); # # while () { # tr/\015//d; # return if (/^\s*\^$/); # last if (/online diag status/i); # last if (/^$prompt/); # next if (/^(\s*|\s*$cmd\s*)$/); # return(-1) if (/command authorization failed/i); # # the pager can not be disabled per-session on the PIX # if (/^(<-+ More -+>)/) { # my($len) = length($1); # s/^$1\s{$len}//; # } # # # match slot/card info line # if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) { # $lines[$1 * 1000] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; # $lines[$1 * 1000] =~ s/\s+,/,/g; # next; # } # # now match the Revs in the second paragraph of o/p and stick it in # # the array with the previous bits...grumble. # if (/^ *(\d+)\s+\S+\s+to\s+\S+\s+(\S+)\s+(\S*)\s+(\S+)(\s+\S+)?\s*$/) { # $lines[$1 * 1000] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; # $lines[$1 * 1000] =~ s/\s+,/,/g; # next; # } # # grab the sub-modules, if any # if (/^\s+(\d+)\s(.*)\s+(\S+)\s+(\S+)\s+(\S+)\s+\S+\s*$/) { # my($idx); # $pa = 0 if ($1 != $slot); # $slot = $1; # $idx = $1 * 1000 + $1 * 10 + $pa; # $lines[$idx] .= "!Slot $1/$pa: type $2\n"; # $lines[$idx] .= "!Slot $slot/$pa: part $3, serial $4\n"; # $lines[$idx] .= "!Slot $slot/$pa: hvers $5\n"; # $pa++; # } # } # foreach $slot (@lines) { # next if ($slot =~ /^\s*$/); # ProcessHistory("Module","","","$slot!\n"); # } # # return(0); #} # This routine parses "show spe version". sub ShowSpeVersion { print STDERR " In ShowSpeVersion: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); ProcessHistory("MODEM","","","!Modem: $_") && next; } ProcessHistory("MODEM","","","!\n"); return(0); } # This routine parses "show c7200" for the 7200 # This will create arrays for hw info. sub ShowC7200 { # Skip if this is not a 7200. print STDERR " In ShowC7200: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^72/); return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^(C7200 )?Midplane EEPROM:/) { $_ = ; /revision\s+(\S+).*revision\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: hvers $1 rev $2\n"); $_ = ; /number\s+(\S+)\s+Part number\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: part $2, serial $1\n!\n"); next; } if (/C720\d(VXR)? CPU EEPROM:/) { my ($hvers,$rev,$part,$serial); # npe400s report their cpu eeprom info differently w/ 12.0.21S while () { /Hardware Revision\s+: (\S+)/ && ($hvers = $1) && next; /Board Revision\s+: (\S+)/ && ($rev = $1) && next; /Part Number\s+: (\S+)/ && ($part = $1) && next; /Serial Number\s+: (\S+)/ && ($serial = $1) && next; /revision\s+(\S+).*revision\s+(\S+)/ && ($hvers = $1, $rev = $2) && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ($serial = $1, $part = $2) && next; /^\s*$/ && last; } ProcessHistory("SLOT","","","!Slot CPU: hvers $hvers rev $rev\n"); ProcessHistory("SLOT","","","!Slot CPU: part $part, serial $serial\n!\n"); next; } } return(0); } # This routine parses "show vtp status" sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); ($_=,return(1)) if (!$DO_SHOW_VLAN); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /Ambiguous command/i; # newer releases (~12.1(9)) place the vlan config in the normal # configuration (write term). return(1) if ($type =~ /^(3550|4500|7600)$/); #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } ProcessHistory("COMMENTS","keysort","IO","!\n"); return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); my($lineauto,$comment,$linecnt) = (0,0,0); while () { tr/\015//d; last if (/^$prompt/); return(1) if /Line has invalid autocommand /; return(1) if (/(Invalid input detected|Type help or )/i); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked return(0) if ($found_end); # Only do this routine once $linecnt++; $lineauto = 0 if (/^[^ ]/); # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { next if (/^Current configuration\s*:/i); next if (/^:/); next if (/^([%!].*|\s*)$/); next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S last; } if (defined($config_register)) { ProcessHistory("","","","!\nconfig-register $config_register\n"); } tr/\015//d; } # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. if (/^!/) { next if ($comment); ProcessHistory("","","",$_); $comment++; next; } $comment = 0; # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines $lineauto = 1 if /^ modem auto/; /^ speed / && $lineauto && next; # kill speed on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable )?(password|passwd)( level \d+)? / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2$3 \n"); next; } if (/^(enable secret) / && $filter_pwds >= 2) { ProcessHistory("ENABLE","","","!$1 \n"); next; } if (/^username (\S+)(\s.*)? secret /) { if ($filter_pwds >= 2) { ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds >= 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } elsif ($filter_pwds >= 1 && $4 ne "5"){ ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } # cisco AP w/ IOS if (/^(wlccp \S+ username (\S+)(\s.*)? password) (\d \S+|\S+)/) { if ($filter_pwds >= 1) { ProcessHistory("USER","keysort","$2","!$1 \n"); } else { ProcessHistory("USER","keysort","$2","$_"); } next; } if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^( set session-key (in|out)bound esp \d+ (authenticator|cypher) )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^(\s*)password / && $filter_pwds >= 1) { ProcessHistory("LINE-PASS","","","!$1password \n"); next; } if (/^(\s*)secret / && $filter_pwds >= 2) { ProcessHistory("LINE-PASS","","","!$1secret \n"); next; } if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { ProcessHistory("","","","! neighbor $1 password \n"); next; } if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^(ip ftp password) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # isis passwords appear to be completely plain-text if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!isis password $2\n"); next; } if (/^\s+(domain-password|area-password) (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $3\n"); next; } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this is also reversable, despite 'md5 encrypted' in the cmd if (/^( message-digest-key \d+ md5 (7|encrypted)) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } # filter HSRP passwords if (/^(\s+standby \d+ authentication) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this appears in "measurement/sla" images if (/^(\s+key-string \d?)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( l2tp tunnel \S+ password)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # i am told these are plain-text on the PIX if (/^(vpdn username (\S+) password)/) { if ($filter_pwds >= 1) { ProcessHistory("USER","keysort","$2","!$1 \n"); } else { ProcessHistory("USER","keysort","$2","$_"); } next; } if (/^( cable shared-secret )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } /fair-queue individual-limit/ && next; # sort ip explicit-paths. if (/^ip explicit-path name (\S+)/) { my($key) = $1; my($expath) = $_; while () { tr/\015//d; last if (/^$prompt/); last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); if (/^ip explicit-path name (\S+)/) { ProcessHistory("EXPATH","keysort","$key","$expath"); $key = $1; $expath = $_; } else { $expath .= $_; } } ProcessHistory("EXPATH","keysort","$key","$expath"); } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; # order arp lists /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && ProcessHistory("ARP","ipsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # order logging statements /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order/prune snmp-server host statements # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if (defined($ENV{'NOCOMMSTR'})) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); if ($token eq '3') { $line .= " " . join(' ', ($token, shift(@tokens))); } } elsif ($token eq 'vrf') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = "!$line " . join(' ', ("", join(' ', at tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } if (/^(snmp-server community) (\S+)/) { if (defined($ENV{'NOCOMMSTR'})) { ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # prune tacacs/radius server keys if (/^((tacacs-server|radius-server)\s(\w*[-\s(\s\S+])*\s?key) \d \w+/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } # order clns host statements /^clns host \S+ (\S+)/ && ProcessHistory("CLNS","keysort","$1","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password - this md5 is a reversable too if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host statements /^ip host (\S+) / && ProcessHistory("IPHOST","keysort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order atm map-list statements /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # system controller /^syscon address (\S*) (\S*)/ && ProcessHistory("","","","!syscon address $1 \n") && next; if (/^syscon password (\S*)/ && $filter_pwds >= 1) { ProcessHistory("","","","!syscon password \n"); next; } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. the ": " game is for the PIX if (/^(: +)?end$/) { $found_end = 1; return(1); } } # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE and we have seen at least 5 lines of write term # o/p, we can be reasonably sure that we got the config. if ($type =~ /^CE$/ && $linecnt > 5) { $found_end = 1; return(1); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main @commandtable = ( # {'show hardware info' => 'ShowHw'}, {'show configuration status' => 'ShowCfgstat'}, {'show chassis' => 'ShowChassis'}, {'show module' => 'ShowModule'}, {'show microcode' => 'ShowMicrocode'}, {'show configuration snapshot all' => 'ShowConfig'}, # {'admin show version' => 'ShowVersion'}, # {'show version' => 'ShowVersion'}, # {'show redundancy secondary' => 'ShowRedundancy'}, # {'show idprom backplane', => 'ShowIDprom'}, # {'show install active' => 'ShowInstallActive'}, # {'admin show env all' => 'ShowEnv'}, # {'show env all' => 'ShowEnv'}, # {'show rsp chassis-info', => 'ShowRSP'}, # {'show gsr chassis' => 'ShowGSR'}, # {'show diag chassis-info' => 'ShowGSR'}, # {'show boot' => 'ShowBoot'}, # {'show bootvar' => 'ShowBoot'}, # {'admin show variables boot' => 'ShowBoot'}, # {'show variables boot' => 'ShowBoot'}, # {'show flash' => 'ShowFlash'}, # {'dir /all nvram:' => 'DirSlotN'}, # {'dir /all bootflash:' => 'DirSlotN'}, # {'dir /all slot0:' => 'DirSlotN'}, # {'dir /all disk0:' => 'DirSlotN'}, # {'dir /all slot1:' => 'DirSlotN'}, # {'dir /all disk1:' => 'DirSlotN'}, # {'dir /all slot2:' => 'DirSlotN'}, # {'dir /all disk2:' => 'DirSlotN'}, # {'dir /all harddisk:' => 'DirSlotN'}, # {'dir /all harddiska:' => 'DirSlotN'}, # {'dir /all harddiskb:' => 'DirSlotN'}, # {'dir /all sup-bootflash:' => 'DirSlotN'}, # cat 6500-ios # {'dir /all sup-microcode:' => 'DirSlotN'}, # cat 6500-ios # {'dir /all slavenvram:' => 'DirSlotN'}, # {'dir /all slavebootflash:' => 'DirSlotN'}, # {'dir /all slaveslot0:' => 'DirSlotN'}, # {'dir /all slavedisk0:' => 'DirSlotN'}, # {'dir /all slaveslot1:' => 'DirSlotN'}, # {'dir /all slavedisk1:' => 'DirSlotN'}, # {'dir /all slaveslot2:' => 'DirSlotN'}, # {'dir /all slavedisk2:' => 'DirSlotN'}, # {'dir /all slavesup-bootflash:' => 'DirSlotN'}, # cat 7609 # {'dir /all sec-nvram:' => 'DirSlotN'}, # {'dir /all sec-bootflash:' => 'DirSlotN'}, # {'dir /all sec-slot0:' => 'DirSlotN'}, # {'dir /all sec-disk0:' => 'DirSlotN'}, # {'dir /all sec-slot1:' => 'DirSlotN'}, # {'dir /all sec-disk1:' => 'DirSlotN'}, # {'dir /all sec-slot2:' => 'DirSlotN'}, # {'dir /all sec-disk2:' => 'DirSlotN'}, # {'show controllers' => 'ShowContAll'}, # {'show controllers cbus' => 'ShowContCbus'}, # {'show diagbus' => 'ShowDiagbus'}, # {'admin show diag' => 'ShowDiag'}, # {'show diag' => 'ShowDiag'}, # {'show module' => 'ShowModule'}, # cat 6500-ios # {'show spe version' => 'ShowSpeVersion'}, # {'show c7200' => 'ShowC7200'}, # {'show inventory raw' => 'ShowInventory'}, # {'show vtp status' => 'ShowVTP'}, # {'show vlan' => 'ShowVLAN'}, # {'show vlan-switch' => 'ShowVLAN'}, # {'show debug' => 'ShowDebug'}, # {'show running-config' => 'WriteTerm'}, # {'write term' => 'WriteTerm'}, ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $cisco_cmds=join(";", at commands); $cmds_regexp=join("|", at commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing ologin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing ologin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "ologin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "ologin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "ologin failed for $host: $!\n"; } else { open(INPUT,"ologin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/^Error:/) { print STDOUT ("$host ologin error: $_"); print STDERR ("$host ologin error: $_") if ($debug); $clean_run=0; last; } while (/->\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { # $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt = ($_ =~ /^([^>]+->)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } if (/([>#]\s?exit|->exit|Connection\ closed\ by\ CliShell)$/) { $clean_run=1; last; } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } print STDERR "clean $clean_run end $found_end\n"; if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } From jcdarby at usgs.gov Mon Jul 21 20:15:26 2008 From: jcdarby at usgs.gov (Justin C. Darby) Date: Mon, 21 Jul 2008 15:15:26 -0500 Subject: [rancid] Nexus 7000 & RANCID Message-ID: <4884EE5E.6030401@usgs.gov> Hello, I recently hacked up a copy (more like I gutted and started over, but I digress..) of the 'rancid' script to work with NX-OS 4.0. This works, but I was wondering if anyone had any desire to come up with a clean way to do this, as I'd be happy to help with the effort (right now I use the entire output of 'show inventory' and 'show version' without doing anything but removing lines that change frequently, like timestamps). The normal 'rancid' script chokes just trying to process the configuration ('write term' is an invalid command, changing to to 'show running-config' in rancid half works, but..). Passwords and the like are also stored in a different format for everything from SNMP v3 to local AAA, etc. I did something similar to work with Cisco AIP-SSM-20's, which run some Linux-based "Cisco Intrusion Prevention System" OS. Same offer applies here. :) Thanks, Justin C. Darby (jcdarby at usgs.gov) IT Specialist - Middleton Data Center WRD Wisconsin Water Science Center From jeremy.guthrie at berbee.com Wed Jul 23 21:30:52 2008 From: jeremy.guthrie at berbee.com (Jeremy M. Guthrie) Date: Wed, 23 Jul 2008 16:30:52 -0500 Subject: [rancid] Re: Nexus 7000 & RANCID In-Reply-To: <4884EE5E.6030401@usgs.gov> References: <4884EE5E.6030401@usgs.gov> Message-ID: <200807231630.54681.jeremy.guthrie@berbee.com> I have attached the latest version of the ciscoips/ipslogin scripts which work with Cisco IPS V6.0 and should work with any Cisco platform IPS(AIM/SSM/NM/etc). I redid the ipslogin off of the hitachi login script. The wlogin and ciscowlc were written by a co-worker of mine: Josh Yost. What do people need to get these included with Rancid? On Monday 21 July 2008, Justin C. Darby wrote: > Hello, > > I recently hacked up a copy (more like I gutted and started over, but I > digress..) of the 'rancid' script to work with NX-OS 4.0. This works, > but I was wondering if anyone had any desire to come up with a clean way > to do this, as I'd be happy to help with the effort (right now I use the > entire output of 'show inventory' and 'show version' without doing > anything but removing lines that change frequently, like timestamps). > > The normal 'rancid' script chokes just trying to process the > configuration ('write term' is an invalid command, changing to to 'show > running-config' in rancid half works, but..). Passwords and the like are > also stored in a different format for everything from SNMP v3 to local > AAA, etc. > > I did something similar to work with Cisco AIP-SSM-20's, which run some > Linux-based "Cisco Intrusion Prevention System" OS. Same offer applies > here. :) > > Thanks, > Justin C. Darby (jcdarby at usgs.gov) > IT Specialist - Middleton Data Center > WRD Wisconsin Water Science Center > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie at cdw.com Hosting and Managed Services Cisco Managed Security Services Technical Architect Phone: 608-298-1061 CDW Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711 Email address notice: A year and a half ago Berbee became part of CDW. We continue to strive to provide outstanding service to our customers and bring you the benefits of the combined organization. You may have noticed that my email domain has changed from @berbee.com to @cdw.com. Please update your address book and begin using my new address at your earliest convenience. Emails sent to the @berbee.com domain will continue to route to me. Thank you. -------------- next part -------------- #! /usr/bin/expect -- ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # ipslogin created using htlogin # # This script was made by Jeremy Guthrie of CDW Inc. # # Usage line set usage "Usage: $argv0 \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-x command-file\] \[-y ssh_cypher_type\] router \[router...\]\n" set env(TERM) vt100 # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "Error: invalid format for -E in $arg\n" exit 1 } # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script sshcmd global u_prompt p_prompt set in_proc 1 set uprompt_seen 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { send_error "\nError: unsupported method: telnet\n" if { $progs == 0 } { return 1 } continue } elseif ![string compare $prog "ssh"] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } expect { "Password:" { send "$userpswd\n" ; break ; } "Connection refused" { close; wait sleep 0.3 expect eof send_user "\nError: Connection Refused\n"; wait; return 1 } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Unknown host\r\n" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { expect eof send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } -re "$p_prompt" { sleep 1 send "$passwd\r" exp_continue } "Password incorrect" { send_user "\nError: Check your password for $router\n"; catch {close}; wait; return 1 } -re "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "\r\n" { exp_continue; } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "term length 0\r" #expect "$prompt"; #add random delay sleep 0.3 regsub -all {[)(]} $prompt {\\&} reprompt regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[lindex $commands $i]\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r *]*$reprompt" {} -re "Apply Changes\?" { send "yes\n"; } -re "\[\n\r]" { exp_continue } } } send "\r"; expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } } else { send "$command\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r *]*$reprompt" {} -re "Apply Changes\?" { send "yes\n"; } -re "\[\n\r]" { exp_continue } } } send "exit\r" expect { "\n" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. set prompt "command: " set autoenable 1 set enable 0 # Figure out passwords if { $do_passwd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "Error: no password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login| Login):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "Password: " } else { set p_prompt [join [lindex $p_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} { continue } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+#" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscoips Type: application/x-perl Size: 10465 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/87a37196/attachment.bin -------------- next part -------------- #! /usr/bin/expect -- ## ## $Id: clogin.in,v 1.94 2006/04/28 15:37:40 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # The login expect scripts were based on Erik Sherk's gwtn, by permission. # # wlogin - Cisco Wireless Lan Controller login # # Modified from clogin for use with WLCs 4/17/2008 - Josh Yost # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { global command if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } set commands [split $command \;] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [ catch {spawn rsh $user@$router [lindex $commands $i] } reason ] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; wait; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; wait; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; wait; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; wait send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; wait } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# logout\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable: $router\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" return 1 } "Press any key to continue." { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue; } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send "$userpswd\r" exp_continue } -re "$u_prompt" { send "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send "$userpswd\r" } else { send "$passwd\r" } exp_continue } -re "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; wait; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc platform set in_proc 1 # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". # skip if its an extreme (since the pager can not be disabled on a # per-vty basis). if { [ string compare "extreme" "$platform" ] } { if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" # This is ugly, but reduces code duplication, allowing the # subsequent expects to handle everything as normal. set command "set logging session disable;$command" } else { send "term length 0\r" } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } } else { regsub -all "\[)(]" $prompt {\\&} reprompt } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } } else { # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. send "[subst -nocommands $command]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } log_user 1 #Send an Unconditional CTRL Z to exit out of any context the WLC prompt may be in send "\032" expect { -re "(.+)>" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send "logout\r" exp_continue; } -re "Would you like to save them .+" { send "n\r" exp_continue } -re "\[\n\r]+" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # Figure out the prompt. # autoenable is off by default. If we have it defined, it was done # on the command line. If it is not specifically set on the command # line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set autoenable 0 set enable $avenable set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { # if login failed or rsh was successful, move on to the next device continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 $prompt" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" send "set logging session disable\r" } else { send "term length 0\r" } expect -re $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscowlc Type: application/x-perl Size: 9396 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/87a37196/attachment-0001.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/87a37196/attachment-0002.bin From dale.shaw+rancid-discuss at gmail.com Thu Jul 24 17:19:26 2008 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Thu, 24 Jul 2008 10:19:26 -0700 Subject: [rancid] Problem with "add method" (Linux) Message-ID: <3329cbb40807241019v798a4563x61328a811a38475@mail.gmail.com> Hi, I'm running up rancid 2.3.2a7 on Knoppix Linux (kernel 2.6.19) and am having some trouble getting 'clogin' to try multiple access methods. I have a really simple config at the moment: add user * {testuser} add userpassword * {Passw0rd} add password * {nothing} {s3cret123} add method * {ssh} {telnet} clogin attempts to connect to devices using SSH, then, after the default 45 second timeout (in this case when attempting to connect to a device without SSH enabled), gives up completely without trying telnet. If I swap the methods around so that telnet is first (or just comment out the "add method" line), it works because the device accepts the connection. If I change the telnet port to something non-standard, it tries telnet on the non-standard port but never tries SSH. It seems basic enough that I figure I must be doing something really dumb. Any clues? cheers, Dale From heas at shrubbery.net Thu Jul 24 20:19:58 2008 From: heas at shrubbery.net (john heasley) Date: Thu, 24 Jul 2008 20:19:58 +0000 Subject: [rancid] Re: Problem with "add method" (Linux) In-Reply-To: <3329cbb40807241019v798a4563x61328a811a38475@mail.gmail.com> References: <3329cbb40807241019v798a4563x61328a811a38475@mail.gmail.com> Message-ID: <20080724201957.GS27066@shrubbery.net> Thu, Jul 24, 2008 at 10:19:26AM -0700, Dale Shaw: > Hi, > > I'm running up rancid 2.3.2a7 on Knoppix Linux (kernel 2.6.19) and am > having some trouble getting 'clogin' to try multiple access methods. > > I have a really simple config at the moment: > > add user * {testuser} > add userpassword * {Passw0rd} > add password * {nothing} {s3cret123} > add method * {ssh} {telnet} > > clogin attempts to connect to devices using SSH, then, after the > default 45 second timeout (in this case when attempting to connect to > a device without SSH enabled), gives up completely without trying > telnet. If I swap the methods around so that telnet is first (or just > comment out the "add method" line), it works because the device > accepts the connection. If I change the telnet port to something > non-standard, it tries telnet on the non-standard port but never tries > SSH. > > It seems basic enough that I figure I must be doing something really dumb. > > Any clues? you're box is filtering; ie: if theres no ssh listening you'd normally get a fail response and no 45sec timeout. this looks to clogin as if the device is unreachable, instead of ssh not answering. From dale.shaw+rancid-discuss at gmail.com Thu Jul 24 21:52:19 2008 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Thu, 24 Jul 2008 14:52:19 -0700 Subject: [rancid] Re: Problem with "add method" (Linux) In-Reply-To: <20080724201957.GS27066@shrubbery.net> References: <3329cbb40807241019v798a4563x61328a811a38475@mail.gmail.com> <20080724201957.GS27066@shrubbery.net> Message-ID: <3329cbb40807241452l404e2613yb6ea0099dcdfd4b5@mail.gmail.com> Thanks John, you pointed me in the right direction. I neglected to mention that the box is virtual, and I was using the 'NAT' network interface for communicating via the host OS. Obviously ICMP unreachables aren't handled by VMware Server (although echo request/reply is). I changed the VM to 'Bridged', jiggled some guest OS settings, and voila! It all started happening. cheers, Dale On Thu, Jul 24, 2008 at 1:19 PM, john heasley wrote: > Thu, Jul 24, 2008 at 10:19:26AM -0700, Dale Shaw: >> Hi, >> >> I'm running up rancid 2.3.2a7 on Knoppix Linux (kernel 2.6.19) and am >> having some trouble getting 'clogin' to try multiple access methods. >> >> I have a really simple config at the moment: >> >> add user * {testuser} >> add userpassword * {Passw0rd} >> add password * {nothing} {s3cret123} >> add method * {ssh} {telnet} >> >> clogin attempts to connect to devices using SSH, then, after the >> default 45 second timeout (in this case when attempting to connect to >> a device without SSH enabled), gives up completely without trying >> telnet. If I swap the methods around so that telnet is first (or just >> comment out the "add method" line), it works because the device >> accepts the connection. If I change the telnet port to something >> non-standard, it tries telnet on the non-standard port but never tries >> SSH. >> >> It seems basic enough that I figure I must be doing something really dumb. >> >> Any clues? > > you're box is filtering; ie: if theres no ssh listening you'd normally > get a fail response and no 45sec timeout. this looks to clogin as if > the device is unreachable, instead of ssh not answering. > From laichenkang at gmail.com Fri Jul 25 02:25:44 2008 From: laichenkang at gmail.com (Lai Chen Kang) Date: Fri, 25 Jul 2008 10:25:44 +0800 Subject: [rancid] How do I add additional commands like "show cdp neighbours" In-Reply-To: <4889090A.5080202@gmail.com> References: <48889D4B.4050500@transmarket.com.sg> <4889090A.5080202@gmail.com> Message-ID: <488939A8.2030209@gmail.com> Which file should I modify and where? I think its in rancid but not sure where. From bostjanfe at hotmail.com Fri Jul 25 05:32:24 2008 From: bostjanfe at hotmail.com (Bostjan Fele) Date: Fri, 25 Jul 2008 07:32:24 +0200 Subject: [rancid] default prompt Message-ID: Hi, is it possible to get around requirement of expecting prompt to be ">" without changing prompts on device? TIA, Bostjan _________________________________________________________________ Connect to the next generation of MSN Messenger? http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080725/454dd159/attachment.html From gabbawp at gmail.com Fri Jul 25 07:15:26 2008 From: gabbawp at gmail.com (Gareth Hopkins) Date: Fri, 25 Jul 2008 09:15:26 +0200 Subject: [rancid] Re: default prompt In-Reply-To: References: Message-ID: <9a0178110807250015o100b180es7576621e17acde0c@mail.gmail.com> Hi, Have a look for add userprompt and add enableprompt in http://www.shrubbery.net/rancid/man/cloginrc.5.html Cheers, Gabba 2008/7/25 Bostjan Fele > Hi, > > is it possible to get around requirement of expecting prompt to be ">" > without changing prompts on device? > > TIA, > Bostjan > > ------------------------------ > Connect to the next generation of MSN Messenger Get it now! > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080725/77de2fb0/attachment.html From jeremy.guthrie at cdw.com Wed Jul 23 15:31:11 2008 From: jeremy.guthrie at cdw.com (Jeremy M. Guthrie) Date: Wed, 23 Jul 2008 10:31:11 -0500 Subject: [rancid] Re: Nexus 7000 & RANCID In-Reply-To: <4884EE5E.6030401@usgs.gov> References: <4884EE5E.6030401@usgs.gov> Message-ID: <200807231031.13628.jeremy.guthrie@cdw.com> I have attached the latest version of the ciscoips/ipslogin scripts which work with Cisco IPS V6.0 and should work with any platform IPS. I redid the ipslogin off of the hitachi login script. The wlogin and ciscowlc were written by a co-worker of mine: Josh Yost. What do people need to get these included with Rancid? On Monday 21 July 2008, Justin C. Darby wrote: > Hello, > > I recently hacked up a copy (more like I gutted and started over, but I > digress..) of the 'rancid' script to work with NX-OS 4.0. This works, > but I was wondering if anyone had any desire to come up with a clean way > to do this, as I'd be happy to help with the effort (right now I use the > entire output of 'show inventory' and 'show version' without doing > anything but removing lines that change frequently, like timestamps). > > The normal 'rancid' script chokes just trying to process the > configuration ('write term' is an invalid command, changing to to 'show > running-config' in rancid half works, but..). Passwords and the like are > also stored in a different format for everything from SNMP v3 to local > AAA, etc. > > I did something similar to work with Cisco AIP-SSM-20's, which run some > Linux-based "Cisco Intrusion Prevention System" OS. Same offer applies > here. :) > > Thanks, > Justin C. Darby (jcdarby at usgs.gov) > IT Specialist - Middleton Data Center > WRD Wisconsin Water Science Center > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- -------------------------------------------------- Jeremy M. Guthrie jeremy.guthrie at cdw.com Hosting and Managed Services Cisco Managed Security Services Technical Architect Phone: 608-298-1061 CDW Berbee Fax: 608-288-3007 5520 Research Park Drive NOC: 608-298-1102 Madison, WI 53711 Email address notice: A year and a half ago Berbee became part of CDW. We continue to strive to provide outstanding service to our customers and bring you the benefits of the combined organization. You may have noticed that my email domain has changed from @berbee.com to @cdw.com. Please update your address book and begin using my new address at your earliest convenience. Emails sent to the @berbee.com domain will continue to route to me. Thank you. -------------- next part -------------- #! /usr/bin/expect -- ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # ipslogin created using htlogin # # This script was made by Jeremy Guthrie of CDW Inc. # # Usage line set usage "Usage: $argv0 \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-x command-file\] \[-y ssh_cypher_type\] router \[router...\]\n" set env(TERM) vt100 # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "Error: invalid format for -E in $arg\n" exit 1 } # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script sshcmd global u_prompt p_prompt set in_proc 1 set uprompt_seen 1 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { send_error "\nError: unsupported method: telnet\n" if { $progs == 0 } { return 1 } continue } elseif ![string compare $prog "ssh"] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } expect { "Password:" { send "$userpswd\n" ; break ; } "Connection refused" { close; wait sleep 0.3 expect eof send_user "\nError: Connection Refused\n"; wait; return 1 } eof { send_user "\nError: Couldn't login\n"; wait; return 1 } "Unknown host\r\n" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } "Host is unreachable" { expect eof send_user "\nError: Host Unreachable!\n"; wait; return 1 } "No address associated with name" { expect eof send_user "\nError: Unknown host\n"; wait; return 1 } -re "$p_prompt" { sleep 1 send "$passwd\r" exp_continue } "Password incorrect" { send_user "\nError: Check your password for $router\n"; catch {close}; wait; return 1 } -re "$prompt" { break; } denied { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "\r\n" { exp_continue; } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 send "term length 0\r" #expect "$prompt"; #add random delay sleep 0.3 regsub -all {[)(]} $prompt {\\&} reprompt regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send "[lindex $commands $i]\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r *]*$reprompt" {} -re "Apply Changes\?" { send "yes\n"; } -re "\[\n\r]" { exp_continue } } } send "\r"; expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } } else { send "$command\r" expect { -re "^\[^\n\r]*$reprompt" {} -re "^\[^\n\r *]*$reprompt" {} -re "Apply Changes\?" { send "yes\n"; } -re "\[\n\r]" { exp_continue } } } send "exit\r" expect { "\n" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # Figure out prompt. set prompt "command: " set autoenable 1 set enable 0 # Figure out passwords if { $do_passwd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "Error: no password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|login| Login):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "Password: " } else { set p_prompt [join [lindex $p_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $prompt $cmethod $cyphertype]} { continue } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^.+#" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscoips Type: application/x-perl Size: 10465 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/8b0a41f2/attachment.bin -------------- next part -------------- #! /usr/bin/expect -- ## ## $Id: clogin.in,v 1.94 2006/04/28 15:37:40 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # The login expect scripts were based on Erik Sherk's gwtn, by permission. # # wlogin - Cisco Wireless Lan Controller login # # Modified from clogin for use with WLCs 4/17/2008 - Josh Yost # # Most options are intuitive for logging into a Cisco router. # The default is to enable (thus -noenable). Some folks have # setup tacacs to have a user login at priv-lvl = 15 (enabled) # so the -autoenable flag was added for this case (don't go through # the process of enabling and the prompt will be the "#" prompt. # The default username password is the same as the vty password. # # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the router set do_command 0 set do_script 0 # The default is to automatically enable set avenable 1 # The default is that you login non-enabled (tacacs can have you login already # enabled) set avautoenable 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } # Sometimes routers take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Username -u* - -U* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* - -P* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # VTY Password } -v* - -v* { if {! [ regexp .\[vV\](.+) $arg ignore passwd]} { incr i set passwd [ lindex $argv $i ] } set do_passwd 0 # Enable Username } -w* - -W* { if {! [ regexp .\[wW\](.+) $arg ignore enauser]} { incr i set enausername [ lindex $argv $i ] } # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Enable Password } -e* { if {! [ regexp .\[e\](.+) $arg ignore enapasswd]} { incr i set enapasswd [ lindex $argv $i ] } set do_enapasswd 0 # Command to run. } -c* - -C* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* - -S* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # 'ssh -c' cypher type } -y* - -Y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* - -F* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } # Timeout } -t* - -T* { if {! [ regexp .\[tT\](.+) $arg ignore timeout]} { incr i set timeout [ lindex $argv $i ] } # Command file } -x* - -X { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Do we enable? } -noenable { set avenable 0 # Does tacacs automatically enable us? } -autoenable { set avautoenable 1 set avenable 0 } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process routers...no routers listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the router. # returns: 0 on success, 1 on failure, -1 if rsh was used successfully proc login { router user userpswd passwd enapasswd cmethod cyphertype } { global spawn_id in_proc do_command do_script platform global prompt u_prompt p_prompt e_prompt sshcmd set in_proc 1 set uprompt_seen 0 # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] } else { set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { global command if { ! $do_command } { if { [llength $cmethod] == 1 } { send_user "\nError: rsh is an invalid method for -x and " send_user "interactive logins\n" } if { $progs == 0 } { return 1 } continue; } set commands [split $command \;] set num_commands [llength $commands] set rshfail 0 for {set i 0} {$i < $num_commands && !$rshfail} { incr i} { log_user 0 set retval [ catch {spawn rsh $user@$router [lindex $commands $i] } reason ] if { $retval } { send_user "\nError: rsh failed: $reason\n" log_user 1; return 1 } send_user "$router# [lindex $commands $i]\n" # rcmd does not get a pager and no prompts, so we just have to # look for failures & lines. expect { "Connection refused" { catch {close}; wait; send_user "\nError: Connection\ Refused ($prog): $router\n" set rshfail 1 } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait; send_user "\nError: Connection\ closed ($prog): $router\n" set rshfail 1 } "Host is unreachable" { catch {close}; wait; send_user "\nError: Host Unreachable:\ $router\n" set rshfail 1 } "No address associated with" { catch {close}; wait; send_user "\nError: Unknown host\ $router\n" set rshfail 1 } -re "\b+" { exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } timeout { catch {close}; wait send_user "\nError: TIMEOUT reached\n" set rshfail 1 } eof { catch {close}; wait } } log_user 1 } if { $rshfail } { if { !$progs } { return 1 } else { continue } } # fake the end of the session for rancid. send_user "$router# logout\n" # return rsh "success" return -1 } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; wait if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the router can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the router might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; wait if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; wait if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } "Host is unreachable" { catch {close}; send_user "\nError: Host Unreachable: $router\n"; wait; return 1 } "No address associated with name" { catch {close}; send_user "\nError: Unknown host $router\n"; wait; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; wait; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n" return 1 } -re "% (Bad passwords|Authentication failed)" { send_user "\nError: Check your passwd for $router\n" return 1 } "Press any key to continue." { # send_user "Pressing the ANY key\n" send "\r" exp_continue } -re "Enter Selection: " { # Catalyst 1900s have some lame menu. Enter # K to reach a command-line. send "K\r" exp_continue; } -re "@\[^\r\n]+ $p_prompt" { # ssh pwd prompt sleep 1 send "$userpswd\r" exp_continue } -re "$u_prompt" { send "$user\r" set uprompt_seen 1 exp_continue } -re "$p_prompt" { sleep 1 if {$uprompt_seen == 1} { send "$userpswd\r" } else { send "$passwd\r" } exp_continue } -re "$prompt" { break; } "Login invalid" { send_user "\nError: Invalid login: $router\n"; catch {close}; wait; return 1 } } } set in_proc 0 return 0 } # Enable proc do_enable { enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 send "enable\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} "#" { set prompt "#" } "(enable)" { set prompt "> (enable) " } -re "(denied|Sorry|Incorrect)" { # % Access denied - from local auth and poss. others send_user "\nError: Check your Enable passwd\n"; return 1 } "% Error in authentication" { send_user "\nError: Check your Enable passwd\n" return 1 } "% Bad passwords" { send_user "\nError: Check your Enable passwd\n" return 1 } } # We set the prompt variable (above) so script files don't need # to know what it is. set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc platform set in_proc 1 # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". # skip if its an extreme (since the pager can not be disabled on a # per-vty basis). if { [ string compare "extreme" "$platform" ] } { if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" # This is ugly, but reduces code duplication, allowing the # subsequent expects to handle everything as normal. set command "set logging session disable;$command" } else { send "term length 0\r" } # escape any parens in the prompt, such as "(enable)" regsub -all {[)(]} $prompt {\\&} reprompt # match cisco config mode prompts too, such as router(config-if)#, # but catalyst does not change in this fashion. regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { -re $reprompt {} -re "\[\n\r]+" { exp_continue } } } else { regsub -all "\[)(]" $prompt {\\&} reprompt } # this is the only way i see to get rid of more prompts in o/p..grrrrr log_user 0 # Is this a multi-command? if [ string match "*\;*" "$command" ] { set commands [split $command \;] set num_commands [llength $commands] # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. for {set i 0} {$i < $num_commands} { incr i} { send "[subst -nocommands [lindex $commands $i]]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } } else { # the pager can not be turned off on the PIX, so we have to look # for the "More" prompt. the extreme is equally obnoxious, with a # global switch in the config. send "[subst -nocommands $command]\r" expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprompt." { send_user -- "$expect_out(buffer)" exp_continue } -re "^--More--\r\n" { # specific match c1900 pager send " " exp_continue } -re "\[\n\r]+" { send_user -- "$expect_out(buffer)" exp_continue } -re "\[^\r\n]*Press to cont\[^\r\n]*" { send " " # bloody ^[[2K after " " expect { -re "^\[^\r\n]*\r" {} } exp_continue } -re "^ *--More--\[^\n\r]*" { send " " exp_continue } -re "^<-+ More -+>\[^\n\r]*" { send_user -- "$expect_out(buffer)" send " " exp_continue } } } log_user 1 #Send an Unconditional CTRL Z to exit out of any context the WLC prompt may be in send "\032" expect { -re "(.+)>" { # the Cisco CE and Jnx ERX # return to non-enabled mode # on exit in enabled mode. send "logout\r" exp_continue; } -re "Would you like to save them .+" { send "n\r" exp_continue } -re "\[\n\r]+" { exp_continue } timeout { return 0 } eof { return 0 } } set in_proc 0 } # # For each router... (this is main loop) # source_password_file $password_file set in_proc 0 foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user -- "$router\n" # Figure out the prompt. # autoenable is off by default. If we have it defined, it was done # on the command line. If it is not specifically set on the command # line, check the password file. if $avautoenable { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set ae [find autoenable $router] if { "$ae" == "1" } { set autoenable 1 set enable 0 set prompt "(#| \\(enable\\))" } else { set autoenable 0 set enable $avenable set prompt ">" } } # look for noenable option in .cloginrc if { [find noenable $router] != "" } { set enable 0 } # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user -- "\nError: no password for $router in $password_file.\n" continue } if { $enable && $do_enapasswd && $autoenable == 0 && [llength $pswd] < 2 } { send_user -- "\nError: no enable password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out enable username if {[info exists enausername]} { # command line enausername set enauser $enausername } else { set enauser [join [find enauser $router] ""] if { "$enauser" == "" } { set enauser $ruser } } # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { set u_prompt "(Username|Login|login|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } set p_prompt [find passprompt $router] if { "$p_prompt" == "" } { set p_prompt "(\[Pp]assword|passwd):" } else { set p_prompt [join [lindex $p_prompt 0] ""] } set e_prompt [find enableprompt $router] if { "$e_prompt" == "" } { set e_prompt "\[Pp]assword:" } else { set e_prompt [join [lindex $e_prompt 0] ""] } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $cmethod $cyphertype]} { # if login failed or rsh was successful, move on to the next device continue } if { $enable } { if {[do_enable $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue } } } # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+\[:.])1 $prompt" { # stoopid extreme cmd-line numbers and # prompt based on state of config changes, # which may have an * at the beginning. set junk $expect_out(1,string) regsub -all "^\\\* " $expect_out(1,string) {} junk set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; set platform "extreme" } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } if { $do_command } { if {[run_commands $prompt $command]} { continue } } elseif { $do_script } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" send "set logging session disable\r" } else { send "term length 0\r" } expect -re $prompt {} source $sfile close } else { label $router log_user 1 interact } # End of for each router wait sleep 0.3 } exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: ciscowlc Type: application/x-perl Size: 9396 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/8b0a41f2/attachment-0001.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080723/8b0a41f2/attachment-0002.bin From laichenkang at transmarket.com.sg Thu Jul 24 15:18:35 2008 From: laichenkang at transmarket.com.sg (Lai Chen Kang) Date: Thu, 24 Jul 2008 23:18:35 +0800 Subject: [rancid] How do I add additional commands like "show cdp neighbours" Message-ID: <48889D4B.4050500@transmarket.com.sg> Which file should I modify and where? I think its in rancid but not sure where. From asmirnoff at gldn.net Fri Jul 25 06:27:42 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Fri, 25 Jul 2008 10:27:42 +0400 Subject: [rancid] clogin password Message-ID: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> Hello! I have a lot of cisco devices, and RANCID collect configurations from them. I use this clogin configuration: #all routers add user * user add password * password enablepassword But some devices not ask Username - only password. How I can setup clogin , for trying directly password, then router not ask username, without selecting all this routers int .cloginrc? -- Regards, Alexandr Smirnov -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080725/0a58463d/attachment.html From rancid at gheek.net Fri Jul 25 16:36:22 2008 From: rancid at gheek.net (Lance Vermilion) Date: Fri, 25 Jul 2008 09:36:22 -0700 Subject: [rancid] Re: How do I add additional commands like "show cdp neighbours" In-Reply-To: <488939A8.2030209@gmail.com> References: <48889D4B.4050500@transmarket.com.sg> <4889090A.5080202@gmail.com> <488939A8.2030209@gmail.com> Message-ID: <8423e7bb0807250936o72d3cd2boe6aef0fd683d52b@mail.gmail.com> Lai, It is normally found in the files called rancid. The login files are the expect piece. Look for # Main @commandtable = ( that will be where the commands are kept. If you want to do something special with the output you will need to create your own parsing using a new sub. you can also use another sub that already exists...although no the best practice. -Lance On Thu, Jul 24, 2008 at 7:25 PM, Lai Chen Kang wrote: > Which file should I modify and where? > > I think its in rancid but not sure where. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080725/bd1844f0/attachment.html From heas at shrubbery.net Fri Jul 25 17:27:02 2008 From: heas at shrubbery.net (john heasley) Date: Fri, 25 Jul 2008 17:27:02 +0000 Subject: [rancid] Re: clogin password In-Reply-To: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> Message-ID: <20080725172702.GA12369@shrubbery.net> Fri, Jul 25, 2008 at 10:27:42AM +0400, Smirnoff Alexander: > Hello! > > > > I have a lot of cisco devices, and RANCID collect configurations from > them. I use this clogin configuration: > > > > #all routers > > add user * user > > add password * password enablepassword > > > > But some devices not ask Username - only password. How I can setup > clogin , for trying directly password, If the passwords are the same, then this should work. if it doesn't ask for a username, one simply won't be given. > then router not ask username, without selecting all this routers int > .cloginrc? i don't understand that last bit. From bostjanfe at hotmail.com Sat Jul 26 20:13:48 2008 From: bostjanfe at hotmail.com (Bostjan Fele) Date: Sat, 26 Jul 2008 22:13:48 +0200 Subject: [rancid] Re: default prompt In-Reply-To: <9a0178110807250015o100b180es7576621e17acde0c@mail.gmail.com> References: <9a0178110807250015o100b180es7576621e17acde0c@mail.gmail.com> Message-ID: Thanks foe replies but it looks like I didn't present my problem in a right way. I am trying to clogin (via ssh) into a Unix box. I get passed authentication phase but after I get inside default prompt is "username at hostname%". Controls are not release from clogin script since I belive it is waiting for ">" sign for user/exec level. I am looking for a way to overcome this. B. Date: Fri, 25 Jul 2008 09:15:26 +0200From: gabbawp at gmail.comTo: bostjanfe at hotmail.comSubject: Re: [rancid] default promptCC: rancid-discuss at shrubbery.net Hi, Have a look for add userprompt and add enableprompt in http://www.shrubbery.net/rancid/man/cloginrc.5.htmlCheers, Gabba 2008/7/25 Bostjan Fele Hi, is it possible to get around requirement of expecting prompt to be ">" without changing prompts on device? TIA,Bostjan Connect to the next generation of MSN Messenger Get it now! _______________________________________________Rancid-discuss mailing listRancid-discuss at shrubbery.nethttp://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _________________________________________________________________ News, entertainment and everything you care about at Live.com. Get it now! http://www.live.com/getstarted.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20080726/3b1cae60/attachment.html From asmirnoff at gldn.net Tue Jul 29 07:07:27 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Tue, 29 Jul 2008 11:07:27 +0400 Subject: [rancid] Re: clogin password In-Reply-To: <20080725172702.GA12369@shrubbery.net> References: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> <20080725172702.GA12369@shrubbery.net> Message-ID: <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> I try to explain more. For example I have 3 cisco routers. All have same password and username, but one router ask only password. Now I use this .clorginrc: #all routers add user * user add password * password enablepassword And RANCID can login only to 2 cisco's what ask username, third cisco ask only password, and RANCID can't login. What I need to change in .cloginrc for login to third Cisco? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, July 25, 2008 9:27 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] clogin password Fri, Jul 25, 2008 at 10:27:42AM +0400, Smirnoff Alexander: > Hello! > > > > I have a lot of cisco devices, and RANCID collect configurations from > them. I use this clogin configuration: > > > > #all routers > > add user * user > > add password * password enablepassword > > > > But some devices not ask Username - only password. How I can setup > clogin , for trying directly password, If the passwords are the same, then this should work. if it doesn't ask for a username, one simply won't be given. > then router not ask username, without selecting all this routers int > .cloginrc? i don't understand that last bit. From SMartin at sourceinterlink.com Tue Jul 29 14:31:47 2008 From: SMartin at sourceinterlink.com (Martin, Seth) Date: Tue, 29 Jul 2008 10:31:47 -0400 Subject: [rancid] Re: clogin password In-Reply-To: <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> Message-ID: <79B77295FBC9F247A32A6C98B67B1E1401744659@srv-1exch01.sourceinterlink.com> You need to configure your line statements to use login local (assuming the users are setup in ios and not using remote AAA) Should be at the bottom of your routers configuration line vty 0 4 login local _____________________________________________________________________ Seth Martin - Desk: 239-949-4450 x6705 - Cell: 239-588-0681 - Fax: 239-495-5181 - -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff Alexander Sent: Tuesday, July 29, 2008 3:07 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: clogin password I try to explain more. For example I have 3 cisco routers. All have same password and username, but one router ask only password. Now I use this .clorginrc: #all routers add user * user add password * password enablepassword And RANCID can login only to 2 cisco's what ask username, third cisco ask only password, and RANCID can't login. What I need to change in .cloginrc for login to third Cisco? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, July 25, 2008 9:27 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] clogin password Fri, Jul 25, 2008 at 10:27:42AM +0400, Smirnoff Alexander: > Hello! > > > > I have a lot of cisco devices, and RANCID collect configurations from > them. I use this clogin configuration: > > > > #all routers > > add user * user > > add password * password enablepassword > > > > But some devices not ask Username - only password. How I can setup > clogin , for trying directly password, If the passwords are the same, then this should work. if it doesn't ask for a username, one simply won't be given. > then router not ask username, without selecting all this routers int > .cloginrc? i don't understand that last bit. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From gregoryzill at solutionary.com Tue Jul 29 14:38:24 2008 From: gregoryzill at solutionary.com (Gregory W Zill) Date: Tue, 29 Jul 2008 09:38:24 -0500 Subject: [rancid] Re: clogin password In-Reply-To: <79B77295FBC9F247A32A6C98B67B1E1401744659@srv-1exch01.sourceinterlink.com> References: <79B77295FBC9F247A32A6C98B67B1E1401744659@srv-1exch01.sourceinterlink.com> Message-ID: <488F2B60.9010301@solutionary.com> Further, in the .cloginrc file, the generic lines you currently have will serve two out of three routers, so for the third, specifically add add user router201 admin add password router201 g00dpa55w0rd where your routers might be distinguished as router101 router102 router 201 The router101 and router 102 will follow the * entries you have and the router201 will follow the more specific entries. Martin, Seth wrote: > You need to configure your line statements to use login local (assuming > the users are setup in ios and not using remote AAA) > > Should be at the bottom of your routers configuration > > line vty 0 4 > login local > > _____________________________________________________________________ > Seth Martin > - Desk: 239-949-4450 x6705 - Cell: 239-588-0681 - Fax: 239-495-5181 - > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff > Alexander > Sent: Tuesday, July 29, 2008 3:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: clogin password > > I try to explain more. For example I have 3 cisco routers. All have same > password and username, but one router ask only password. Now I use this > .clorginrc: > > #all routers > add user * user > add password * password enablepassword > > And RANCID can login only to 2 cisco's what ask username, third cisco > ask only password, and RANCID can't login. > > What I need to change in .cloginrc for login to third Cisco? > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, July 25, 2008 9:27 PM > To: Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin password > > Fri, Jul 25, 2008 at 10:27:42AM +0400, Smirnoff Alexander: >> Hello! >> >> >> >> I have a lot of cisco devices, and RANCID collect configurations from >> them. I use this clogin configuration: >> >> >> >> #all routers >> >> add user * user >> >> add password * password enablepassword >> >> >> >> But some devices not ask Username - only password. How I can setup >> clogin , for trying directly password, > > If the passwords are the same, then this should work. if it doesn't > ask for a username, one simply won't be given. > >> then router not ask username, without selecting all this routers int >> .cloginrc? > > i don't understand that last bit. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- gregory w zill, mba, cissp Information Security Engineer Managed Services Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 From dale.shaw+rancid-discuss at gmail.com Tue Jul 29 14:44:26 2008 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Tue, 29 Jul 2008 07:44:26 -0700 Subject: [rancid] Re: clogin password In-Reply-To: <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> References: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> <20080725172702.GA12369@shrubbery.net> <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> Message-ID: <3329cbb40807290744p53f9d671u16b58b197e24ddd1@mail.gmail.com> Hi, On Tue, Jul 29, 2008 at 12:07 AM, Smirnoff Alexander wrote: > > I try to explain more. For example I have 3 cisco routers. All have same > password and username, but one router ask only password. Now I use this > .clorginrc: > > #all routers > add user * user > add password * password enablepassword > > And RANCID can login only to 2 cisco's what ask username, third cisco > ask only password, and RANCID can't login. > > What I need to change in .cloginrc for login to third Cisco? I think you probably want: add user * {alexander} add userpassword * {alexanderpasswd} add password * {vtypasswd} {enablepwd} If the router gives a Username: prompt, it'll enter Username: alexander and Password: alexanderpasswd, then go into enable mode with "enablepwd". If it doesn't prompt for Username:, it'll just enter "vtypasswd", then go into enable mode with "enablepwd". cheers, Dale From heas at shrubbery.net Tue Jul 29 15:11:17 2008 From: heas at shrubbery.net (john heasley) Date: Tue, 29 Jul 2008 08:11:17 -0700 Subject: [rancid] Re: clogin password In-Reply-To: <3329cbb40807290744p53f9d671u16b58b197e24ddd1@mail.gmail.com> References: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> <20080725172702.GA12369@shrubbery.net> <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> <3329cbb40807290744p53f9d671u16b58b197e24ddd1@mail.gmail.com> Message-ID: <20080729151117.GB21215@shrubbery.net> Tue, Jul 29, 2008 at 07:44:26AM -0700, Dale Shaw: > Hi, > > On Tue, Jul 29, 2008 at 12:07 AM, Smirnoff Alexander wrote: > > > > I try to explain more. For example I have 3 cisco routers. All have same > > password and username, but one router ask only password. Now I use this > > .clorginrc: > > > > #all routers > > add user * user > > add password * password enablepassword > > > > And RANCID can login only to 2 cisco's what ask username, third cisco > > ask only password, and RANCID can't login. > > > > What I need to change in .cloginrc for login to third Cisco? > > I think you probably want: > > add user * {alexander} > add userpassword * {alexanderpasswd} > add password * {vtypasswd} {enablepwd} > > If the router gives a Username: prompt, it'll enter Username: > alexander and Password: alexanderpasswd, then go into enable mode with if alexanderpasswd/userpassword does not exist, it should use vtypasswd > "enablepwd". If it doesn't prompt for Username:, it'll just enter > "vtypasswd", then go into enable mode with "enablepwd". > > cheers, > Dale > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bgmilne at staff.telkomsa.net Tue Jul 29 15:53:37 2008 From: bgmilne at staff.telkomsa.net (Buchan Milne) Date: Tue, 29 Jul 2008 17:53:37 +0200 Subject: [rancid] Rancid for firewall configuration auditing Message-ID: <200807291753.38344.bgmilne@staff.telkomsa.net> We currently use rancid mainly for network device revision control. We will soon be taking over management of some Cisco-base firewalls, and we would like to have some kind of configuration auditing. The aim of the auditing is to be able to prove the origin of an individual firewall rule. The way I envisage doing this is with 'cvs annotate' or similar (e.g. with cvsweb or viewvc), so an auditor could see an annotated version of any revision of the firewall configuration, click on the link next to the line of interest, and see the change number that implemented that line of the configuration (from which we can find the firewall request or other motivation for modifying the access). To accomplish this, I just need to have a custom commit message. I tested briefly by abusing the -m option to rancid-run, but I would prefer not to send spurious emails, as follows: $ sudo -H -u rancid /usr/lib64/rancid/bin/rancid-run -r devicename -m 'sudoCOXXXXXX' Which mostly gives the desired behaviour (at least on the cvs side). Also, I would prefer to get the username (well, $SUDO_USER) in as the author, but I guess that is more of a permissions issue than anything else. So, is would there be any interest in adding a command-line option for a custom commit message? If so, I am prepared to do the changes and submit a patch. Regards, Buchan (BTW, I also packaged rancid for Mandriva, rancid is available in the 'contrib' section of Mandriva 2007.0 and later) From asmirnoff at gldn.net Wed Jul 30 05:17:18 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Wed, 30 Jul 2008 09:17:18 +0400 Subject: [rancid] Re: clogin password In-Reply-To: <488F2B60.9010301@solutionary.com> References: <79B77295FBC9F247A32A6C98B67B1E1401744659@srv-1exch01.sourceinterlink.com> <488F2B60.9010301@solutionary.com> Message-ID: <986544234AB0A44BADE40DF502E2012A0186C489@SPBMAIL.spb.sovintel.net> Huh, really i have not 3 , but ~1000 cisco routers, and in this case i need describe all routers what don't ask Username: in .cloginrc , or setup AAA on routers - it's a though task , and i want avoid it by such .cloginrc configuration what consider all devices - with Username and without. -----Original Message----- From: Gregory W Zill [mailto:gregoryzill at solutionary.com] Sent: Tuesday, July 29, 2008 6:38 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: clogin password Further, in the .cloginrc file, the generic lines you currently have will serve two out of three routers, so for the third, specifically add add user router201 admin add password router201 g00dpa55w0rd where your routers might be distinguished as router101 router102 router 201 The router101 and router 102 will follow the * entries you have and the router201 will follow the more specific entries. Martin, Seth wrote: > You need to configure your line statements to use login local (assuming > the users are setup in ios and not using remote AAA) > > Should be at the bottom of your routers configuration > > line vty 0 4 > login local > > _____________________________________________________________________ > Seth Martin > - Desk: 239-949-4450 x6705 - Cell: 239-588-0681 - Fax: 239-495-5181 - > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Smirnoff > Alexander > Sent: Tuesday, July 29, 2008 3:07 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: clogin password > > I try to explain more. For example I have 3 cisco routers. All have same > password and username, but one router ask only password. Now I use this > .clorginrc: > > #all routers > add user * user > add password * password enablepassword > > And RANCID can login only to 2 cisco's what ask username, third cisco > ask only password, and RANCID can't login. > > What I need to change in .cloginrc for login to third Cisco? > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, July 25, 2008 9:27 PM > To: Smirnoff Alexander > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] clogin password > > Fri, Jul 25, 2008 at 10:27:42AM +0400, Smirnoff Alexander: >> Hello! >> >> >> >> I have a lot of cisco devices, and RANCID collect configurations from >> them. I use this clogin configuration: >> >> >> >> #all routers >> >> add user * user >> >> add password * password enablepassword >> >> >> >> But some devices not ask Username - only password. How I can setup >> clogin , for trying directly password, > > If the passwords are the same, then this should work. if it doesn't > ask for a username, one simply won't be given. > >> then router not ask username, without selecting all this routers int >> .cloginrc? > > i don't understand that last bit. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- gregory w zill, mba, cissp Information Security Engineer Managed Services Team ----------------------------- Solutionary, Inc. Making Security Manageable v: 402-361-3066 From asmirnoff at gldn.net Thu Jul 31 09:29:45 2008 From: asmirnoff at gldn.net (Smirnoff Alexander) Date: Thu, 31 Jul 2008 13:29:45 +0400 Subject: [rancid] Re: clogin password In-Reply-To: <3329cbb40807290744p53f9d671u16b58b197e24ddd1@mail.gmail.com> References: <986544234AB0A44BADE40DF502E2012A0186C1CE@SPBMAIL.spb.sovintel.net> <20080725172702.GA12369@shrubbery.net> <986544234AB0A44BADE40DF502E2012A0186C3D6@SPBMAIL.spb.sovintel.net> <3329cbb40807290744p53f9d671u16b58b197e24ddd1@mail.gmail.com> Message-ID: <986544234AB0A44BADE40DF502E2012A0186C616@SPBMAIL.spb.sovintel.net> Thanx a lot - it really what I need. -----Original Message----- From: dale.shaw at gmail.com [mailto:dale.shaw at gmail.com] On Behalf Of Dale Shaw Sent: Tuesday, July 29, 2008 6:44 PM To: Smirnoff Alexander Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: clogin password Hi, On Tue, Jul 29, 2008 at 12:07 AM, Smirnoff Alexander wrote: > > I try to explain more. For example I have 3 cisco routers. All have same > password and username, but one router ask only password. Now I use this > .clorginrc: > > #all routers > add user * user > add password * password enablepassword > > And RANCID can login only to 2 cisco's what ask username, third cisco > ask only password, and RANCID can't login. > > What I need to change in .cloginrc for login to third Cisco? I think you probably want: add user * {alexander} add userpassword * {alexanderpasswd} add password * {vtypasswd} {enablepwd} If the router gives a Username: prompt, it'll enter Username: alexander and Password: alexanderpasswd, then go into enable mode with "enablepwd". If it doesn't prompt for Username:, it'll just enter "vtypasswd", then go into enable mode with "enablepwd". cheers, Dale