From publicrbirri at gmail.com Mon Mar 1 13:59:56 2010 From: publicrbirri at gmail.com (Rodo Bibi) Date: Mon, 1 Mar 2010 14:59:56 +0100 Subject: [rancid] fortigate issues Message-ID: Hey rancid community I am working with fortigate 1000A and I have 2 issues I am sure you can help me with. At each rancid backup I receive an email with configuration changes. First problem : retrieving revision 1.1969 diff -U 4 -r1.1969 fortifw @@ -51,9 +51,9 @@ set daily-restart disable set detection-summary enable set dst enable set failtime 5 - set fds-statistics enable + set fds-statistics enable set forticlient-portal-port 8009 set fsae-burst-size 300 set fsae-rate-limit 100 See, the set fds-statistics enable is removed then added. How can I get rid of this ? Second problem : The display of the private key changes at each backup : + set private-key "-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412 - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw== + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+ + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ== -----END RSA PRIVATE KEY-----" I would love to remove everything " " and display set private-key " *** removed *** ". Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100301/461dcb43/attachment.html From diego.ercolani at ssis.sm Mon Mar 1 15:22:29 2010 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Mon, 1 Mar 2010 16:22:29 +0100 Subject: [rancid] Re: fortigate issues In-Reply-To: References: Message-ID: <201003011622.29316.diego.ercolani@ssis.sm> I had today your issue, I've solved with a reboot process of the fortigate appliance.... rancid (with my patches) simple asks fortinet a dump of the configuration without making bautifying or indent of the configuration dump. for the certificate/private key and others, you have to modify the source removing things multiline.... The main loop where these things are done start at line 176 of fnrancid, but as you see it's very simple and remove only the one-line things matching a tag on the line. You have to create a more sophisticated implementation subroutine that process multiline input at a time e manage exceptions. In the same loop I think it's possible to manage issue like more spaces added, but what I saw in my today situation is that sometimes fortigate give the configurations breaking commands with a line feed without any kind of rule eg.... I saw something like: retrieving revision 1.1969 diff -U 4 -r1.1969 fortifw @@ -51,9 +51,9 @@ set daily-restart disable set detection-summary enable set dst enable set failtime 5 - set fds-statistics enable + set fds-stat + istics enable set forticlient-portal-port 8009 set fsae-burst-size 300 set fsae-rate-limit 100 ...this isn't foreseenable, don't you think? In data luned? 1 marzo 2010 14:59:56, Rodo Bibi ha scritto: : > Hey rancid community > > I am working with fortigate 1000A and I have 2 issues I am sure you can > help me with. > > At each rancid backup I receive an email with configuration changes. > > First problem : > > retrieving revision 1.1969 > diff -U 4 -r1.1969 fortifw > @@ -51,9 +51,9 @@ > set daily-restart disable > set detection-summary enable > set dst enable > set failtime 5 > - set fds-statistics enable > + set fds-statistics enable > set forticlient-portal-port 8009 > set fsae-burst-size 300 > set fsae-rate-limit 100 > > See, the set fds-statistics enable is removed then added. How can I get rid > of this ? > > > Second problem : > > The display of the private key changes at each backup : > > + set private-key "-----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412 > - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo > - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D > - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q > - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI > - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB > - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK > - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo > - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy > - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T > - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI > - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw== > + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D > + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD > + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na > + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt > + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg > + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw > + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+ > + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU > + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg > + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS > + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE > + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ== > -----END RSA PRIVATE KEY-----" > > I would love to remove everything " " and display set private-key " *** > removed *** ". > > Thanks From flan at nectarcorp.com Mon Mar 1 15:43:52 2010 From: flan at nectarcorp.com (Stephen Flanagan) Date: Mon, 1 Mar 2010 10:43:52 -0500 Subject: [rancid] Extreme Xos issues Message-ID: <02FBECA25E68744CBEACFCC9EDFA36684AC6B5DE@J-F-Exch01.jumacorp.com> Has anyone been able to make the configuration file on an XOS switch work with the missing EOF marker? I am having trouble getting it to work. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100301/03b78d5b/attachment.html From henrik at stadsnat.nu Mon Mar 1 10:13:24 2010 From: henrik at stadsnat.nu (Henrik) Date: Mon, 1 Mar 2010 11:13:24 +0100 Subject: [rancid] Extreme networks Message-ID: <00a501cab927$d3ce5ba0$7b6b12e0$@nu> Hi ! I cant get my extreme networks switches to work with tacacs+ When I get into the switch I only get USER status Is there something I have missed. ?? Gratefull for help -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 3386 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100301/d635b542/attachment.bin From heas at shrubbery.net Mon Mar 1 18:01:31 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 1 Mar 2010 10:01:31 -0800 Subject: [rancid] Re: fortigate issues In-Reply-To: <201003011622.29316.diego.ercolani@ssis.sm> References: <201003011622.29316.diego.ercolani@ssis.sm> Message-ID: <20100301180131.GJ5640@shrubbery.net> Mon, Mar 01, 2010 at 04:22:29PM +0100, Diego Ercolani: > I had today your issue, I've solved with a reboot process of the fortigate > appliance.... > rancid (with my patches) simple asks fortinet a dump of the configuration > without making bautifying or indent of the configuration dump. > for the certificate/private key and others, you have to modify the source > removing things multiline.... > The main loop where these things are done start at line 176 of fnrancid, but > as you see it's very simple and remove only the one-line things matching a tag > on the line. You have to create a more sophisticated implementation subroutine > that process multiline input at a time e manage exceptions. > > In the same loop I think it's possible to manage issue like more spaces added, > but what I saw in my today situation is that sometimes fortigate give the > configurations breaking commands with a line feed without any kind of rule > eg.... I saw something like: > > retrieving revision 1.1969 > diff -U 4 -r1.1969 fortifw > @@ -51,9 +51,9 @@ > set daily-restart disable > set detection-summary enable > set dst enable > set failtime 5 > - set fds-statistics enable > + set fds-stat > + istics enable > set forticlient-portal-port 8009 > set fsae-burst-size 300 > set fsae-rate-limit 100 most likely a side effect of the pager. nlogin uses 'set console page 0' to disable the pager. does this command not work on the fortigate? > ...this isn't foreseenable, don't you think? > > In data luned? 1 marzo 2010 14:59:56, Rodo Bibi ha scritto: > : > Hey rancid community > > > > I am working with fortigate 1000A and I have 2 issues I am sure you can > > help me with. > > > > At each rancid backup I receive an email with configuration changes. > > > > First problem : > > > > retrieving revision 1.1969 > > diff -U 4 -r1.1969 fortifw > > @@ -51,9 +51,9 @@ > > set daily-restart disable > > set detection-summary enable > > set dst enable > > set failtime 5 > > - set fds-statistics enable > > + set fds-statistics enable > > set forticlient-portal-port 8009 > > set fsae-burst-size 300 > > set fsae-rate-limit 100 > > > > See, the set fds-statistics enable is removed then added. How can I get rid > > of this ? > > > > > > Second problem : > > > > The display of the private key changes at each backup : one would think that key should be static. maybe it rekeys on some schedule? what is it used for? are there multiple private keys in the config? > > + set private-key "-----BEGIN RSA PRIVATE KEY----- > > Proc-Type: 4,ENCRYPTED > > - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412 > > - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo > > - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D > > - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q > > - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI > > - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB > > - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK > > - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo > > - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy > > - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T > > - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI > > - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw== > > + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D > > + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD > > + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na > > + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt > > + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg > > + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw > > + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+ > > + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU > > + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg > > + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS > > + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE > > + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ== > > -----END RSA PRIVATE KEY-----" > > > > I would love to remove everything " " and display set private-key " *** > > removed *** ". > > > > Thanks > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Mar 1 18:10:21 2010 From: rancid at gheek.net (Lance Vermilion) Date: Mon, 1 Mar 2010 11:10:21 -0700 Subject: [rancid] Re: Dedicated nixrancid using clogin...anyone interested In-Reply-To: References: <8423e7bb1002261132ice74b77lb30ed73c076a8f62@mail.gmail.com> Message-ID: <8423e7bb1003011010l18029170v9c0fde843ecc1cc9@mail.gmail.com> Charles, I hope to actually put some structured code together in the next 5-8 days (before I leave on my honeymoon). I first have to take care of some higher priority issues here. I will share what I come up with. Stay tuned. -lance On Fri, Feb 26, 2010 at 5:57 PM, Charles Tompkins wrote: > I am interested and condisidering a rancid deployment for change management > on server files ATM; I am interested in seeing your work. > > I can see nixcollect.db using some additional variability or versions to > accomodate other system flavors for all the different paths to etc, not to > mention multiple paths to applications like src-installed (/usr/local/etc) > vs. maintained packages (/etc) or even /opt. > > nixcollect_redhat.db > nixcollect_debuntu.db > nixcollect_solaris.db > . . . > > Maybe set your path to etc/ as a variable for the firsthalf of the object > and rely on your object definition to supply the secondhalf to get to the > file. > > Regards, > -Charles > > > > On Feb 26, 2010, at 2:32 PM, Lance Vermilion wrote: > >> All, >> >> I have been thinking. I don't want to go and add something like >> cfengine or anything else to my existing set of tools. I do want to >> collect some information and save it, namely files that wouldn't be >> changing frequently and since I use OpenNMS which has RANCID tied to >> it already this is a valuable add for me. All I need to do is add a >> new platform nix that points to nixrancid that uses a slightly >> modified clogin (to skip sending "term length 0") and then I can >> capture all sorts of important bits of info on *nix machines. Right >> now I have played with Linux and I am having quite the success. >> >> I want to write a small addition to nixrancid that would then look at >> an additional file called nixcollect.db. This would allow someone to >> enable collection based on possible collection bits. So if the >> platform type of nix was in router.db then nixrancid would look in >> nixcollect.db ?to figure out what files to screen scrape. >> >> Please let me know if anyone else would be interested in the work I will >> do. >> >> Currently I am thinking to capture a few things. >> >> #key files in /etc/ >> /etc/passwd >> /etc/profile >> /etc/bashrc >> /etc/group >> /etc/sudoers >> /etc/modprobe >> /etc/aliases >> /etc/crontab >> /etc/grub.conf >> /etc/shadow >> /etc/hosts >> /etc/hosts.allow >> /etc/hosts.deny >> /etc/host.conf >> /etc/multipath.conf >> /etc/resolv.conf >> /etc/securetty >> /etc/services >> /etc/updatedb.conf >> /etc/sysctl.conf >> /etc/inittab >> /etc/initlog.conf >> /etc/login.defs >> /etc/logrotate.conf >> /etc/logrotate.d/* >> >> #syslogd >> /etc/syslog.conf >> >> #syslog-ng >> /etc/syslog-ng/* >> >> #java >> /etc/java/* >> >> #security >> /etc/security/* >> >> #drbd >> /etc/drbd.conf >> >> #snmp >> /etc/snmp/snmpd.conf >> /etc/snmp/snmp.local.conf >> >> #tomcat >> /etc/tomcat5/* >> /etc/sysconfig/tomcat5/ >> >> #yum/apt-get/etc >> /etc/yum.conf >> /etc/yum.repos.d/*.repo >> /etc/yum/yum-updatesd.conf >> >> #ssh >> /etc/ssh/* >> >> #selinux >> /etc/selinux/config >> >> >> #filesystem >> /etc/fstab >> >> #INIT scripts >> /etc/init.d/* >> >> #PAM >> /etc/pan.d/* >> >> #databases - mysql/etc >> /etc/my.cnf >> >> #DNS - bind/named >> /etc/named.conf >> /etc/named.caching-nameserver.conf >> /etc/rfc1912.zones >> /etc/sysconfig/named >> >> #iscsi >> >> >> #ntp >> /etc/ntp.conf >> /etc/ntp/ntpservers >> /etc/ntp/keys >> /etc/sysconfig/ntpd >> >> #security files - audit >> /etc/audit/auditd.conf >> /etc/audit/audit.rules >> /etc/sysconfig/auditd >> >> #iptables >> /etc/sysconfig/iptables-config >> /etc/sysconfig/ip6tables-config >> >> #Heartbeat >> /etc/ha.d/haresources >> /etc/ha.d/ha.cf >> /etc/ha.d/authkeys >> >> #sysconfig stuff >> /etc/sysconfig/network >> /etc/sysconfig/network-scripts/ifcfg-* >> /etc/sysconfig/authconfig >> /etc/sysconfig/clock >> /etc/sysconfig/kernel >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rancid at ale.cx Mon Mar 1 20:33:29 2010 From: rancid at ale.cx (Alex DEKKER) Date: Mon, 1 Mar 2010 20:33:29 +0000 Subject: [rancid] Re: Dedicated nixrancid using clogin...anyone interested In-Reply-To: <8423e7bb1002261132ice74b77lb30ed73c076a8f62@mail.gmail.com> References: <8423e7bb1002261132ice74b77lb30ed73c076a8f62@mail.gmail.com> Message-ID: <201003012033.29338.rancid@ale.cx> On Friday 26 February 2010 19:32:58 Lance Vermilion wrote: > Please let me know if anyone else would be interested in the work I will > do. Yes, mainly because I've already got RANCID working with a variety of routers and switches, so this would make adding servers into the mix painless. alexd From diego.ercolani at ssis.sm Mon Mar 1 21:32:57 2010 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Mon, 1 Mar 2010 22:32:57 +0100 Subject: [rancid] Re: Dedicated nixrancid using clogin...anyone interested In-Reply-To: <8423e7bb1003011010l18029170v9c0fde843ecc1cc9@mail.gmail.com> References: <8423e7bb1002261132ice74b77lb30ed73c076a8f62@mail.gmail.com> <8423e7bb1003011010l18029170v9c0fde843ecc1cc9@mail.gmail.com> Message-ID: <201003012232.57399.diego.ercolani@ssis.sm> You're welcome with these patches, if you think you can even start from my patches dated july 2009: http://www.shrubbery.net/pipermail/rancid-discuss/2009-July/004036.html where I also implemented an extension to the rancid .clogin configuration implementing multiline structure In data luned? 1 marzo 2010 19:10:21, Lance Vermilion ha scritto: : > Charles, > > I hope to actually put some structured code together in the next 5-8 > days (before I leave on my honeymoon). I first have to take care of > some higher priority issues here. I will share what I come up with. > Stay tuned. > > -lance > > On Fri, Feb 26, 2010 at 5:57 PM, Charles Tompkins > > wrote: > > I am interested and condisidering a rancid deployment for change > > management on server files ATM; I am interested in seeing your work. > > > > I can see nixcollect.db using some additional variability or versions to > > accomodate other system flavors for all the different paths to etc, not > > to mention multiple paths to applications like src-installed > > (/usr/local/etc) vs. maintained packages (/etc) or even /opt. > > > > nixcollect_redhat.db > > nixcollect_debuntu.db > > nixcollect_solaris.db > > . . . > > > > Maybe set your path to etc/ as a variable for the firsthalf of the object > > and rely on your object definition to supply the secondhalf to get to the > > file. > > > > Regards, > > -Charles > > > > On Feb 26, 2010, at 2:32 PM, Lance Vermilion wrote: > >> All, > >> > >> I have been thinking. I don't want to go and add something like > >> cfengine or anything else to my existing set of tools. I do want to > >> collect some information and save it, namely files that wouldn't be > >> changing frequently and since I use OpenNMS which has RANCID tied to > >> it already this is a valuable add for me. All I need to do is add a > >> new platform nix that points to nixrancid that uses a slightly > >> modified clogin (to skip sending "term length 0") and then I can > >> capture all sorts of important bits of info on *nix machines. Right > >> now I have played with Linux and I am having quite the success. > >> > >> I want to write a small addition to nixrancid that would then look at > >> an additional file called nixcollect.db. This would allow someone to > >> enable collection based on possible collection bits. So if the > >> platform type of nix was in router.db then nixrancid would look in > >> nixcollect.db to figure out what files to screen scrape. > >> > >> Please let me know if anyone else would be interested in the work I will > >> do. > >> > >> Currently I am thinking to capture a few things. > >> > >> #key files in /etc/ > >> /etc/passwd > >> /etc/profile > >> /etc/bashrc > >> /etc/group > >> /etc/sudoers > >> /etc/modprobe > >> /etc/aliases > >> /etc/crontab > >> /etc/grub.conf > >> /etc/shadow > >> /etc/hosts > >> /etc/hosts.allow > >> /etc/hosts.deny > >> /etc/host.conf > >> /etc/multipath.conf > >> /etc/resolv.conf > >> /etc/securetty > >> /etc/services > >> /etc/updatedb.conf > >> /etc/sysctl.conf > >> /etc/inittab > >> /etc/initlog.conf > >> /etc/login.defs > >> /etc/logrotate.conf > >> /etc/logrotate.d/* > >> > >> #syslogd > >> /etc/syslog.conf > >> > >> #syslog-ng > >> /etc/syslog-ng/* > >> > >> #java > >> /etc/java/* > >> > >> #security > >> /etc/security/* > >> > >> #drbd > >> /etc/drbd.conf > >> > >> #snmp > >> /etc/snmp/snmpd.conf > >> /etc/snmp/snmp.local.conf > >> > >> #tomcat > >> /etc/tomcat5/* > >> /etc/sysconfig/tomcat5/ > >> > >> #yum/apt-get/etc > >> /etc/yum.conf > >> /etc/yum.repos.d/*.repo > >> /etc/yum/yum-updatesd.conf > >> > >> #ssh > >> /etc/ssh/* > >> > >> #selinux > >> /etc/selinux/config > >> > >> > >> #filesystem > >> /etc/fstab > >> > >> #INIT scripts > >> /etc/init.d/* > >> > >> #PAM > >> /etc/pan.d/* > >> > >> #databases - mysql/etc > >> /etc/my.cnf > >> > >> #DNS - bind/named > >> /etc/named.conf > >> /etc/named.caching-nameserver.conf > >> /etc/rfc1912.zones > >> /etc/sysconfig/named > >> > >> #iscsi > >> > >> > >> #ntp > >> /etc/ntp.conf > >> /etc/ntp/ntpservers > >> /etc/ntp/keys > >> /etc/sysconfig/ntpd > >> > >> #security files - audit > >> /etc/audit/auditd.conf > >> /etc/audit/audit.rules > >> /etc/sysconfig/auditd > >> > >> #iptables > >> /etc/sysconfig/iptables-config > >> /etc/sysconfig/ip6tables-config > >> > >> #Heartbeat > >> /etc/ha.d/haresources > >> /etc/ha.d/ha.cf > >> /etc/ha.d/authkeys > >> > >> #sysconfig stuff > >> /etc/sysconfig/network > >> /etc/sysconfig/network-scripts/ifcfg-* > >> /etc/sysconfig/authconfig > >> /etc/sysconfig/clock > >> /etc/sysconfig/kernel > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From mohacsi at niif.hu Tue Mar 2 09:04:52 2010 From: mohacsi at niif.hu (Mohacsi Janos) Date: Tue, 2 Mar 2010 10:04:52 +0100 (CET) Subject: [rancid] rancid 2.3.3 announced? Message-ID: Dear Maintainers, Did you release officially the rancid 2.3.3? I see distribution tar on the ftp site. Best Regards, Janos Mohacsi Head of HBONE+ project Network Engineer, Deputy Director of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 From diego.ercolani at ssis.sm Tue Mar 2 15:36:34 2010 From: diego.ercolani at ssis.sm (Diego Ercolani) Date: Tue, 2 Mar 2010 16:36:34 +0100 Subject: [rancid] Re: fortigate issues In-Reply-To: <2A3318A4-B19D-4D81-AAF2-5EB725607AEE@gmail.com> References: <201003011622.29316.diego.ercolani@ssis.sm> <2A3318A4-B19D-4D81-AAF2-5EB725607AEE@gmail.com> Message-ID: <201003021636.34741.diego.ercolani@ssis.sm> I see the problem near line 590 of fnlogin procedure -re "$prompt" { send "\r" sleep 0.5 if I invert sleep 0.5 with send "\r" the difference come up in other places... for the certificates, in my rancid installation certificates didn't vary from one query to another I don't know why as if I ask fortinet with "show full- configuration", certificates vary from one query to the other .... In data luned? 1 marzo 2010 18:16:21, hai scritto: > Yes one line is easy to remove but I need to remove the complete > certificate block. > > Maybe with a line counter from the moment I match the "set private-key" tag > > Thanks for your help > > Le 1 mars 2010 ? 16:22, Diego Ercolani a ?crit : > > I had today your issue, I've solved with a reboot process of the > > fortigate appliance.... > > rancid (with my patches) simple asks fortinet a dump of the configuration > > without making bautifying or indent of the configuration dump. > > for the certificate/private key and others, you have to modify the source > > removing things multiline.... > > The main loop where these things are done start at line 176 of fnrancid, > > but as you see it's very simple and remove only the one-line things > > matching a tag on the line. You have to create a more sophisticated > > implementation subroutine that process multiline input at a time e > > manage exceptions. > > > > In the same loop I think it's possible to manage issue like more spaces > > added, but what I saw in my today situation is that sometimes fortigate > > give the configurations breaking commands with a line feed without any > > kind of rule eg.... I saw something like: > > > > retrieving revision 1.1969 > > diff -U 4 -r1.1969 fortifw > > @@ -51,9 +51,9 @@ > > > > set daily-restart disable > > set detection-summary enable > > set dst enable > > set failtime 5 > > > > - set fds-statistics enable > > + set fds-stat > > + istics enable > > > > set forticlient-portal-port 8009 > > set fsae-burst-size 300 > > set fsae-rate-limit 100 > > > > ...this isn't foreseenable, don't you think? > > > > In data luned? 1 marzo 2010 14:59:56, Rodo Bibi ha scritto: > > : > Hey rancid community > >> > >> I am working with fortigate 1000A and I have 2 issues I am sure you can > >> help me with. > >> > >> At each rancid backup I receive an email with configuration changes. > >> > >> First problem : > >> > >> retrieving revision 1.1969 > >> diff -U 4 -r1.1969 fortifw > >> @@ -51,9 +51,9 @@ > >> > >> set daily-restart disable > >> set detection-summary enable > >> set dst enable > >> set failtime 5 > >> > >> - set fds-statistics enable > >> + set fds-statistics enable > >> > >> set forticlient-portal-port 8009 > >> set fsae-burst-size 300 > >> set fsae-rate-limit 100 > >> > >> See, the set fds-statistics enable is removed then added. How can I get > >> rid of this ? > >> > >> > >> Second problem : > >> > >> The display of the private key changes at each backup : > >> > >> + set private-key "-----BEGIN RSA PRIVATE KEY----- > >> > >> Proc-Type: 4,ENCRYPTED > >> > >> - DEK-Info: DES-EDE3-CBC,3C07324ADB7623412 > >> - M1/T1PrO+n8oX1E2Fks46mI6zF3R99g3ulhR9jfXi1zdjYrfEfmz8eIbV0lrECoo > >> - P6DKRBUUJw9p4OPitm1XpIG5SXQSLWjV9GOWeFhsiAWDZrnONzWSkuiunXxu3W3D > >> - BIw4fCC+HXRs1wUHhTf0XWzpbO0pmWfHWcCv8D3jKLXdchGI/5jKyfsVAgv5TT6Q > >> - A40sI463M4xBl2RzNBNvxSF1yrpDdA454W0B4y8uSHLQg0Q94fGiprLpUO9S2NFI > >> - QUKJGqAhNrwGbFCmm7NQxeEbdbJnzJ77rxYjm3+VQaEsPkuKU32DgQTP1uJIxTeB > >> - WM8F30XrOqj6/esxqqL8TZl4uYySJZtR2SVjlhdVlg7zCQSZV3ZbgK7zR5lT3+aK > >> - rUGg3DEiA8ajHxv44QsUutwhSrubreCkaHkRI1VxZpeOroa2x6t8bN/XcvPCWQEo > >> - Y1yXEn7iR3LZxbE5retft+UBhcBs0Xm55vBMGeyNhzkalQveSJ1Bn7A5lLrII8Hy > >> - YlozkgkbzsRsWNFQKFUWGNQR56432IHGWOVDSBQGE5py0Wk1qq+bOQq5T > >> - ySWSKQDdDv3rS2OU3aulmcXvzs+pmLqYHQG6m8vQm0/7EhKEKa2UK2M5Nx4SOLdI > >> - 94iOYWFrJ5SJcIgA3TKaQVpHTEjsSncPVlUu4sBxm3kTQOK5bE52aw== > >> + DEK-Info: DES-EDE3-CBC,B69D648DD9C5C8D > >> + bAAaqPBUPN3p3MkBtkfZ9rCk18Fda5hppgZbInsTBioCajUeewzXOFqLsPBmP4qD > >> + oKakQ9QAt9d4W7SYmRvSWM7kWluOlQDXYOX3NImoYYmF/iCP6sS+mopih5PAy4na > >> + 9Jxe5m5Cb6USdafrSjHqaOQjlXOIGo7vCvs3LyXOhBA2mw1QTJyYPK5ZDiqx+edt > >> + Qqs4EIF8PgzSug2yQmkXu1YeuLaUtpnVu6g7koY3ugeznEJe7qUR15EvYW/VI3eg > >> + xKTmqk95+oNEySR+WcKajv59u01j6FoaD0ALN5rJEVv1AlG0NJryjIlevW1AGVUw > >> + tXG2HJz0zmFX99hIV7RMntZIez2cw+VaojLluHlTdngI9y7LemoLQPrxwKjwCV0+ > >> + U3waJhpKV2bFjfqhbcuahifjAFIFA8ghhfbuzfq/y7O8yD25fSE22fU > >> + F0+8ehuNv2M13gATPhUrNtQDo0wSzPaO//Bpei+QT1ulVSMQGveVkVdRH1wHWvPg > >> + AzDVi/HmsVvZa0SBKwuZP4WnVdfuiIyX0frWpGirltPny9BkuM3GSBsa2Oz/f2XS > >> + OEVW1xUT+WFUc55x7rVDvy8WPFSUYL7hFQDJmr2VZC2QJi1W2jVcsAcaAswDo3RE > >> + +3vjawQ1S/p5Sh2UX1XCel+HP5X9mR/3HlPV1EsZ9rwz9mnl2GhQYQ== > >> > >> -----END RSA PRIVATE KEY-----" > >> > >> I would love to remove everything " " and display set private-key " *** > >> removed *** ". > >> > >> Thanks > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From awm11 at psu.edu Tue Mar 2 17:29:45 2010 From: awm11 at psu.edu (Adam McNeal) Date: Tue, 2 Mar 2010 12:29:45 -0500 Subject: [rancid] Cisco ONS 15454 backups Message-ID: <01E9BE53DDA8974BA1A4E4C6DB8BA15B06B644A8@tnshestia.tnsadmin.tns.psu.edu> Anyone doing backups of Cisco ONS 15454 backups with Rancid? The devices were previously made by Cerent before Cisco bought them out, if that helps. Thank you, Adam McNeal Telecommunications and Network Services Penn State University awm11 at psu.edu Desk: 814-865-9985 Desktop Video Call: 30165 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100302/5c0125df/attachment.html From heas at shrubbery.net Tue Mar 2 22:48:10 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 2 Mar 2010 14:48:10 -0800 Subject: [rancid] Re: rancid 2.3.3 announced? In-Reply-To: References: Message-ID: <20100302224809.GC1146@shrubbery.net> Tue, Mar 02, 2010 at 10:04:52AM +0100, Mohacsi Janos: > Dear Maintainers, > Did you release officially the rancid 2.3.3? I see distribution > tar on the ftp site. no, testing. its not quite ready. From R.Epping at meteo.nl Fri Mar 5 12:04:12 2010 From: R.Epping at meteo.nl (Rob Epping) Date: Fri, 5 Mar 2010 12:04:12 -0000 Subject: [rancid] Re: Rancid support for Brocade switches Message-ID: Hi, Tue Jan 26 22:12:55 UTC 2010 nmaio at guesswho.com wrote: > Yes I did but I modified a script do just do a cfgshow and > configshow. Would you like a copy? > It only works with OS versions that don't paginate the output. I'm interested too. Would it be possible to share your copy with this list? THNX && GRTNX, RobJE -- Home is near Enter. ((c) RonA) ======================================================================== Tel: +31 - 317 - 399800 s-mail: P.O. box 617 Fax: +31 - 317 - 423164 6700 AP Wageningen MailTo: r.epping at meteo.nl WWW: http://www.meteo.nl/ -- This e-mail is from Meteo Consult B.V., a MeteoGroup company. For more information, see http://www.weer.nl/gebruiksvoorwaarden. This e-mail may contain confidential information. Only the addressee is permitted to read, copy, distribute or otherwise use this e-mail or any attachments. If you have received it in error, please contact the sender immediately. Any opinion expressed in this e-mail is personal to the sender and may not reflect the opinion of MeteoGroup. Any e-mail reply to this address may be subject to interception or monitoring for operational reasons or for lawful business practices. From flan at nectarcorp.com Fri Mar 5 12:37:09 2010 From: flan at nectarcorp.com (Stephen Flanagan) Date: Fri, 5 Mar 2010 07:37:09 -0500 Subject: [rancid] Re: Rancid support for Brocade switches Message-ID: <02FBECA25E68744CBEACFCC9EDFA36684A726AC2@J-F-Exch01.jumacorp.com> Absolutely, its really holding thing back. Thanks -------------------------------------- This message has been transmitted from a mobile device. If you are not the intended recipient please notify sender and discard message. Thank you, Juma Corp IT Department. ----- Original Message ----- From: rancid-discuss-bounces at shrubbery.net To: rancid-discuss at shrubbery.net ; NMaio at guesswho.com Sent: Fri Mar 05 07:04:12 2010 Subject: [rancid] Re: Rancid support for Brocade switches Hi, Tue Jan 26 22:12:55 UTC 2010 nmaio at guesswho.com wrote: > Yes I did but I modified a script do just do a cfgshow and > configshow. Would you like a copy? > It only works with OS versions that don't paginate the output. I'm interested too. Would it be possible to share your copy with this list? THNX && GRTNX, RobJE -- Home is near Enter. ((c) RonA) ======================================================================== Tel: +31 - 317 - 399800 s-mail: P.O. box 617 Fax: +31 - 317 - 423164 6700 AP Wageningen MailTo: r.epping at meteo.nl WWW: http://www.meteo.nl/ -- This e-mail is from Meteo Consult B.V., a MeteoGroup company. For more information, see http://www.weer.nl/gebruiksvoorwaarden. This e-mail may contain confidential information. Only the addressee is permitted to read, copy, distribute or otherwise use this e-mail or any attachments. If you have received it in error, please contact the sender immediately. Any opinion expressed in this e-mail is personal to the sender and may not reflect the opinion of MeteoGroup. Any e-mail reply to this address may be subject to interception or monitoring for operational reasons or for lawful business practices. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From wpereira at pop-sp.rnp.br Mon Mar 8 12:20:10 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 09:20:10 -0300 Subject: [rancid] I felt welcomed! Message-ID: <4B94EB7A.3080309@pop-sp.rnp.br> Hi, everyone. I am glad to be here. I hope I can learn with you about Rancid. I have many switch vendors brands here (Foundry, Cisco, Juniper and Extreme) and, as I can see, Rancid is the best option to manage their configurations. I am reading, right now, the README file. I've already installed the Rancid 2.3.2 version and now what? What's next? Thanks for any help. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From wpereira at pop-sp.rnp.br Mon Mar 8 12:30:02 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 09:30:02 -0300 Subject: [rancid] The config.log Message-ID: <4B94EDCA.5020205@pop-sp.rnp.br> Hi, When I tried to run the ./configure --prefix=/home/rancid, the following log was created. What did I do wrong? This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.63. Invocation command line was $ ./configure --prefix=/home/rancid ## --------- ## ## Platform. ## ## --------- ## hostname = servicos2 uname -m = x86_64 uname -r = 2.6.26-2-amd64 uname -s = Linux uname -v = #1 SMP Thu Nov 5 02:23:12 UTC 2009 /usr/bin/uname -p = unknown /bin/uname -X = unknown /bin/arch = unknown /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /usr/sbin PATH: /usr/bin PATH: /sbin PATH: /bin ## ----------- ## ## Core tests. ## ## ----------- ## configure:1915: checking for a BSD-compatible install configure:1983: result: /usr/bin/install -c configure:1994: checking whether build environment is sane configure:2037: result: yes configure:2062: checking for a thread-safe mkdir -p configure:2101: result: /bin/mkdir -p configure:2114: checking for gawk configure:2144: result: no configure:2114: checking for mawk configure:2130: found /usr/bin/mawk configure:2141: result: mawk configure:2152: checking whether make sets $(MAKE) configure:2174: result: yes configure:2357: checking for gmake configure:2388: result: no configure:2400: checking for make configure:2418: found /usr/bin/make configure:2431: result: /usr/bin/make configure:2446: checking whether /usr/bin/make sets $(MAKE) configure:2468: result: yes configure:2527: checking for gcc configure:2557: result: no configure:2620: checking for cc configure:2667: result: no configure:2723: checking for cl.exe configure:2753: result: no configure:2777: error: in `/usr/local/rancid/tar/rancid-2.3.2': configure:2780: error: no acceptable C compiler found in $PATH See `config.log' for more details. ## ---------------- ## ## Cache variables. ## ## ---------------- ## ac_cv_env_CC_set= ac_cv_env_CC_value= ac_cv_env_CFLAGS_set= ac_cv_env_CFLAGS_value= ac_cv_env_CPPFLAGS_set= ac_cv_env_CPPFLAGS_value= ac_cv_env_CPP_set= ac_cv_env_CPP_value= ac_cv_env_LDFLAGS_set= ac_cv_env_LDFLAGS_value= ac_cv_env_LIBS_set= ac_cv_env_LIBS_value= ac_cv_env_build_alias_set= ac_cv_env_build_alias_value= ac_cv_env_host_alias_set= ac_cv_env_host_alias_value= ac_cv_env_target_alias_set= ac_cv_env_target_alias_value= ac_cv_path_MAKE=/usr/bin/make ac_cv_path_install='/usr/bin/install -c' ac_cv_path_mkdir=/bin/mkdir ac_cv_prog_AWK=mawk ac_cv_prog_make__usr_bin_make_set=yes ac_cv_prog_make_make_set=yes ## ----------------- ## ## Output variables. ## ## ----------------- ## ACLOCAL='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run aclocal-1.10' ADMINMAILPLUS='' AMDEPBACKSLASH='' AMDEP_FALSE='' AMDEP_TRUE='' AMTAR='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run tar' ANSI2KNR='' AUTOCONF='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run autoconf' AUTOHEADER='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run autoheader' AUTOMAKE='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run automake-1.10' AWK='mawk' CC='' CCDEPMODE='' CFLAGS='' COMM='' CONF_INSTALL_FALSE='' CONF_INSTALL_TRUE='' CPP='' CPPFLAGS='' CVS='' CYGPATH_W='echo' DEFS='' DEPDIR='' DIFF='' DIFF_CMD='' DIRNAME='' ECHO_C='' ECHO_N='-n' ECHO_T='' EGREP='' ENV_PATH='' EXEEXT='' EXPECT_PATH='' FIND='' GREP='' ID='' INSTALL_DATA='${INSTALL} -m 644' INSTALL_PROGRAM='${INSTALL}' INSTALL_SCRIPT='${INSTALL}' INSTALL_STRIP_PROGRAM='$(install_sh) -c -s' LDFLAGS='' LG_PING_CMD='' LIBOBJS='' LIBS='' LTLIBOBJS='' MAILPLUS='' MAKE='/usr/bin/make' MAKEINFO='${SHELL} /usr/local/rancid/tar/rancid-2.3.2/missing --run makeinfo' MKDIR='' MKDIR_P='/bin/mkdir -p' MK_LCLSTATEDIR_FALSE='' MK_LCLSTATEDIR_TRUE='' OBJEXT='' PACKAGE='rancid' PACKAGE_BUGREPORT='' PACKAGE_NAME='' PACKAGE_STRING='' PACKAGE_TARNAME='' PACKAGE_VERSION='' PATH_SEPARATOR=':' PERLV='' PERLV_PATH='' PING_PATH='' RCSSYS='' RSH='' SENDMAIL='' SET_MAKE='' SHELL='/bin/sh' SORT='' SSH='' STRIP='' SVN='' SVN_FSTYPE='' TAR='' TELNET='' TOUCH='' U='' VERSION='2.3.2' ac_ct_CC='' am__fastdepCC_FALSE='' am__fastdepCC_TRUE='' am__include='' am__isrc='' am__leading_dot='.' am__quote='' am__tar='${AMTAR} chof - "$$tardir"' am__untar='${AMTAR} xf -' bindir='${exec_prefix}/bin' build_alias='' datadir='${datarootdir}' datarootdir='${prefix}/share' docdir='${datarootdir}/doc/${PACKAGE}' dvidir='${docdir}' exec_prefix='NONE' host_alias='' htmldir='${docdir}' includedir='${prefix}/include' infodir='${datarootdir}/info' install_sh='$(SHELL) /usr/local/rancid/tar/rancid-2.3.2/install-sh' libdir='${exec_prefix}/lib' libexecdir='${exec_prefix}/libexec' localedir='${datarootdir}/locale' localstatedir='${prefix}/var' mandir='${datarootdir}/man' mkdir_p='/bin/mkdir -p' oldincludedir='/usr/include' pdfdir='${docdir}' prefix='/home/rancid' program_transform_name='s,x,x,' psdir='${docdir}' sbindir='${exec_prefix}/sbin' sharedstatedir='${prefix}/com' sysconfdir='${prefix}/etc' target_alias='' ## ----------- ## ## confdefs.h. ## ## ----------- ## #define PACKAGE_NAME "" #define PACKAGE_TARNAME "" #define PACKAGE_VERSION "" #define PACKAGE_STRING "" #define PACKAGE_BUGREPORT "" configure: exit 1 -------- Mensagem original -------- Assunto: [rancid] I felt welcomed! Data: Mon, 08 Mar 2010 09:20:10 -0300 De: Wagner Pereira Para: rancid-discuss at shrubbery.net Hi, everyone. I am glad to be here. I hope I can learn with you about Rancid. I have many switch vendors brands here (Foundry, Cisco, Juniper and Extreme) and, as I can see, Rancid is the best option to manage their configurations. I am reading, right now, the README file. I've already installed the Rancid 2.3.2 version and now what? What's next? Thanks for any help. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From rwest at zyedge.com Mon Mar 8 12:55:24 2010 From: rwest at zyedge.com (Ryan West) Date: Mon, 8 Mar 2010 12:55:24 +0000 Subject: [rancid] Re: The config.log In-Reply-To: <4B94EDCA.5020205@pop-sp.rnp.br> References: <4B94EDCA.5020205@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD143D54@zy-ex1.zyedge.local> Wagner > -----Original Message----- > Sent: Monday, March 08, 2010 7:30 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] The config.log > > Hi, > > When I tried to run the ./configure --prefix=/home/rancid, the > following > log was created. What did I do wrong? > > This file contains any messages produced by compilers while > running configure, to aid debugging if configure makes a mistake. > > It was created by configure, which was > generated by GNU Autoconf 2.63. Invocation command line was > > configure:2446: checking whether /usr/bin/make sets $(MAKE) > configure:2468: result: yes > configure:2527: checking for gcc > configure:2557: result: no > configure:2620: checking for cc > configure:2667: result: no > configure:2723: checking for cl.exe > configure:2753: result: no > configure:2777: error: in `/usr/local/rancid/tar/rancid-2.3.2': > configure:2780: error: no acceptable C compiler found in $PATH > See `config.log' for more details. > Not sure what distro you're on, but you're probably missing headers and should install GCC. Once you're done with that, check out one of the many install guides like -> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid Thanks, -ryan From awm11 at psu.edu Mon Mar 8 14:09:48 2010 From: awm11 at psu.edu (Adam McNeal) Date: Mon, 8 Mar 2010 09:09:48 -0500 Subject: [rancid] Removing flash free space collection Message-ID: <01E9BE53DDA8974BA1A4E4C6DB8BA15B06B644CB@tnshestia.tnsadmin.tns.psu.edu> Sorry if this is a repost, I am still new with Rancid. I have a couple of Foundry devices that repeatedly have changes in flash free space due to other backups that are run. The changes are like this: Index: configs/telecom-sw02.tns.its.psu.edu =================================================================== retrieving revision 1.49 diff -U 4 -r1.49 telecom-sw02.tns.its.psu.edu @@ -57,9 +57,9 @@ ! !Flash: Compressed Pri Code size = 2667614, Version 04.3.00T3e1 (sxl04300.bin) !Flash: Compressed Sec Code size = 2667614, Version 04.3.00T3e1 (sxl04300.bin) !Flash: Compressed BootROM Code size = 524288, Version 04.0.00T3e5 - !Flash: Code Flash Free Space = 11206656 + !Flash: Code Flash Free Space = 11264000 I am not really concerned about these changes in flash size. How would I go about suppressing the commands that collect this data? Thank you, Adam McNeal Telecommunications and Network Services Penn State University awm11 at psu.edu Desk: 814-865-9985 Desktop Video Call: 30165 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100308/d30e454e/attachment.html From wpereira at pop-sp.rnp.br Mon Mar 8 15:18:28 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 12:18:28 -0300 Subject: [rancid] Re: The config.log In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD143D54@zy-ex1.zyedge.local> References: <4B94EDCA.5020205@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD143D54@zy-ex1.zyedge.local> Message-ID: <4B951544.5080901@pop-sp.rnp.br> Ryan, thanks for your response. My server is a Debian lenny 5.0 x86_64 I ran "apt-get install gcc" and, then, "./configure --prefix=/home/rancid" and it worked good. I am following the README file to install and configure. In my opinion the README file is more didactically written than this HOWTO. I really appreciate your help. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > Wagner > > >> -----Original Message----- >> Sent: Monday, March 08, 2010 7:30 AM >> To: rancid-discuss at shrubbery.net >> Subject: [rancid] The config.log >> >> Hi, >> >> When I tried to run the ./configure --prefix=/home/rancid, the >> following >> log was created. What did I do wrong? >> >> This file contains any messages produced by compilers while >> running configure, to aid debugging if configure makes a mistake. >> >> It was created by configure, which was >> generated by GNU Autoconf 2.63. Invocation command line was >> >> configure:2446: checking whether /usr/bin/make sets $(MAKE) >> configure:2468: result: yes >> configure:2527: checking for gcc >> configure:2557: result: no >> configure:2620: checking for cc >> configure:2667: result: no >> configure:2723: checking for cl.exe >> configure:2753: result: no >> configure:2777: error: in `/usr/local/rancid/tar/rancid-2.3.2': >> configure:2780: error: no acceptable C compiler found in $PATH >> See `config.log' for more details. >> >> > > Not sure what distro you're on, but you're probably missing headers and should install GCC. Once you're done with that, check out one of the many install guides like -> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid > > Thanks, > > -ryan > From wpereira at pop-sp.rnp.br Mon Mar 8 15:40:45 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 12:40:45 -0300 Subject: [rancid] What is the idea behind of LIST_OF_GROUPS? Message-ID: <4B951A7D.7070901@pop-sp.rnp.br> Hi, friends, This is the step 3 of Rancid README file, mentioning the rancid.conf configuration: ==================== 3) Modify /rancid.conf (e.g.: /etc/rancid.conf). The variable LIST_OF_GROUPS is a space delimited list of router "groups". E.g.: LIST_OF_GROUPS="backbone aggregation switches" ==================== How many different groups I can have? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From bobthebaritone at gmail.com Mon Mar 8 15:47:48 2010 From: bobthebaritone at gmail.com (bob watson) Date: Tue, 9 Mar 2010 02:47:48 +1100 Subject: [rancid] Re: What is the idea behind of LIST_OF_GROUPS? In-Reply-To: <4B951A7D.7070901@pop-sp.rnp.br> References: <4B951A7D.7070901@pop-sp.rnp.br> Message-ID: This is the grouping of like devices that you want to display in the web page. This would be limited by how far you want your users to scroll! (technically, the limit would be environment space allocated by the list_of_groups environment variable - 32 kilobit ! ???) See xargs for a discussion on environment space. On 9 March 2010 02:40, Wagner Pereira wrote: > Hi, friends, > > This is the step 3 of Rancid README file, mentioning the rancid.conf configuration: > > ==================== > 3) Modify /rancid.conf (e.g.: /etc/rancid.conf). ?The variable LIST_OF_GROUPS is a space delimited list of router "groups". > ? E.g.: > ? ? ? ?LIST_OF_GROUPS="backbone aggregation switches" > ==================== > > How many different groups I can have? > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From ttauber at 1-4-5.net Mon Mar 8 16:17:15 2010 From: ttauber at 1-4-5.net (Tony Tauber) Date: Mon, 8 Mar 2010 08:17:15 -0800 Subject: [rancid] Re: What is the idea behind of LIST_OF_GROUPS? In-Reply-To: <4B951A7D.7070901@pop-sp.rnp.br> References: <4B951A7D.7070901@pop-sp.rnp.br> Message-ID: <20100308161715.GC4940@1-4-5.net> The idea is if you have bunches of devices which may fall into different groups of interest so people can get the update email or browse configs according to their area(s) of responsibility or interest. If your network or organization isn't structured this way, all can go into one group. Tony On Mon, Mar 08, 2010 at 12:40:45PM -0300, Wagner Pereira wrote: > Hi, friends, > > This is the step 3 of Rancid README file, mentioning the rancid.conf > configuration: > > ==================== > 3) Modify /rancid.conf (e.g.: /etc/rancid.conf). > The variable LIST_OF_GROUPS is a space delimited list of router > "groups". E.g.: > LIST_OF_GROUPS="backbone aggregation switches" > ==================== > > How many different groups I can have? From wpereira at pop-sp.rnp.br Mon Mar 8 16:28:48 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 13:28:48 -0300 Subject: [rancid] Re: What is the idea behind of LIST_OF_GROUPS? In-Reply-To: References: <4B951A7D.7070901@pop-sp.rnp.br> Message-ID: <4B9525C0.6010500@pop-sp.rnp.br> Thank you guys, Bob and Tony. Now I see: I can separate groups of devices AND configure one mailbox for each group of device. That way, each group of people will receive an e-mail message for their specific group of equipments. Is that right? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 The idea is if you have bunches of devices which may fall into different groups of interest so people can get the update email or browse configs according to their area(s) of responsibility or interest. If your network or organization isn't structured this way, all can go into one group. Tony bob watson escreveu: > This is the grouping of like devices that you want to display in the > web page. This would be limited by how far you want your users to > scroll! (technically, the limit would be environment space allocated > by the list_of_groups environment variable - 32 kilobit ! ???) See > xargs for a discussion on environment space. > > On 9 March 2010 02:40, Wagner Pereira wrote: > >> Hi, friends, >> >> This is the step 3 of Rancid README file, mentioning the rancid.conf configuration: >> >> ==================== >> 3) Modify /rancid.conf (e.g.: /etc/rancid.conf). The variable LIST_OF_GROUPS is a space delimited list of router "groups". >> E.g.: >> LIST_OF_GROUPS="backbone aggregation switches" >> ==================== >> >> How many different groups I can have? >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> From wpereira at pop-sp.rnp.br Mon Mar 8 16:52:06 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 13:52:06 -0300 Subject: [rancid] Rancid-cvs: command not found Message-ID: <4B952B36.7070307@pop-sp.rnp.br> Hi, there. I am following the README file for install Rancid in my Debian lenny. When I run the rancid-cvs command (step 7), it showed me: rancid-cvs: command not found How can I fix that? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From wpereira at pop-sp.rnp.br Mon Mar 8 17:19:58 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 14:19:58 -0300 Subject: [rancid] Re: I felt welcomed! In-Reply-To: <8423e7bb1003080858w51a09cb3g963a43043fde3713@mail.gmail.com> References: <4B94EB7A.3080309@pop-sp.rnp.br> <8423e7bb1003080858w51a09cb3g963a43043fde3713@mail.gmail.com> Message-ID: <4B9531BE.3090003@pop-sp.rnp.br> Hi, Lance. Thanks for your response. Unfortunately, this did not useful to me. I tried to follow that, but now I've been successful following the README file of Rancid 2.3.2 Otherwise, I am stucked in the step 7, according to my last message to the list. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Lance Vermilion escreveu: > Here is one document that was written. It is a little old but still > very useful. > > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid > > > On Mon, Mar 8, 2010 at 5:20 AM, Wagner Pereira > wrote: > > Hi, everyone. > > I am glad to be here. I hope I can learn with you about Rancid. > > I have many switch vendors brands here (Foundry, Cisco, Juniper and > Extreme) and, as I can see, Rancid is the best option to manage their > configurations. > > I am reading, right now, the README file. > > I've already installed the Rancid 2.3.2 version and now what? > What's next? > > Thanks for any help. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From wpereira at pop-sp.rnp.br Mon Mar 8 17:21:01 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 14:21:01 -0300 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <20100308170608.GA19278@shrubbery.net> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> Message-ID: <4B9531FD.2020807@pop-sp.rnp.br> Ok, John, but how should I do that? Hugs. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 john heasley escreveu: > Mon, Mar 08, 2010 at 01:52:06PM -0300, Wagner Pereira: > >> Hi, there. >> >> I am following the README file for install Rancid in my Debian lenny. >> >> When I run the rancid-cvs command (step 7), it showed me: >> rancid-cvs: command not found >> >> How can I fix that? >> > > you need to set your path enironment variable in your shell to include > the location of the rancid executables or use the fully qualified path > name for the command. > From heas at shrubbery.net Mon Mar 8 17:44:19 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Mar 2010 09:44:19 -0800 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B9531FD.2020807@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> Message-ID: <20100308174419.GD19278@shrubbery.net> Mon, Mar 08, 2010 at 02:21:01PM -0300, Wagner Pereira: > Ok, John, but how should I do that? Sorry, you need to read. This is basic unix knowledge. see the manual page for your shell and most unices have intro (man intro) manual pages. > Hugs. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > john heasley escreveu: >> Mon, Mar 08, 2010 at 01:52:06PM -0300, Wagner Pereira: >> >>> Hi, there. >>> >>> I am following the README file for install Rancid in my Debian lenny. >>> >>> When I run the rancid-cvs command (step 7), it showed me: >>> rancid-cvs: command not found >>> >>> How can I fix that? >>> >> >> you need to set your path enironment variable in your shell to include >> the location of the rancid executables or use the fully qualified path >> name for the command. >> From ismail at habari.co.tz Mon Mar 8 17:49:27 2010 From: ismail at habari.co.tz (Ismail M. Settenda) Date: Mon, 8 Mar 2010 20:49:27 +0300 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B9531FD.2020807@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> Message-ID: <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> run updatedb Then locate rancid-cvs Then run the complete path to rancid-cvs i.e. /usr/lib/rancid/bin/rancid-cvs -- Ismail On Mon, Mar 8, 2010 at 8:21 PM, Wagner Pereira wrote: > Ok, John, but how should I do that? > > Hugs. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > john heasley escreveu: > > Mon, Mar 08, 2010 at 01:52:06PM -0300, Wagner Pereira: > > > >> Hi, there. > >> > >> I am following the README file for install Rancid in my Debian lenny. > >> > >> When I run the rancid-cvs command (step 7), it showed me: > >> rancid-cvs: command not found > >> > >> How can I fix that? > >> > > > > you need to set your path enironment variable in your shell to include > > the location of the rancid executables or use the fully qualified path > > name for the command. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100308/821b829f/attachment.html From wpereira at pop-sp.rnp.br Mon Mar 8 18:01:59 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 15:01:59 -0300 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> Message-ID: <4B953B97.6080505@pop-sp.rnp.br> Perfect, Ismail! Thank you. (You see, John Heasley? It's not too difficult to help). That's what I did: 1. updatedb 2. locate rancid-cvs 3. /home/rancid/bin/rancid-cvs No conflicts created by this import cvs checkout: Updating switches-PoP-SP Directory /home/rancid/var/rancid/CVS/switches-PoP-SP/configs added to the repository cvs commit: Examining configs cvs add: scheduling file `router.db' for addition cvs add: use `cvs commit' to add this file permanently /home/rancid/var/rancid/CVS/switches-PoP-SP/router.db,v <-- router.db initial revision: 1.1 Now I can go ahead with the README file. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ismail M. Settenda escreveu: > run > updatedb > > Then > locate rancid-cvs > > Then run the complete path to rancid-cvs > i.e. > /usr/lib/rancid/bin/rancid-cvs > > -- > Ismail > > On Mon, Mar 8, 2010 at 8:21 PM, Wagner Pereira > wrote: > > Ok, John, but how should I do that? > > Hugs. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > john heasley escreveu: > > Mon, Mar 08, 2010 at 01:52:06PM -0300, Wagner Pereira: > > > >> Hi, there. > >> > >> I am following the README file for install Rancid in my Debian > lenny. > >> > >> When I run the rancid-cvs command (step 7), it showed me: > >> rancid-cvs: command not found > >> > >> How can I fix that? > >> > > > > you need to set your path enironment variable in your shell to > include > > the location of the rancid executables or use the fully > qualified path > > name for the command. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From rwest at zyedge.com Mon Mar 8 18:08:45 2010 From: rwest at zyedge.com (Ryan West) Date: Mon, 8 Mar 2010 18:08:45 +0000 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B953B97.6080505@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> <4B953B97.6080505@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1461CD@zy-ex1.zyedge.local> Wagner, > -----Original Message----- > Sent: Monday, March 08, 2010 1:02 PM > To: ismail at habari.co.tz > Cc: Rancid Mailing List > Subject: [rancid] Re: Rancid-cvs: command not found > > Perfect, Ismail! Thank you. (You see, John Heasley? It's not too > difficult to help). > There is a good reason he said you need to read. Two people have posted tutorials to get the software setup. You most likely just ran rancid-cvs as a user that is not rancid, which is going to cause more issues further down the line. BTW, John is the author of the program, I think he does a lot already. -ryan From heas at shrubbery.net Mon Mar 8 18:25:51 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Mar 2010 10:25:51 -0800 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B953B97.6080505@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> <4B953B97.6080505@pop-sp.rnp.br> Message-ID: <20100308182550.GG19278@shrubbery.net> Mon, Mar 08, 2010 at 03:01:59PM -0300, Wagner Pereira: > Perfect, Ismail! Thank you. (You see, John Heasley? It's not too > difficult to help). Sorry, this is not the unix help list. i already made an effort to give you clues off-list. you made no effort to find the answer yourself. go to google, enter "command not found" (with the quotes) and click "I'm feeling lucky". the result has the answer: http://www.cyberciti.biz/faq/linux-unix-command-not-found-error-and-how-to-get-rid-of-it/ it was that easy. Please make an effort to find your own answers before asking hundreds of folks on a mailing list to do it for you. and my appologies to the list for this mail. From wpereira at pop-sp.rnp.br Mon Mar 8 18:25:54 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Mon, 08 Mar 2010 15:25:54 -0300 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD1461CD@zy-ex1.zyedge.local> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> <4B953B97.6080505@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1461CD@zy-ex1.zyedge.local> Message-ID: <4B954132.8000309@pop-sp.rnp.br> Ok, Ryan and Lance. I got your "message". And about John, I didn't want to offend him. By the way, I am doing the configuration as root (#) and now, I gave a step ahead: I am stucked at the step 8. I copied the router.db.5 file for the like router.db Should I need to create each entry manually in this file? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > Wagner, > > >> -----Original Message----- >> Sent: Monday, March 08, 2010 1:02 PM >> To: ismail at habari.co.tz >> Cc: Rancid Mailing List >> Subject: [rancid] Re: Rancid-cvs: command not found >> >> Perfect, Ismail! Thank you. (You see, John Heasley? It's not too >> difficult to help). >> >> > > There is a good reason he said you need to read. Two people have posted tutorials to get the software setup. You most likely just ran rancid-cvs as a user that is not rancid, which is going to cause more issues further down the line. BTW, John is the author of the program, I think he does a lot already. > > -ryan > From heas at shrubbery.net Mon Mar 8 18:30:43 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Mar 2010 10:30:43 -0800 Subject: [rancid] Re: Removing flash free space collection In-Reply-To: <01E9BE53DDA8974BA1A4E4C6DB8BA15B06B644CB@tnshestia.tnsadmin.tns.psu.edu> References: <01E9BE53DDA8974BA1A4E4C6DB8BA15B06B644CB@tnshestia.tnsadmin.tns.psu.edu> Message-ID: <20100308183043.GH19278@shrubbery.net> Mon, Mar 08, 2010 at 09:09:48AM -0500, Adam McNeal: > Sorry if this is a repost, I am still new with Rancid. > > I have a couple of Foundry devices that repeatedly have changes in flash > free space due to other backups that are run. The changes are like this: > > Index: configs/telecom-sw02.tns.its.psu.edu > =================================================================== > retrieving revision 1.49 > diff -U 4 -r1.49 telecom-sw02.tns.its.psu.edu @@ -57,9 +57,9 @@ > ! > !Flash: Compressed Pri Code size = 2667614, Version 04.3.00T3e1 > (sxl04300.bin) > !Flash: Compressed Sec Code size = 2667614, Version 04.3.00T3e1 > (sxl04300.bin) > !Flash: Compressed BootROM Code size = 524288, Version 04.0.00T3e5 > - !Flash: Code Flash Free Space = 11206656 > + !Flash: Code Flash Free Space = 11264000 > > I am not really concerned about these changes in flash size. How would I > go about suppressing the commands that collect this data? I think the free space is useful, but agree that the frequent changes are annoying. How about reducing this to something like the rounded value of free space as Gig/Meg/Kilo? The current code (which become 2.3.3 soon) has a crude version of this for IOS XR/XE like so: if (($ios eq "XR" || $ios eq "XE") && /.*\((\d+) bytes free\)/) { my($tmp) = int($1 / (1024 * 1024)); s/$1 bytes free/$tmp MB free/; } > > Thank you, > > Adam McNeal > Telecommunications and Network Services > Penn State University > awm11 at psu.edu > Desk: 814-865-9985 > Desktop Video Call: 30165 > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bmahaffey at pelco.com Mon Mar 8 18:52:30 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Mon, 8 Mar 2010 10:52:30 -0800 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B954132.8000309@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com><4B953B97.6080505@pop-sp.rnp.br><5DC4853C6CC3EE4788779E0726E034DD1461CD@zy-ex1.zyedge.local> <4B954132.8000309@pop-sp.rnp.br> Message-ID: <4BBAF403456ED74981E7164ED3A4C22401D1CC4E@CA-EVS02.pelco.org> http://www.debian-administration.org/articles/429 or http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid These always help me, make sure you don't skim through the installation. Do each step and try to understand what you are installing so when you are troubleshooting you can fix the issue much quicker. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: Monday, March 08, 2010 10:26 AM Cc: Rancid Mailing List Subject: [rancid] Re: Rancid-cvs: command not found Ok, Ryan and Lance. I got your "message". And about John, I didn't want to offend him. By the way, I am doing the configuration as root (#) and now, I gave a step ahead: I am stucked at the step 8. I copied the router.db.5 file for the like router.db Should I need to create each entry manually in this file? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > Wagner, > > >> -----Original Message----- >> Sent: Monday, March 08, 2010 1:02 PM >> To: ismail at habari.co.tz >> Cc: Rancid Mailing List >> Subject: [rancid] Re: Rancid-cvs: command not found >> >> Perfect, Ismail! Thank you. (You see, John Heasley? It's not too >> difficult to help). >> >> > > There is a good reason he said you need to read. Two people have posted tutorials to get the software setup. You most likely just ran rancid-cvs as a user that is not rancid, which is going to cause more issues further down the line. BTW, John is the author of the program, I think he does a lot already. > > -ryan > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. From cgauthier at mapscu.com Mon Mar 8 19:05:52 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 8 Mar 2010 11:05:52 -0800 Subject: [rancid] Re: Removing flash free space collection In-Reply-To: <20100308183043.GH19278@shrubbery.net> References: <01E9BE53DDA8974BA1A4E4C6DB8BA15B06B644CB@tnshestia.tnsadmin.tns.psu.edu> <20100308183043.GH19278@shrubbery.net> Message-ID: I happen to like the free space messages as well. I remember how Foundry/Brocade switches would do that on some models. The fan RPM would cause the same effect. Rather than enforcing a specific policy of "x MB/KB/GB/etc", what about either a commandline option or an entry into .cloginrc? I favor .cloginrc because it could then be tailored to the individual systems like can be done with the login methods and credentials. Since I do not see frequent changes of just the size, I am inclined not to change the behavior. This is why I favor making the changes optional to use. Chris G. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: Monday, March 08, 2010 10:31 AM To: Adam McNeal Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Removing flash free space collection Mon, Mar 08, 2010 at 09:09:48AM -0500, Adam McNeal: > Sorry if this is a repost, I am still new with Rancid. > > I have a couple of Foundry devices that repeatedly have changes in flash > free space due to other backups that are run. The changes are like this: > > Index: configs/telecom-sw02.tns.its.psu.edu > =================================================================== > retrieving revision 1.49 > diff -U 4 -r1.49 telecom-sw02.tns.its.psu.edu @@ -57,9 +57,9 @@ > ! > !Flash: Compressed Pri Code size = 2667614, Version 04.3.00T3e1 > (sxl04300.bin) > !Flash: Compressed Sec Code size = 2667614, Version 04.3.00T3e1 > (sxl04300.bin) > !Flash: Compressed BootROM Code size = 524288, Version 04.0.00T3e5 > - !Flash: Code Flash Free Space = 11206656 > + !Flash: Code Flash Free Space = 11264000 > > I am not really concerned about these changes in flash size. How would I > go about suppressing the commands that collect this data? I think the free space is useful, but agree that the frequent changes are annoying. How about reducing this to something like the rounded value of free space as Gig/Meg/Kilo? The current code (which become 2.3.3 soon) has a crude version of this for IOS XR/XE like so: if (($ios eq "XR" || $ios eq "XE") && /.*\((\d+) bytes free\)/) { my($tmp) = int($1 / (1024 * 1024)); s/$1 bytes free/$tmp MB free/; } > > Thank you, > > Adam McNeal > Telecommunications and Network Services > Penn State University > awm11 at psu.edu > Desk: 814-865-9985 > Desktop Video Call: 30165 > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tebass at indiana.edu Mon Mar 8 19:30:46 2010 From: tebass at indiana.edu (Bass, Teresa R) Date: Mon, 8 Mar 2010 14:30:46 -0500 Subject: [rancid] autoenable vs noenable Message-ID: <58E89EF1291F384D97CFED05C551FC4D0F17A4C539@iu-mssg-mbx07.ads.iu.edu> I wonder if anyone has run into this problem: Half of our switches are HP 4100's which cannot be autoenabled. The other half can be autoenabled. The switch names I need to enter into .cloginrc are AB* but I have to do 1/2 as " AB* add autoenable 1" and the other 1/2 as "AB* add noenable 1". I'm trying to find a way around entering each individual device into .cloginrc as it is such a large number of devices. Has anyone found a hack to the hlogin script that will allow me to use autoenable AND noenable without specifying each device name? Any help would be appreciated! Teresa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100308/0cb517ec/attachment.html From cgauthier at mapscu.com Mon Mar 8 19:36:05 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Mon, 8 Mar 2010 11:36:05 -0800 Subject: [rancid] Re: autoenable vs noenable In-Reply-To: <58E89EF1291F384D97CFED05C551FC4D0F17A4C539@iu-mssg-mbx07.ads.iu.edu> References: <58E89EF1291F384D97CFED05C551FC4D0F17A4C539@iu-mssg-mbx07.ads.iu.edu> Message-ID: I think an easier solution than a hack would be to create two separate rancid groups. One uses the enable and one doesn't. Chris G. From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Bass, Teresa R Sent: Monday, March 08, 2010 11:31 AM To: rancid-discuss at shrubbery.net Subject: [rancid] autoenable vs noenable I wonder if anyone has run into this problem: Half of our switches are HP 4100's which cannot be autoenabled.? The other half can be autoenabled. The switch names I need to enter into .cloginrc are AB* but I have to do 1/2 as ??????????????? " AB* add autoenable 1" ?and the other 1/2 ?as ??????????????? "AB* add noenable 1". I'm trying to find a way around entering each individual device into .cloginrc as it is such a large number of devices. Has anyone found a hack to the hlogin script that will allow me to use autoenable AND noenable without specifying each device name? Any help would be appreciated! Teresa From heas at shrubbery.net Mon Mar 8 19:50:17 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 8 Mar 2010 11:50:17 -0800 Subject: [rancid] Re: autoenable vs noenable In-Reply-To: References: <58E89EF1291F384D97CFED05C551FC4D0F17A4C539@iu-mssg-mbx07.ads.iu.edu> Message-ID: <20100308195017.GQ19278@shrubbery.net> Mon, Mar 08, 2010 at 11:36:05AM -0800, Chris Gauthier: > I think an easier solution than a hack would be to create two separate rancid groups. One uses the enable and one doesn't. I had written a patch for clogin to remove the need for autoenable. Has anyone tried that? It could be adapted for hp. btw, noenable is a different knob. See the cloginrc(5) man page for those two directives. > Chris G. > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Bass, Teresa R > Sent: Monday, March 08, 2010 11:31 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] autoenable vs noenable > > I wonder if anyone has run into this problem: > > Half of our switches are HP 4100's which cannot be autoenabled.? The other half can be autoenabled. > > The switch names I need to enter into .cloginrc are AB* but I have to do 1/2 as > ??????????????? " AB* add autoenable 1" > ?and the other 1/2 ?as > ??????????????? "AB* add noenable 1". > > I'm trying to find a way around entering each individual device into .cloginrc as it is such a large number of devices. > > Has anyone found a hack to the hlogin script that will allow me to use autoenable AND noenable without specifying each device name? > > Any help would be appreciated! > Teresa > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From perc69 at gmail.com Mon Mar 8 20:50:34 2010 From: perc69 at gmail.com (Per Carlson) Date: Mon, 8 Mar 2010 21:50:34 +0100 Subject: [rancid] Re: Rancid-cvs: command not found In-Reply-To: <4B954132.8000309@pop-sp.rnp.br> References: <4B952B36.7070307@pop-sp.rnp.br> <20100308170608.GA19278@shrubbery.net> <4B9531FD.2020807@pop-sp.rnp.br> <3c1cf0fd1003080949u7b00b546g2149ee4db57cbf09@mail.gmail.com> <4B953B97.6080505@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD1461CD@zy-ex1.zyedge.local> <4B954132.8000309@pop-sp.rnp.br> Message-ID: <746ca6da1003081250k5f96ece8q9189b8e82dd6fd75@mail.gmail.com> Hi. > By the way, I am doing the configuration as root (#) and now, I gave a > step ahead: I am stucked at the step 8. As you are using Debian Lenny, why not using the Debian package(s) (rancid-core/cvs/util)? It's in the standard repositories. If you use the Debian package you get a streamlined install with proper uid/gid, and other permissions. -- Pelle From ivaylo.terziyski at btc-net.bg Tue Mar 9 00:42:39 2010 From: ivaylo.terziyski at btc-net.bg (Ivaylo Terziyski) Date: Tue, 9 Mar 2010 02:42:39 +0200 Subject: [rancid] rancid with sec issue Message-ID: <16CBC2B869FA491984B324AC307DA0FB@terziyski> Hi everybody, I am using SEC with RANCID to make configuration updates on-demand. I have managed to configure SEC to scan TACACS+ log and initiate 'rancid-run -r hostname' command. But if there are two users at the same time in two different devices configuring I see in my logs: hourly config diffs failed: /tmp/..run.lock exists and there are no diffs collected at all. I will be appreciate some help resolving this issue. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100309/7e3740a0/attachment.html From dclement at clickability.com Tue Mar 9 01:20:32 2010 From: dclement at clickability.com (David Clement) Date: Mon, 8 Mar 2010 17:20:32 -0800 Subject: [rancid] Re: rancid with sec issue In-Reply-To: <16CBC2B869FA491984B324AC307DA0FB@terziyski> References: <16CBC2B869FA491984B324AC307DA0FB@terziyski> Message-ID: <1fbc1f9f1003081720g5e1c878q8321c7f2496abe6d@mail.gmail.com> I haven't offered any such suggestions in the past on this list b/c I figured others would know better, so take this for what it's worth: you might try calling a wrapper script from SEC (instead of directly calling rancid-run -r hostname) that can wait for the prior run of RANCID to complete. If you add some controls to ensure you don't fire off too many waiting wrapper scripts, it might be even safer: #!/usr/bin/perl my ($host) = shift; my $lockFile = '/tmp/**.run.lock # lock file name that RANCID creates while running my $sleepTime = 60; # seconds to wait for lockfile to go away my $sleepCount = 0; # how many times the script has looked for the lockfile, found it and waited my $sleepMax = 10; # maximum number of times to sleep while (-e $lockFile) { if ($sleepCount >= $sleepMax) { # add email notification here die "wanted to run RANCID for host '$host' but couldn't ". "wait any longer for lockfile to go away. ". "waited $sleepTime seconds $sleepCount times."; } $sleepCount++; sleep $sleepTime; } system("rancid-run -r $host"); Dave 2010/3/8 Ivaylo Terziyski > Hi everybody, > > I am using SEC with RANCID to make configuration updates on-demand. > I have managed to configure SEC to scan TACACS+ log and initiate > 'rancid-run -r hostname' command. > But if there are two users at the same time in two different devices > configuring I see in my logs: > > hourly config diffs failed: /tmp/..run.lock exists > > and there are no diffs collected at all. > I will be appreciate some help resolving this issue. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100308/cbd43f30/attachment.html From dale.shaw+rancid-discuss at gmail.com Tue Mar 9 05:27:03 2010 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Tue, 9 Mar 2010 16:27:03 +1100 Subject: [rancid] rancid bombing out on "dir /all disk0:" when command not authorized by AAA Message-ID: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> Hi all, I'm running RANCID 2.3.2 on Ubuntu 9.04. I'm trying to collect configs from a bunch of Cisco ASA 5500 series firewalls. Recently we brought them into production and as part of that exercise, enabled AAA (TACACS). The command set doesn't permit some of the commands RANCID is attempting to execute. It looks like it's bombing out when parsing the output from 'dir /all disk0:', which in this case is "Command authorization failed". I'll probably just end up adding this command to the authorised set, but am I missing something or is this behaviour a bit .. ungraceful? :-) rancid -d and clogin -c output below. Cheers, Dale dshaw at utility:/usr/local/rancid/var/customer-all/configs$ sudo -u rancid /usr/local/rancid/bin/rancid -d customer-fw01 executing clogin -t 90 -c"admin show version;show version;show redundancy secondary;show idprom backplane;show install active;admin show env all;show env all;show rsp chassis-info;show gsr chassis;show diag chassis-info;show boot;show bootvar;admin show variables boot;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir /all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show controllers;show controllers cbus;show diagbus;admin show diag;show diag;show module;show spe version;show c7200;show inventory raw;show vtp status;show vlan;show vlan-switch;show debug;more system:running-config;show running-config;write term" customer-fw01 PROMPT MATCH: CUSTOMER-FW01# HIT COMMAND:CUSTOMER-FW01# admin show version In ShowVersion: CUSTOMER-FW01# admin show version HIT COMMAND:CUSTOMER-FW01# show version In ShowVersion: CUSTOMER-FW01# show version HIT COMMAND:CUSTOMER-FW01# show redundancy secondary In ShowRedundancy: CUSTOMER-FW01# show redundancy secondary HIT COMMAND:CUSTOMER-FW01# show idprom backplane In ShowIDprom: CUSTOMER-FW01# show idprom backplane HIT COMMAND:CUSTOMER-FW01# show install active In ShowInstallActive: CUSTOMER-FW01# show install active HIT COMMAND:CUSTOMER-FW01# admin show env all In ShowEnv: CUSTOMER-FW01# admin show env all HIT COMMAND:CUSTOMER-FW01# show env all In ShowEnv: CUSTOMER-FW01# show env all HIT COMMAND:CUSTOMER-FW01# show rsp chassis-info In ShowRSP: CUSTOMER-FW01# show rsp chassis-info HIT COMMAND:CUSTOMER-FW01# show gsr chassis In ShowGSR: CUSTOMER-FW01# show gsr chassis HIT COMMAND:CUSTOMER-FW01# show diag chassis-info In ShowGSR: CUSTOMER-FW01# show diag chassis-info HIT COMMAND:CUSTOMER-FW01# show boot In ShowBoot: CUSTOMER-FW01# show boot HIT COMMAND:CUSTOMER-FW01# show bootvar In ShowBoot: CUSTOMER-FW01# show bootvar HIT COMMAND:CUSTOMER-FW01# admin show variables boot In ShowBoot: CUSTOMER-FW01# admin show variables boot HIT COMMAND:CUSTOMER-FW01# show variables boot In ShowBoot: CUSTOMER-FW01# show variables boot HIT COMMAND:CUSTOMER-FW01# show flash In ShowFlash: CUSTOMER-FW01# show flash HIT COMMAND:CUSTOMER-FW01# dir /all nvram: In DirSlotN: CUSTOMER-FW01# dir /all nvram: HIT COMMAND:CUSTOMER-FW01# dir /all bootflash: In DirSlotN: CUSTOMER-FW01# dir /all bootflash: HIT COMMAND:CUSTOMER-FW01# dir /all slot0: In DirSlotN: CUSTOMER-FW01# dir /all slot0: HIT COMMAND:CUSTOMER-FW01# dir /all disk0: In DirSlotN: CUSTOMER-FW01# dir /all disk0: write(spawn_id=1): broken pipe while executing "send_user -- "$expect_out(buffer)"" invoked from within "expect -nobrace -re+ { exp_continue } -re {^[^ *]*CUSTOMER([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user -- "$expect_out(buffer)" } -re {..." invoked from within "expect { -re "\b+" { exp_continue } -re "^\[^\n\r *]*$reprompt" { send_user -- "$expect_out(buffer)" } -re "^\[^\n\r]*$reprom..." (procedure "run_commands" line 39) invoked from within "run_commands $prompt $command" ("foreach" body line 149) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] # attempt at platform switching. set platform "" send_user ..." (file "/usr/local/rancid/bin/clogin" line 723) dshaw at utility:~$ clogin -c "dir /all disk0:" customer-fw01 customer-fw01 spawn ssh -c 3des -x -l user customer-fw01 user at customer-fw01's password: Type help or '?' for a list of available commands. CUSTOMER-FW01> enable Password: ******** CUSTOMER-FW01# CUSTOMER-FW01# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. CUSTOMER-FW01# dir /all disk0: Command authorization failed CUSTOMER-FW01#exit Logoff Connection to customer-fw01 closed. From peo at chalmers.se Tue Mar 9 08:36:17 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Tue, 9 Mar 2010 09:36:17 +0100 Subject: [rancid] Rancid 2.3.3 not on ftp-server. Message-ID: <4B960881.2090205@chalmers.se> Hi >From home page "http://www.shrubbery.net/rancid/" there is way to download latest software I only get "550 /pub/rancid/rancid-2.3.3.tar.gz: No such file or directory." trying to get software by href ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.3.tar.gz /Peo ---------------------------------------------------------- Per-Olof Olsson Email: peo at chalmers.se Chalmers tekniska h?gskola IT-service H?rsalsv?gen 5 412 96 G?teborg Tel: 031/772 6738 Fax: 031/772 8660 ---------------------------------------------------------- From wpereira at pop-sp.rnp.br Tue Mar 9 12:57:12 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 09:57:12 -0300 Subject: [rancid] About the .cloginrc file Message-ID: <4B9645A8.6070909@pop-sp.rnp.br> Hi, all. I would like to ensure that my .cloginrc file is correctly written. Can someone help me out? Thanks a lot. ============================ add password 10.0.0.1 {vty_pass} {ena_pass} add user 10.0.0.1 $USER add userprompt 10.0.0.1 {"Username:"} # add userpassword # The password for user if different than the password set # using 'add password'. add passprompt 10.0.0.1 {"Password:"} add method * {telnet} {ssh} add enableprompt 10.0.0.1 {"Password:"} add cyphertype 10.0.0.1 3des # customer x # these routers ask for a username and password. we automatically get # enable access after successful authentication. add user *.custx.net roger add password *.custx.net {doger} add autoenable *.custx.net 1 # customer y # this is the normal cisco login. a password followed by and enable password. # try ssh first, then rlogin. add password *.custy.net {vector} {victor} add method *.custy.net ssh rlogin # customer z; they use ssh only. add user *.custz.net shirley add password *.custz.net {jive} {surely} add method *.custz.net ssh # the route-server's do not provide enable access. cmdline -noenable # equivalent. add noenable route-server* 1 # all our routers, i.e.: everything else add password * {clearance} {clarence} # set ssh encryption type, dflt: 3des add cyphertype * {3des} # set the username prompt to "router login:" #add userprompt * {"router login:"} # ssh identity for a juniper; used with jlogin add identity my.juniper $env(HOME)/.ssh/juniper # riverstone / enterasys / cabletron (rivlogin) example # these boxes are 'back-to-front' from cisco (i.e., ask # for vty password always, then tac+/radius if configured). # # vty password and last resort (enable) password for rivlogin add password rs3000 {vtypass} {lastresort} # if using tac+ or radius login, include these lines add user rs3000 {monster} add userpassword rs3000 {scary} ============================ -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From heas at shrubbery.net Tue Mar 9 18:18:24 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 9 Mar 2010 10:18:24 -0800 Subject: [rancid] Re: About the .cloginrc file In-Reply-To: <4B9645A8.6070909@pop-sp.rnp.br> References: <4B9645A8.6070909@pop-sp.rnp.br> Message-ID: <20100309181824.GE5643@shrubbery.net> Tue, Mar 09, 2010 at 09:57:12AM -0300, Wagner Pereira: > Hi, all. > > I would like to ensure that my .cloginrc file is correctly written. Can > someone help me out? Thanks a lot. > > ============================ > add password 10.0.0.1 {vty_pass} {ena_pass} > > add user 10.0.0.1 $USER this is the default; not necessary and afaik its $env(USER). > add userprompt 10.0.0.1 {"Username:"} > > # add userpassword > # The password for user if different than the password set > # using 'add password'. > > add passprompt 10.0.0.1 {"Password:"} > > add method * {telnet} {ssh} > > add enableprompt 10.0.0.1 {"Password:"} > > add cyphertype 10.0.0.1 3des > > # customer x > # these routers ask for a username and password. we automatically get > # enable access after successful authentication. > add user *.custx.net roger > add password *.custx.net {doger} > add autoenable *.custx.net 1 > > # customer y > # this is the normal cisco login. a password followed by and enable > password. > # try ssh first, then rlogin. > add password *.custy.net {vector} {victor} > add method *.custy.net ssh rlogin > > # customer z; they use ssh only. > add user *.custz.net shirley > add password *.custz.net {jive} {surely} > add method *.custz.net ssh > > # the route-server's do not provide enable access. cmdline -noenable > # equivalent. > add noenable route-server* 1 > > # all our routers, i.e.: everything else > add password * {clearance} {clarence} > > # set ssh encryption type, dflt: 3des > add cyphertype * {3des} > > # set the username prompt to "router login:" > #add userprompt * {"router login:"} > > # ssh identity for a juniper; used with jlogin > add identity my.juniper $env(HOME)/.ssh/juniper > > # riverstone / enterasys / cabletron (rivlogin) example > # these boxes are 'back-to-front' from cisco (i.e., ask > # for vty password always, then tac+/radius if configured). > # > # vty password and last resort (enable) password for rivlogin > add password rs3000 {vtypass} {lastresort} > # if using tac+ or radius login, include these lines > add user rs3000 {monster} > add userpassword rs3000 {scary} > ============================ > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From wpereira at pop-sp.rnp.br Tue Mar 9 18:43:53 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 15:43:53 -0300 Subject: [rancid] Re: About the .cloginrc file In-Reply-To: <20100309181824.GE5643@shrubbery.net> References: <4B9645A8.6070909@pop-sp.rnp.br> <20100309181824.GE5643@shrubbery.net> Message-ID: <4B9696E9.8000408@pop-sp.rnp.br> Ok, John. You meant that I should let this line as follows? add user 10.0.0.1 rancid There's another thing: I noticed that, after I've created my first group on rancid.conf file, the Rancid generated itself a directory with the same name that my group and, inside that directory, a empty router.db file. I ask you: 1. Should I configure that empty file manually or 2. Copy the router.db.5 file's content into this empty file? OR run some command (because there is a router.db,v file created on /home/rancid/var/rancid/CVS/switches-PoP-SP directory)? -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 john heasley escreveu: > Tue, Mar 09, 2010 at 09:57:12AM -0300, Wagner Pereira: > >> Hi, all. >> >> I would like to ensure that my .cloginrc file is correctly written. Can >> someone help me out? Thanks a lot. >> >> ============================ >> add password 10.0.0.1 {vty_pass} {ena_pass} >> >> add user 10.0.0.1 $USER >> > > this is the default; not necessary and afaik its $env(USER). > > >> add userprompt 10.0.0.1 {"Username:"} >> >> # add userpassword >> # The password for user if different than the password set >> # using 'add password'. >> >> add passprompt 10.0.0.1 {"Password:"} >> >> add method * {telnet} {ssh} >> >> add enableprompt 10.0.0.1 {"Password:"} >> >> add cyphertype 10.0.0.1 3des >> >> # customer x >> # these routers ask for a username and password. we automatically get >> # enable access after successful authentication. >> add user *.custx.net roger >> add password *.custx.net {doger} >> add autoenable *.custx.net 1 >> >> # customer y >> # this is the normal cisco login. a password followed by and enable >> password. >> # try ssh first, then rlogin. >> add password *.custy.net {vector} {victor} >> add method *.custy.net ssh rlogin >> >> # customer z; they use ssh only. >> add user *.custz.net shirley >> add password *.custz.net {jive} {surely} >> add method *.custz.net ssh >> >> # the route-server's do not provide enable access. cmdline -noenable >> # equivalent. >> add noenable route-server* 1 >> >> # all our routers, i.e.: everything else >> add password * {clearance} {clarence} >> >> # set ssh encryption type, dflt: 3des >> add cyphertype * {3des} >> >> # set the username prompt to "router login:" >> #add userprompt * {"router login:"} >> >> # ssh identity for a juniper; used with jlogin >> add identity my.juniper $env(HOME)/.ssh/juniper >> >> # riverstone / enterasys / cabletron (rivlogin) example >> # these boxes are 'back-to-front' from cisco (i.e., ask >> # for vty password always, then tac+/radius if configured). >> # >> # vty password and last resort (enable) password for rivlogin >> add password rs3000 {vtypass} {lastresort} >> # if using tac+ or radius login, include these lines >> add user rs3000 {monster} >> add userpassword rs3000 {scary} >> ============================ >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> From heas at shrubbery.net Tue Mar 9 19:39:13 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 9 Mar 2010 11:39:13 -0800 Subject: [rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA In-Reply-To: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> References: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> Message-ID: <20100309193913.GI5643@shrubbery.net> Tue, Mar 09, 2010 at 04:27:03PM +1100, Dale Shaw: > Hi all, > > I'm running RANCID 2.3.2 on Ubuntu 9.04. > > I'm trying to collect configs from a bunch of Cisco ASA 5500 series firewalls. > > Recently we brought them into production and as part of that exercise, > enabled AAA (TACACS). The command set doesn't permit some of the > commands RANCID is attempting to execute. It looks like it's bombing > out when parsing the output from 'dir /all disk0:', which in this case > is "Command authorization failed". > > I'll probably just end up adding this command to the authorised set, > but am I missing something or is this behaviour a bit .. ungraceful? > :-) nope; it expects to be able to run the commands and was not written with the idea that folks would care that it be able to run them. From jethro.binks at strath.ac.uk Tue Mar 9 19:47:38 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 9 Mar 2010 19:47:38 +0000 (GMT) Subject: [rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA In-Reply-To: <20100309193913.GI5643@shrubbery.net> References: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> <20100309193913.GI5643@shrubbery.net> Message-ID: On Tue, 9 Mar 2010, john heasley wrote: > > I'm trying to collect configs from a bunch of Cisco ASA 5500 series > > firewalls. > > > > Recently we brought them into production and as part of that exercise, > > enabled AAA (TACACS). The command set doesn't permit some of the > > commands RANCID is attempting to execute. It looks like it's bombing > > out when parsing the output from 'dir /all disk0:', which in this case > > is "Command authorization failed". > > > > I'll probably just end up adding this command to the authorised set, > > but am I missing something or is this behaviour a bit .. ungraceful? > > :-) > > nope; it expects to be able to run the commands and was not written with > the idea that folks would care that it be able to run them. I don't use AAA in this case, and I can't remember all the details, but here's at least some of what I did with one of my ASA5500s: username rancid password blahblah encrypted privilege 7 privilege cmd level 7 mode exec command more privilege cmd level 7 mode exec command dir privilege cmd level 7 mode exec command write privilege cmd level 7 mode exec command terminal privilege show level 7 mode exec command running-config privilege show level 7 mode exec command version privilege show level 7 mode exec command bootvar privilege show level 7 mode exec command names privilege show level 7 mode exec command vlan privilege show level 7 mode exec command module Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From wpereira at pop-sp.rnp.br Tue Mar 9 20:16:04 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 17:16:04 -0300 Subject: [rancid] It appears that Rancid is working now! Message-ID: <4B96AC84.5060805@pop-sp.rnp.br> Hey, Rancid's guys! Can I start to celebrate? See below: rancid-server# cat switches-PoP-SP.20100309.170101 starting: Tue Mar 9 17:01:01 BRT 2010 cvs add: scheduling file `200.133.192.254' for addition cvs add: use `cvs commit' to add this file permanently /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/200.133.192.254,v <-- 200.133.192.254 initial revision: 1.1 Added 200.133.192.254 Trying to get all of the configs. 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) does not exist 200.133.192.254: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: 200.133.192.254: End of run not found ! ===================================== Getting missed routers: round 1. 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) does not exist 200.133.192.254: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: 200.133.192.254: End of run not found ! ===================================== Getting missed routers: round 2. 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) does not exist 200.133.192.254: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: 200.133.192.254: End of run not found ! ===================================== Getting missed routers: round 3. 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) does not exist 200.133.192.254: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: 200.133.192.254: End of run not found ! ===================================== Getting missed routers: round 4. 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) does not exist 200.133.192.254: missed cmd(s): admin show diag,dir /all slavedisk2:,show rsp chassis-info,dir /all sec-slot2:,show diag,dir /all disk1:,show gsr chassis,dir /all sec-nvram:,show diag chassis-info,dir /all disk2:,dir /all sec-bootflash:,show spe version,dir /all slaveslot2:,dir /all disk0:,show install active,show bootvar,dir /all slaveslot0:,dir /all sec-slot1:,dir /all harddiska:,dir /all slavenvram:,show flash,dir /all sec-disk2:,dir /all slavesup-bootflash:,dir /all sec-disk0:,dir /all harddiskb:,show variables boot,show boot,show inventory raw,dir /all slavedisk1:,show env all,show module,admin show env all,show controllers,admin show version,show diagbus,more system:running-config,dir /all slavedisk0:,show debug,show idprom backplane,dir /all bootflash:,dir /all sec-slot0:,dir /all sec-disk1:,write term,show vtp status,dir /all sup-bootflash:,dir /all slot2:,dir /all harddisk:,dir /all slot0:,dir /all sup-microcode:,show vlan,dir /all slavebootflash:,show controllers cbus,dir /all slaveslot1:,dir /all nvram:,show version,show vlan-switch,admin show variables boot,show redundancy secondary,show running-config,show c7200,dir /all slot1: 200.133.192.254: End of run not found ! cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs /home/rancid/var/rancid/CVS/switches-PoP-SP/router.db,v <-- router.db new revision: 1.2; previous revision: 1.1 ending: Tue Mar 9 17:01:04 BRT 2010 -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From rwest at zyedge.com Tue Mar 9 20:27:32 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 9 Mar 2010 20:27:32 +0000 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <4B96AC84.5060805@pop-sp.rnp.br> References: <4B96AC84.5060805@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> Wagner, > -----Original Message----- > Sent: Tuesday, March 09, 2010 3:16 PM > To: Rancid Mailing List > Subject: [rancid] It appears that Rancid is working now! > > Hey, Rancid's guys! > > Can I start to celebrate? See below: > > rancid-server# cat switches-PoP-SP.20100309.170101 > > starting: Tue Mar 9 17:01:01 BRT 2010 > > cvs add: scheduling file `200.133.192.254' for addition > cvs add: use `cvs commit' to add this file permanently > /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/200.133.192.254,v > <-- 200.133.192.254 > initial revision: 1.1 > Added 200.133.192.254 > > > > Trying to get all of the configs. > 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) > does not exist su - rancid && cat .cloginrc && rancid-run -ryan From wpereira at pop-sp.rnp.br Tue Mar 9 20:33:55 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 17:33:55 -0300 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> Message-ID: <4B96B0B3.8020307@pop-sp.rnp.br> Ryan, I did that: su - rancid && cat .cloginrc && rancid-run rancid at servicos2:~$ and I did run this: /home/rancid/bin/clogin -c "sh run" 200.133.192.254 This is the result: Error: password file (/home/rancid/.cloginrc) does not exist -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > Wagner, > > >> -----Original Message----- >> Sent: Tuesday, March 09, 2010 3:16 PM >> To: Rancid Mailing List >> Subject: [rancid] It appears that Rancid is working now! >> >> Hey, Rancid's guys! >> >> Can I start to celebrate? See below: >> >> rancid-server# cat switches-PoP-SP.20100309.170101 >> >> starting: Tue Mar 9 17:01:01 BRT 2010 >> >> cvs add: scheduling file `200.133.192.254' for addition >> cvs add: use `cvs commit' to add this file permanently >> /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/200.133.192.254,v >> <-- 200.133.192.254 >> initial revision: 1.1 >> Added 200.133.192.254 >> >> >> >> Trying to get all of the configs. >> 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) >> does not exist >> > > su - rancid && cat .cloginrc && rancid-run > > -ryan > From dale.shaw+rancid-discuss at gmail.com Tue Mar 9 20:49:09 2010 From: dale.shaw+rancid-discuss at gmail.com (Dale Shaw) Date: Wed, 10 Mar 2010 07:49:09 +1100 Subject: [rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA In-Reply-To: <20100309193913.GI5643@shrubbery.net> References: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> <20100309193913.GI5643@shrubbery.net> Message-ID: <3329cbb41003091249m3fe3d6ack64d5efc3dc20b43c@mail.gmail.com> Hi John, > Tue, Mar 09, 2010 at 04:27:03PM +1100, Dale Shaw: >> I'll probably just end up adding this command to the authorised set, >> but am I missing something or is this behaviour a bit .. ungraceful? On Wed, Mar 10, 2010 at 6:39 AM, john heasley wrote: > nope; it expects to be able to run the commands and was not written with > the idea that folks would care that it be able to run them. My perl-fu is weak but I saw some references to the string 'command not authorized' in bin/rancid. Is/was the intention that it should handle this message being returned? Cheers, Dale From rwest at zyedge.com Tue Mar 9 21:09:11 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 9 Mar 2010 21:09:11 +0000 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <4B96B0B3.8020307@pop-sp.rnp.br> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> Locate .cloginrc Have you created it yet or copied the sample that comes with the install to your environment. I hate to say this again, but ALL of this is covered in the tutorials that were posted. -ryan > -----Original Message----- > From: Wagner Pereira [mailto:wpereira at pop-sp.rnp.br] > Sent: Tuesday, March 09, 2010 3:34 PM > To: Ryan West > Cc: Rancid Mailing List > Subject: Re: [rancid] It appears that Rancid is working now! > > Ryan, > > I did that: > > su - rancid && cat .cloginrc && rancid-run > rancid at servicos2:~$ > > and I did run this: > > /home/rancid/bin/clogin -c "sh run" 200.133.192.254 > > This is the result: > > Error: password file (/home/rancid/.cloginrc) does not exist > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > Ryan West escreveu: > > Wagner, > > > > > >> -----Original Message----- > >> Sent: Tuesday, March 09, 2010 3:16 PM > >> To: Rancid Mailing List > >> Subject: [rancid] It appears that Rancid is working now! > >> > >> Hey, Rancid's guys! > >> > >> Can I start to celebrate? See below: > >> > >> rancid-server# cat switches-PoP-SP.20100309.170101 > >> > >> starting: Tue Mar 9 17:01:01 BRT 2010 > >> > >> cvs add: scheduling file `200.133.192.254' for addition > >> cvs add: use `cvs commit' to add this file permanently > >> /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/200.133.192.254,v > >> <-- 200.133.192.254 > >> initial revision: 1.1 > >> Added 200.133.192.254 > >> > >> > >> > >> Trying to get all of the configs. > >> 200.133.192.254 clogin error: Error: password file (/root/.cloginrc) > >> does not exist > >> > > > > su - rancid && cat .cloginrc && rancid-run > > > > -ryan > > From wpereira at pop-sp.rnp.br Tue Mar 9 21:37:41 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 18:37:41 -0300 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> Message-ID: <4B96BFA5.3090401@pop-sp.rnp.br> Hi, Ryan. I did read ALL the README file, believe me! And that's my .cloginrc file, copied from the cloginrc.sample: ===================== add password 10.0.0.1 {vty_pass} {ena_pass} add user 10.0.0.1 admin add userprompt 10.0.0.1 {"Username:"} add passprompt 10.0.0.1 {"Password:"} add method 10.0.0.1 {telnet} {ssh} add enableprompt 10.0.0.1 {"Password:"} add cyphertype 10.0.0.1 {3des} #add password sl-bb*-dc cow24 #add password sl-gw*-dc geeks #add password sl* hank dog #add password at* pete cow #add password sdn* mujahid horse #add password icm* peter #add password * anything # #add user sl-gw*-dc twit #add user sdn* sdn_auto #add user sdn-bb* ops_eng #add user * $env(USER) # customer x # these routers ask for a username and password. we automatically get # enable access after successful authentication. add user *.custx.net roger add password *.custx.net {doger} add autoenable *.custx.net 1 # customer y # this is the normal cisco login. a password followed by and enable password. # try ssh first, then rlogin. add password *.custy.net {vector} {victor} add method *.custy.net ssh rlogin # customer z; they use ssh only. add user *.custz.net shirley add password *.custz.net {jive} {surely} add method *.custz.net ssh # the route-server's do not provide enable access. cmdline -noenable # equivalent. add noenable route-server* 1 # all our routers, i.e.: everything else add password * {clearance} {clarence} # set ssh encryption type, dflt: 3des add cyphertype * {3des} # set the username prompt to "router login:" #add userprompt * {"router login:"} # ssh identity for a juniper; used with jlogin add identity my.juniper $env(HOME)/.ssh/juniper # riverstone / enterasys / cabletron (rivlogin) example # these boxes are 'back-to-front' from cisco (i.e., ask # for vty password always, then tac+/radius if configured). # # vty password and last resort (enable) password for rivlogin add password rs3000 {vtypass} {lastresort} # if using tac+ or radius login, include these lines add user rs3000 {monster} add userpassword rs3000 {scary} ===================== -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > Locate .cloginrc > > Have you created it yet or copied the sample that comes with the install to your environment. I hate to say this again, but ALL of this is covered in the tutorials that were posted. > > -ryan > > >> -----Original Message----- >> From: Wagner Pereira [mailto:wpereira at pop-sp.rnp.br] >> Sent: Tuesday, March 09, 2010 3:34 PM >> To: Ryan West >> Cc: Rancid Mailing List >> Subject: Re: [rancid] It appears that Rancid is working now! >> >> Ryan, >> >> I did that: >> >> su - rancid && cat .cloginrc && rancid-run >> rancid at servicos2:~$ >> >> and I did run this: >> >> /home/rancid/bin/clogin -c "sh run" 10.0.0.1 >> >> This is the result: >> >> Error: password file (/home/rancid/.cloginrc) does not exist >> >> -- >> >> Wagner Pereira >> >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo >> http://www.pop-sp.rnp.br >> Tel. (11) 3091-8901 >> >> >> >> Ryan West escreveu: >> >>> Wagner, >>> >>> >>> >>>> -----Original Message----- >>>> Sent: Tuesday, March 09, 2010 3:16 PM >>>> To: Rancid Mailing List >>>> Subject: [rancid] It appears that Rancid is working now! >>>> >>>> Hey, Rancid's guys! >>>> >>>> Can I start to celebrate? See below: >>>> >>>> rancid-server# cat switches-PoP-SP.20100309.170101 >>>> >>>> starting: Tue Mar 9 17:01:01 BRT 2010 >>>> >>>> cvs add: scheduling file `10.0.0.1' for addition >>>> cvs add: use `cvs commit' to add this file permanently >>>> /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/10.0.0.1,v >>>> <-- 10.0.0.1 >>>> initial revision: 1.1 >>>> Added 10.0.0.1 >>>> >>>> >>>> >>>> Trying to get all of the configs. >>>> 10.0.0.1 clogin error: Error: password file (/root/.cloginrc) >>>> does not exist >>>> >>>> >>> su - rancid && cat .cloginrc && rancid-run >>> >>> -ryan >>> >>> From wpereira at pop-sp.rnp.br Tue Mar 9 22:00:52 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 19:00:52 -0300 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <8423e7bb1003091352t3b303f03g112f77ced360a82b@mail.gmail.com> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> <4B96BFA5.3090401@pop-sp.rnp.br> <8423e7bb1003091352t3b303f03g112f77ced360a82b@mail.gmail.com> Message-ID: <4B96C514.6010209@pop-sp.rnp.br> Lance, Below it is what I did. Is there some additional test that I can make? cp /usr/local/rancid/tar/rancid-2.3.2/.cloginrc /home/rancid/ And i did run /home/rancid/bin/clogin -c "sh run" 10.0.0.1 10.0.0.1 spawn telnet 10.0.0.1 Trying 10.0.0.1... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l rancid 10.0.0.1 ssh: connect to host 10.0.0.1 port 22: Connection refused Error: Connection Refused (ssh): 10.0.0.1 -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Lance Vermilion escreveu: > Wagner, > > I echo what I said before. make sure the .cloginrc is in the home > directory for the rancid user (sometimes: /home/rancid/) and you ONLY > need the following in your .cloginrc > > add user 10.0.0.1 admin > add password 10.0.0.1 {vty_pass} {ena_pass} > add method 10.0.0.1 {telnet} {ssh} > > best of luck from here. > > > On Tue, Mar 9, 2010 at 2:37 PM, Wagner Pereira > wrote: > > Hi, Ryan. > > I did read ALL the README file, believe me! > > And that's my .cloginrc file, copied from the cloginrc.sample: > > ===================== > add password 10.0.0.1 {vty_pass} {ena_pass} > > add user 10.0.0.1 admin > > add userprompt 10.0.0.1 {"Username:"} > > add passprompt 10.0.0.1 {"Password:"} > > add method 10.0.0.1 {telnet} {ssh} > > add enableprompt 10.0.0.1 {"Password:"} > > add cyphertype 10.0.0.1 {3des} > > #add password sl-bb*-dc cow24 > #add password sl-gw*-dc geeks > #add password sl* hank dog > #add password at* pete cow > #add password sdn* mujahid horse > #add password icm* peter > #add password * anything > # > #add user sl-gw*-dc twit > #add user sdn* sdn_auto > #add user sdn-bb* ops_eng > #add user * $env(USER) > > # customer x > # these routers ask for a username and password. we automatically get > # enable access after successful authentication. > add user *.custx.net roger > add password *.custx.net {doger} > add autoenable *.custx.net 1 > > # customer y > # this is the normal cisco login. a password followed by and enable > password. > # try ssh first, then rlogin. > add password *.custy.net {vector} > {victor} > add method *.custy.net ssh rlogin > > # customer z; they use ssh only. > add user *.custz.net shirley > add password *.custz.net {jive} > {surely} > add method *.custz.net ssh > > # the route-server's do not provide enable access. cmdline -noenable > # equivalent. > add noenable route-server* 1 > > # all our routers, i.e.: everything else > add password * {clearance} {clarence} > > # set ssh encryption type, dflt: 3des > add cyphertype * {3des} > > # set the username prompt to "router login:" > #add userprompt * {"router login:"} > > # ssh identity for a juniper; used with jlogin > add identity my.juniper $env(HOME)/.ssh/juniper > > # riverstone / enterasys / cabletron (rivlogin) example > # these boxes are 'back-to-front' from cisco (i.e., ask > # for vty password always, then tac+/radius if configured). > # > # vty password and last resort (enable) password for rivlogin > add password rs3000 {vtypass} {lastresort} > # if using tac+ or radius login, include these lines > add user rs3000 {monster} > add userpassword rs3000 {scary} > ===================== > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > Ryan West escreveu: > > Locate .cloginrc > > > > Have you created it yet or copied the sample that comes with the > install to your environment. I hate to say this again, but ALL of > this is covered in the tutorials that were posted. > > > > -ryan > > > > > >> -----Original Message----- > >> From: Wagner Pereira [mailto:wpereira at pop-sp.rnp.br > ] > >> Sent: Tuesday, March 09, 2010 3:34 PM > >> To: Ryan West > >> Cc: Rancid Mailing List > >> Subject: Re: [rancid] It appears that Rancid is working now! > >> > >> Ryan, > >> > >> I did that: > >> > >> su - rancid && cat .cloginrc && rancid-run > >> rancid at servicos2:~$ > >> > >> and I did run this: > >> > >> /home/rancid/bin/clogin -c "sh run" 10.0.0.1 > >> > >> This is the result: > >> > >> Error: password file (/home/rancid/.cloginrc) does not exist > >> > >> -- > >> > >> Wagner Pereira > >> > >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de > S?o Paulo > >> http://www.pop-sp.rnp.br > >> Tel. (11) 3091-8901 > >> > >> > >> > >> Ryan West escreveu: > >> > >>> Wagner, > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> Sent: Tuesday, March 09, 2010 3:16 PM > >>>> To: Rancid Mailing List > >>>> Subject: [rancid] It appears that Rancid is working now! > >>>> > >>>> Hey, Rancid's guys! > >>>> > >>>> Can I start to celebrate? See below: > >>>> > >>>> rancid-server# cat switches-PoP-SP.20100309.170101 > >>>> > >>>> starting: Tue Mar 9 17:01:01 BRT 2010 > >>>> > >>>> cvs add: scheduling file `10.0.0.1' for addition > >>>> cvs add: use `cvs commit' to add this file permanently > >>>> /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/10.0.0.1 > ,v > >>>> <-- 10.0.0.1 > >>>> initial revision: 1.1 > >>>> Added 10.0.0.1 > >>>> > >>>> > >>>> > >>>> Trying to get all of the configs. > >>>> 10.0.0.1 clogin error: Error: password file (/root/.cloginrc) > >>>> does not exist > >>>> > >>>> > >>> su - rancid && cat .cloginrc && rancid-run > >>> > >>> -ryan > >>> > >>> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From rwest at zyedge.com Tue Mar 9 22:12:17 2010 From: rwest at zyedge.com (Ryan West) Date: Tue, 9 Mar 2010 22:12:17 +0000 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <4B96C514.6010209@pop-sp.rnp.br> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> <4B96BFA5.3090401@pop-sp.rnp.br> <8423e7bb1003091352t3b303f03g112f77ced360a82b@mail.gmail.com> <4B96C514.6010209@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD14C769@zy-ex1.zyedge.local> > -----Original Message----- > Sent: Tuesday, March 09, 2010 5:01 PM > To: Lance Vermilion; Rancid Mailing List > Subject: [rancid] Re: It appears that Rancid is working now! > > ssh: connect to host 10.0.0.1 port 22: Connection refused > > Error: Connection Refused (ssh): 10.0.0.1 Fix this. From wpereira at pop-sp.rnp.br Tue Mar 9 22:12:24 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Tue, 09 Mar 2010 19:12:24 -0300 Subject: [rancid] Re: It appears that Rancid is working now! In-Reply-To: <8423e7bb1003091405x6aa8149p824f46b029845c37@mail.gmail.com> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> <4B96BFA5.3090401@pop-sp.rnp.br> <8423e7bb1003091352t3b303f03g112f77ced360a82b@mail.gmail.com> <4B96C514.6010209@pop-sp.rnp.br> <8423e7bb1003091405x6aa8149p824f46b029845c37@mail.gmail.com> Message-ID: <4B96C7C8.1040609@pop-sp.rnp.br> Bingo, Lance! I can't access my device either by telnet or ssh from my Rancid server: Connection refused In fact, I have only one "frontend" server (which is not the Rancid server) from what I gain access via telnet/ssh. Maybe there is an ACL blocking this server. I will see this tomorrow, carefully. I really appreciate your help. Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Lance Vermilion escreveu: > that tells me that 10.0.0.1 will not allow your server to telnet/ssh > to it.from CLI can you telnet/ssh to 10.0.0.1 from the rancid server? > > On Tue, Mar 9, 2010 at 3:00 PM, Wagner Pereira > wrote: > > Lance, > > Below it is what I did. Is there some additional test that I can make? > > cp /usr/local/rancid/tar/rancid-2.3.2/.cloginrc /home/rancid/ > > And i did run > > /home/rancid/bin/clogin -c "sh run" 10.0.0.1 > > 10.0.0.1 > spawn telnet 10.0.0.1 > Trying 10.0.0.1... > telnet: Unable to connect to remote host: Connection refused > spawn ssh -c 3des -x -l rancid 10.0.0.1 > ssh: connect to host 10.0.0.1 port 22: Connection refused > > Error: Connection Refused (ssh): 10.0.0.1 > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > Lance Vermilion escreveu: > > Wagner, > > I echo what I said before. make sure the .cloginrc is in the > home directory for the rancid user (sometimes: /home/rancid/) > and you ONLY need the following in your .cloginrc > > add user 10.0.0.1 admin > add password 10.0.0.1 {vty_pass} {ena_pass} > add method 10.0.0.1 {telnet} {ssh} > > best of luck from here. > > > On Tue, Mar 9, 2010 at 2:37 PM, Wagner Pereira > > >> wrote: > > Hi, Ryan. > > I did read ALL the README file, believe me! > > And that's my .cloginrc file, copied from the cloginrc.sample: > > ===================== > add password 10.0.0.1 {vty_pass} {ena_pass} > > add user 10.0.0.1 admin > > add userprompt 10.0.0.1 {"Username:"} > > add passprompt 10.0.0.1 {"Password:"} > > add method 10.0.0.1 {telnet} {ssh} > > add enableprompt 10.0.0.1 {"Password:"} > > add cyphertype 10.0.0.1 {3des} > > #add password sl-bb*-dc cow24 > #add password sl-gw*-dc geeks > #add password sl* hank dog > #add password at* pete cow > #add password sdn* mujahid horse > #add password icm* peter > #add password * anything > # > #add user sl-gw*-dc twit > #add user sdn* sdn_auto > #add user sdn-bb* ops_eng > #add user * $env(USER) > > # customer x > # these routers ask for a username and password. we > automatically get > # enable access after successful authentication. > add user *.custx.net > roger > add password *.custx.net > {doger} > add autoenable *.custx.net > 1 > > > # customer y > # this is the normal cisco login. a password followed by > and enable > password. > # try ssh first, then rlogin. > add password *.custy.net > {vector} {victor} > add method *.custy.net > ssh rlogin > > > # customer z; they use ssh only. > add user *.custz.net > shirley > add password *.custz.net > {jive} {surely} > add method *.custz.net > ssh > > > # the route-server's do not provide enable access. cmdline > -noenable > # equivalent. > add noenable route-server* 1 > > # all our routers, i.e.: everything else > add password * {clearance} {clarence} > > # set ssh encryption type, dflt: 3des > add cyphertype * {3des} > > # set the username prompt to "router login:" > #add userprompt * {"router login:"} > > # ssh identity for a juniper; used with jlogin > add identity my.juniper $env(HOME)/.ssh/juniper > > # riverstone / enterasys / cabletron (rivlogin) example > # these boxes are 'back-to-front' from cisco (i.e., ask > # for vty password always, then tac+/radius if configured). > # > # vty password and last resort (enable) password for rivlogin > add password rs3000 {vtypass} {lastresort} > # if using tac+ or radius login, include these lines > add user rs3000 {monster} > add userpassword rs3000 {scary} > ===================== > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade > de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > > > Ryan West escreveu: > > Locate .cloginrc > > > > Have you created it yet or copied the sample that comes > with the > install to your environment. I hate to say this again, but > ALL of > this is covered in the tutorials that were posted. > > > > -ryan > > > > > >> -----Original Message----- > >> From: Wagner Pereira [mailto:wpereira at pop-sp.rnp.br > > >] > >> Sent: Tuesday, March 09, 2010 3:34 PM > >> To: Ryan West > >> Cc: Rancid Mailing List > >> Subject: Re: [rancid] It appears that Rancid is working now! > >> > >> Ryan, > >> > >> I did that: > >> > >> su - rancid && cat .cloginrc && rancid-run > >> rancid at servicos2:~$ > >> > >> and I did run this: > >> > >> /home/rancid/bin/clogin -c "sh run" 10.0.0.1 > >> > >> This is the result: > >> > >> Error: password file (/home/rancid/.cloginrc) does not exist > >> > >> -- > >> > >> Wagner Pereira > >> > >> PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > >> CCE/USP - Centro de Computa??o Eletr?nica da Universidade de > S?o Paulo > >> http://www.pop-sp.rnp.br > >> Tel. (11) 3091-8901 > >> > >> > >> > >> Ryan West escreveu: > >> > >>> Wagner, > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> Sent: Tuesday, March 09, 2010 3:16 PM > >>>> To: Rancid Mailing List > >>>> Subject: [rancid] It appears that Rancid is working now! > >>>> > >>>> Hey, Rancid's guys! > >>>> > >>>> Can I start to celebrate? See below: > >>>> > >>>> rancid-server# cat switches-PoP-SP.20100309.170101 > >>>> > >>>> starting: Tue Mar 9 17:01:01 BRT 2010 > >>>> > >>>> cvs add: scheduling file `10.0.0.1' for addition > >>>> cvs add: use `cvs commit' to add this file permanently > >>>> > /home/rancid/var/rancid/CVS/switches-PoP-SP/configs/10.0.0.1 > > ,v > > >>>> <-- 10.0.0.1 > >>>> initial revision: 1.1 > >>>> Added 10.0.0.1 > >>>> > >>>> > >>>> > >>>> Trying to get all of the configs. > >>>> 10.0.0.1 clogin error: Error: password file > (/root/.cloginrc) > >>>> does not exist > >>>> > >>>> > >>> su - rancid && cat .cloginrc && rancid-run > >>> > >>> -ryan > >>> > >>> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > From heas at shrubbery.net Tue Mar 9 23:24:15 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 9 Mar 2010 15:24:15 -0800 Subject: [rancid] Re: rancid bombing out on "dir /all disk0:" when command not authorized by AAA In-Reply-To: <3329cbb41003091249m3fe3d6ack64d5efc3dc20b43c@mail.gmail.com> References: <3329cbb41003082127m7e3c3d41t6670cf0da3701db7@mail.gmail.com> <20100309193913.GI5643@shrubbery.net> <3329cbb41003091249m3fe3d6ack64d5efc3dc20b43c@mail.gmail.com> Message-ID: <20100309232415.GQ5643@shrubbery.net> Wed, Mar 10, 2010 at 07:49:09AM +1100, Dale Shaw: > Hi John, > > > Tue, Mar 09, 2010 at 04:27:03PM +1100, Dale Shaw: > >> I'll probably just end up adding this command to the authorised set, > >> but am I missing something or is this behaviour a bit .. ungraceful? > > On Wed, Mar 10, 2010 at 6:39 AM, john heasley wrote: > > nope; it expects to be able to run the commands and was not written with > > the idea that folks would care that it be able to run them. > > My perl-fu is weak but I saw some references to the string 'command > not authorized' in bin/rancid. Is/was the intention that it should > handle this message being returned? my intention was that its an error for it to be permission denied. From wpereira at pop-sp.rnp.br Wed Mar 10 16:06:56 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Wed, 10 Mar 2010 13:06:56 -0300 Subject: [rancid] Re: It appears that Rancid is working now! [RESOLVED] In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD14C769@zy-ex1.zyedge.local> References: <4B96AC84.5060805@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BA0E@zy-ex1.zyedge.local> <4B96B0B3.8020307@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14BEAE@zy-ex1.zyedge.local> <4B96BFA5.3090401@pop-sp.rnp.br> <8423e7bb1003091352t3b303f03g112f77ced360a82b@mail.gmail.com> <4B96C514.6010209@pop-sp.rnp.br> <5DC4853C6CC3EE4788779E0726E034DD14C769@zy-ex1.zyedge.local> Message-ID: <4B97C3A0.8040803@pop-sp.rnp.br> Hi, all. My Rancid is beautifully working now! I created an ACL on my device permitting access from my Rancid server via Telnet/SSH. I'd like to thank my friend Roberto, from University of S?o Paulo (Brazil), for his great help, and thank all of you guys who were very patients with me! Best wishes of success, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Ryan West escreveu: > >> -----Original Message----- >> Sent: Tuesday, March 09, 2010 5:01 PM >> To: Lance Vermilion; Rancid Mailing List >> Subject: [rancid] Re: It appears that Rancid is working now! >> >> ssh: connect to host 10.0.0.1 port 22: Connection refused >> >> Error: Connection Refused (ssh): 10.0.0.1 >> > > Fix this. > From wpereira at pop-sp.rnp.br Wed Mar 10 19:10:16 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Wed, 10 Mar 2010 16:10:16 -0300 Subject: [rancid] How to install/configure cvsweb? Message-ID: <4B97EE98.6060304@pop-sp.rnp.br> Ok, folks. Now my Rancid is running properly (not exactly, because I still intend to make Rancid send e-mail messages). Is there some HOW-TO about cvsweb? Thanks. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From meskander at perimeterwatch.com Wed Mar 10 19:18:39 2010 From: meskander at perimeterwatch.com (Mina Eskander) Date: Wed, 10 Mar 2010 14:18:39 -0500 Subject: [rancid] Re: How to install/configure cvsweb? In-Reply-To: <4B97EE98.6060304@pop-sp.rnp.br> References: <4B97EE98.6060304@pop-sp.rnp.br> Message-ID: <7F3F784A5FBB07429A564445F94F9D6E35D5F47E65@pwcoloex01.perimeterwatch.com> I used this one. http://www.debian-administration.org/articles/429 It was pretty helpful. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira Sent: Wednesday, March 10, 2010 2:10 PM To: Rancid Mailing List Subject: [rancid] How to install/configure cvsweb? Ok, folks. Now my Rancid is running properly (not exactly, because I still intend to make Rancid send e-mail messages). Is there some HOW-TO about cvsweb? Thanks. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail; you must not copy, distribute or take any action in reliance on the information contained within. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- From wpereira at pop-sp.rnp.br Thu Mar 11 12:06:38 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Thu, 11 Mar 2010 09:06:38 -0300 Subject: [rancid] Re: How to install/configure cvsweb? In-Reply-To: <7F3F784A5FBB07429A564445F94F9D6E35D5F47E65@pwcoloex01.perimeterwatch.com> References: <4B97EE98.6060304@pop-sp.rnp.br> <7F3F784A5FBB07429A564445F94F9D6E35D5F47E65@pwcoloex01.perimeterwatch.com> Message-ID: <4B98DCCE.6020200@pop-sp.rnp.br> Perfect, Mina! My Rancid cvsweb is running on the browser now! Next, how should I put a login/password method to access the cvsweb webpage? Is that OFF TOPIC or not? Hugs, -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 Mina Eskander escreveu: > I used this one. > > http://www.debian-administration.org/articles/429 > > It was pretty helpful. > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Wagner Pereira > Sent: Wednesday, March 10, 2010 2:10 PM > To: Rancid Mailing List > Subject: [rancid] How to install/configure cvsweb? > > Ok, folks. > > Now my Rancid is running properly (not exactly, because I still intend > to make Rancid send e-mail messages). > > Is there some HOW-TO about cvsweb? > > Thanks. > > -- > > Wagner Pereira > > PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo > CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo > http://www.pop-sp.rnp.br > Tel. (11) 3091-8901 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal > privilege. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail; you must not copy, > distribute or take any action in reliance on the information contained within. > Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are > routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > From rwest at zyedge.com Thu Mar 11 14:08:22 2010 From: rwest at zyedge.com (Ryan West) Date: Thu, 11 Mar 2010 14:08:22 +0000 Subject: [rancid] Re: How to install/configure cvsweb? In-Reply-To: <4B98DCCE.6020200@pop-sp.rnp.br> References: <4B97EE98.6060304@pop-sp.rnp.br> <7F3F784A5FBB07429A564445F94F9D6E35D5F47E65@pwcoloex01.perimeterwatch.com> <4B98DCCE.6020200@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1534A4@zy-ex1.zyedge.local> Wagner, > -----Original Message----- > Sent: Thursday, March 11, 2010 7:07 AM > To: Mina Eskander > Cc: Rancid Mailing List > Subject: [rancid] Re: How to install/configure cvsweb? > > Perfect, Mina! > > My Rancid cvsweb is running on the browser now! > > Next, how should I put a login/password method to access the cvsweb > webpage? Is that OFF TOPIC or not? Look at .htpasswd / .htaccess for clues. -ryan From bmahaffey at pelco.com Fri Mar 12 21:03:49 2010 From: bmahaffey at pelco.com (Mahaffey, Brian) Date: Fri, 12 Mar 2010 13:03:49 -0800 Subject: [rancid] Rancid Notification Count Message-ID: <4BBAF403456ED74981E7164ED3A4C22401D1D05F@CA-EVS02.pelco.org> Hello, I am trying to find how to lower the notification email count per group. I have looked through the rancid.conf and a few other files but am unable to find it. For example, I have rancid configured to run 2 times per day, 12 pm and 12am. When a device goes down and rancid is unable to login to the device I get 8 emails per group regarding that 1 device. Is there a way to limit the number of emails to 1 per group? Thank you, Brian This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100312/8a8a776c/attachment.html From anthony.trummer at reachlocal.com Mon Mar 15 18:15:57 2010 From: anthony.trummer at reachlocal.com (Anthony Trummer) Date: Mon, 15 Mar 2010 11:15:57 -0700 Subject: [rancid] Dell Switches Message-ID: <1268676957.4764.46.camel@tony-laptop> I've added the Ricky Ninja's dlogin and drancid and modified rancid-fe to match Ricky's but I'm still unable to get it to pick up my dell switches. dlogin seems to work ok by itself. I did add : 'dell' => 'drancid', in rancid-fe, but get this in the logs: Trying to get all of the configs. exec failed router manufacturer dell: No such file or directory ===================================== Any help is appreciated. From ron.whitney at doitbest.com Mon Mar 15 20:16:25 2010 From: ron.whitney at doitbest.com (Ron Whitney) Date: Mon, 15 Mar 2010 16:16:25 -0400 Subject: [rancid] Re: Dell Switches In-Reply-To: <1268676957.4764.46.camel@tony-laptop> Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6501E4B472@EXCHANGE1.ntserv.doitbestcorp.com> > I did add : 'dell' => 'drancid', in rancid-fe, Two quick thoughts. First, I used the following in rancid-fe: "dell" => "drancid dlogin", Second, make sure dlogin and drancid are both in the ~/bin (i.e. /usr/local/rancid/bin) and that both have the execute permission set: Chmod +x dlogin Chmod +x drancid This is working fine for my PC6024 and PC6224 switches. Good luck. Ron From anthony.trummer at reachlocal.com Mon Mar 15 20:25:46 2010 From: anthony.trummer at reachlocal.com (Anthony Trummer) Date: Mon, 15 Mar 2010 13:25:46 -0700 Subject: [rancid] Re: Dell Switches In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6501E4B472@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6501E4B472@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <1268684746.4764.55.camel@tony-laptop> Thanks, turns out someone did two installs in different paths. I of course was using the wrong one. My error has changed to a syntax error, but hopefully I can track that down. On Mon, 2010-03-15 at 16:16 -0400, Ron Whitney wrote: > > I did add : 'dell' => 'drancid', in rancid-fe, > > Two quick thoughts. First, I used the following in rancid-fe: > "dell" => "drancid dlogin", > > Second, make sure dlogin and drancid are both in the ~/bin (i.e. > /usr/local/rancid/bin) and that both have the execute permission set: > > Chmod +x dlogin > Chmod +x drancid > > This is working fine for my PC6024 and PC6224 switches. Good luck. > > Ron Anthony Trummer | Network Engineer o 818.274.0260 ext 1228 | 21700 Oxnard Street | Suite 1500 | Woodland Hills, CA 91367 Follow us on twitter: www.twitter.com/reachlocal View our Success Stories | Sample Reports From alan.cooper at lumison.net Tue Mar 16 16:46:43 2010 From: alan.cooper at lumison.net (Alan Cooper) Date: Tue, 16 Mar 2010 16:46:43 +0000 Subject: [rancid] Re: Switch Allied Telesyn and Enterasys B2 In-Reply-To: <201001071443.o07Eh7HH021759@mail.comune.modena.it> References: <201001071443.o07Eh7HH021759@mail.comune.modena.it> Message-ID: Hi Valentino, I would be most interested in the Allied Telesyn scripts and would be most grateful if you could post to list. Regards, Alan -----Original Message----- From: Valentino Vaia [mailto:valvai81 at mail.comune.modena.it] Sent: 07 January 2010 14:43 To: rancid-discuss at shrubbery.net Cc: Alan Cooper Subject: Switch Allied Telesyn and Enterasys B2 Hello, I'm currently using rancid 2.3.2 to backup the configuration of different vendor's switches. I have developed some script to backup the configuration of the Allied Telesis AT-8000S and Enterasys B2/B3. For the Enterasys 's switch I modified the rivstone scripts. I'm not so good as a code writer I created some scripts for the Allied Telesis similar to the rest of the project. I successfully tested them, and now I'm using them in production in my enviroment. If someone is interested please tell me, and I'll post them to the list. Regards --Valentino -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender. Any offers or quotation of service are subject to formal specification. Errors and omissions excepted. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Lumison. Finally, the recipient should check this email and any attachments for the presence of viruses. Lumison accept no liability for any damage caused by any virus transmitted by this email. From anthony.trummer at reachlocal.com Wed Mar 17 01:12:22 2010 From: anthony.trummer at reachlocal.com (Anthony Trummer) Date: Tue, 16 Mar 2010 18:12:22 -0700 Subject: [rancid] Linksys Switches Message-ID: <1268788342.4749.72.camel@tony-laptop> Does anyone know where I can find scripts for Linksys SRW2048 Switches? From afort at choqolat.org Wed Mar 17 05:33:27 2010 From: afort at choqolat.org (Andreux Fort) Date: Wed, 17 Mar 2010 16:33:27 +1100 Subject: [rancid] Re: Linksys Switches In-Reply-To: <1268788342.4749.72.camel@tony-laptop> References: <1268788342.4749.72.camel@tony-laptop> Message-ID: <7654d9d1003162233i7e5074c2n2b0e38b26c436518@mail.gmail.com> On Wed, Mar 17, 2010 at 12:12 PM, Anthony Trummer wrote: > Does anyone know where I can find scripts for Linksys SRW2048 Switches? Not sure; there's no rancid scripts at present. Taking a look at the manuals, you'd need to roll something with the `hpuifilter` filter (see hprancid) so that you can filter out the terminal control characters used for their console user interface. -- Andreux Fort (afort at choqolat.org) From valvai81 at gmail.com Wed Mar 17 07:55:29 2010 From: valvai81 at gmail.com (Valentino Vaia) Date: Wed, 17 Mar 2010 08:55:29 +0100 Subject: [rancid] Re: Switch Allied Telesyn and Enterasys B2 In-Reply-To: References: <201001071443.o07Eh7HH021759@mail.comune.modena.it> Message-ID: <10e80e871003170055l2e6239d3kb1a8ba7357dc271@mail.gmail.com> I use these scripts to backup AT-8000S Series. I hope what these will be useful for you Valentino 2010/3/16 Alan Cooper > Hi Valentino, > > I would be most interested in the Allied Telesyn scripts and would be most > grateful if you could post to list. > > Regards, > Alan > > -----Original Message----- > From: Valentino Vaia [mailto:valvai81 at mail.comune.modena.it] > Sent: 07 January 2010 14:43 > To: rancid-discuss at shrubbery.net > Cc: Alan Cooper > Subject: Switch Allied Telesyn and Enterasys B2 > > Hello, > I'm currently using rancid 2.3.2 to backup the configuration of > different vendor's switches. > I have developed some script to backup the configuration of the Allied > Telesis AT-8000S and Enterasys B2/B3. > For the Enterasys 's switch I modified the rivstone scripts. > I'm not so good as a code writer I created some scripts for the Allied > Telesis similar to the rest of the project. > I successfully tested them, and now I'm using them in production in my > enviroment. > If someone is interested please tell me, and I'll post them to the list. > > Regards > --Valentino > > -- > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender. Any > offers or quotation of service are subject to formal specification. > Errors and omissions excepted. Please note that any views or opinions > presented in this email are solely those of the author and do not > necessarily represent those of Lumison. > Finally, the recipient should check this email and any attachments for the > presence of viruses. Lumison accept no liability for any > damage caused by any virus transmitted by this email. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Valentino Vaia Via Lugli 21/1 Modena 41100 cell: 328 7216808 (wind) GMAIL: valvai81 at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100317/0e28fef7/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ATlogin Type: application/octet-stream Size: 19165 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100317/0e28fef7/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: ATrancid Type: application/octet-stream Size: 10701 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100317/0e28fef7/attachment-0001.obj From adudek16 at gmail.com Wed Mar 17 17:14:54 2010 From: adudek16 at gmail.com (Aaron Dudek) Date: Wed, 17 Mar 2010 13:14:54 -0400 Subject: [rancid] Re: Linksys Switches In-Reply-To: <7654d9d1003162233i7e5074c2n2b0e38b26c436518@mail.gmail.com> References: <1268788342.4749.72.camel@tony-laptop> <7654d9d1003162233i7e5074c2n2b0e38b26c436518@mail.gmail.com> Message-ID: <96ba9bee1003171014x7dc0fcb6ga9e938cff0897788@mail.gmail.com> There is a cli mode on the box. Just do a ^z (I think that is the right cmd) On Wednesday, March 17, 2010, Andreux Fort wrote: > On Wed, Mar 17, 2010 at 12:12 PM, Anthony Trummer > wrote: >> Does anyone know where I can find scripts for Linksys SRW2048 Switches? > > Not sure; there's no rancid scripts at present. ?Taking a look at the > manuals, you'd need to roll something with the `hpuifilter` filter > (see hprancid) so that you can filter out the terminal control > characters used for their console user interface. > > -- > Andreux Fort (afort at choqolat.org) > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From rancid at ale.cx Wed Mar 17 19:16:06 2010 From: rancid at ale.cx (Alex DEKKER) Date: Wed, 17 Mar 2010 19:16:06 +0000 Subject: [rancid] Re: Linksys Switches In-Reply-To: <1268788342.4749.72.camel@tony-laptop> References: <1268788342.4749.72.camel@tony-laptop> Message-ID: <201003171916.06973.rancid@ale.cx> On Wednesday 17 March 2010 01:12:22 Anthony Trummer wrote: > Does anyone know where I can find scripts for Linksys SRW2048 Switches? If it's anything like an SFE2xxx, you can get to the CLI after logging in by pressing ^Z, lcli and log in again. After that, it's the same as a Dell switch. alexd From gpnster at gmail.com Thu Mar 18 08:38:33 2010 From: gpnster at gmail.com (Gregers Paludan Nakman) Date: Thu, 18 Mar 2010 09:38:33 +0100 Subject: [rancid] Controlling Version numbers in CVS Message-ID: <001a01cac676$654c9a00$2fe5ce00$@com> Hi Gurus What is the best way to control and update version numbers in CVS for config files saved by rancid? >From time to time a router or switch receives new firmware, major sw upgrades etc. In these cases it would be nice to change the version number from ex. 1.74 to 2.0 How can this be done Thanks in advance Gregers -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100318/12a17d59/attachment.html From heas at shrubbery.net Thu Mar 18 17:37:23 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 18 Mar 2010 10:37:23 -0700 Subject: [rancid] Re: Controlling Version numbers in CVS In-Reply-To: <001a01cac676$654c9a00$2fe5ce00$@com> References: <001a01cac676$654c9a00$2fe5ce00$@com> Message-ID: <20100318173723.GP26294@shrubbery.net> Thu, Mar 18, 2010 at 09:38:33AM +0100, Gregers Paludan Nakman: > Hi Gurus > > > > What is the best way to control and update version numbers in CVS for config > files saved by rancid? > > > > >From time to time a router or switch receives new firmware, major sw > upgrades etc. In these cases it would be nice to change the version number > from ex. 1.74 to 2.0 > > > > How can this be done i know of no way to jump revisions in cvs or svn. if you really want to mark a point in time, look-up "tagging" in the cvs/svn manuals, which would be a function separate from rancid. > > > Thanks in advance > > > > Gregers > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From steve at ibctech.ca Fri Mar 19 14:23:49 2010 From: steve at ibctech.ca (Steve Bertrand) Date: Fri, 19 Mar 2010 10:23:49 -0400 Subject: [rancid] Frequent unknown changes against Quagga Message-ID: <4BA388F5.4080102@ibctech.ca> Hi everyone, I've got an annoying issue using RANCID against Quagga. I poll every half-hour, and each day, there are two or three updates that randomly appear like this: diff -u -4 -r1.105 hostname @@ -61,8 +61,10 @@ ip address 208.70.x.x/30 ipv6 nd suppress-ra ipv6 ospf6 cost 1 ipv6 ospf6 dead-interval 40 + exit + exit ipv6 ospf6 hello-interval 10 ipv6 ospf6 instance-id 0 ipv6 ospf6 priority 1 ipv6 ospf6 retransmit-interval 5 ...on the next poll, the 'exit' lines are removed. It is inconsistent where in the config these exit entries appear. Nobody has logged into the router in question. My .clogin rc looks like such: add method hostname ssh add autoenable hostname 1 add user hostname rancid add password hostname blah ...and the router.db hostname:zebra:up The SSH user is bound directly to vtysh as its shell. Is there anyone who might be able to give me some clue as to why these config changes happen? Cheers, Steve From heas at shrubbery.net Fri Mar 19 16:33:24 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 19 Mar 2010 09:33:24 -0700 Subject: [rancid] Re: Frequent unknown changes against Quagga In-Reply-To: <4BA388F5.4080102@ibctech.ca> References: <4BA388F5.4080102@ibctech.ca> Message-ID: <20100319163324.GD26294@shrubbery.net> Fri, Mar 19, 2010 at 10:23:49AM -0400, Steve Bertrand: > Hi everyone, > > I've got an annoying issue using RANCID against Quagga. I poll every > half-hour, and each day, there are two or three updates that randomly > appear like this: > > diff -u -4 -r1.105 hostname > @@ -61,8 +61,10 @@ > ip address 208.70.x.x/30 > ipv6 nd suppress-ra > ipv6 ospf6 cost 1 > ipv6 ospf6 dead-interval 40 > + exit > + exit > ipv6 ospf6 hello-interval 10 > ipv6 ospf6 instance-id 0 > ipv6 ospf6 priority 1 > ipv6 ospf6 retransmit-interval 5 > > ...on the next poll, the 'exit' lines are removed. It is inconsistent > where in the config these exit entries appear. Nobody has logged into > the router in question. > > My .clogin rc looks like such: > > add method hostname ssh > add autoenable hostname 1 > add user hostname rancid > add password hostname blah > > ...and the router.db > > hostname:zebra:up > > The SSH user is bound directly to vtysh as its shell. > > Is there anyone who might be able to give me some clue as to why these > config changes happen? its probably quagga doing something odd. i run it against quagga regularly w/o issue, but dont use vtysh. try to replicate it with clogin -c 'list of commands from zrancid'. if you can cause it regularly, do it again with -d and collect the output. From gpnster at gmail.com Mon Mar 22 07:53:30 2010 From: gpnster at gmail.com (Gregers Paludan Nakman) Date: Mon, 22 Mar 2010 08:53:30 +0100 Subject: [rancid] Re: Controlling Version numbers in CVS In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6501E4B495@EXCHANGE1.ntserv.doitbestcorp.com> References: <001a01cac676$654c9a00$2fe5ce00$@com> <1FD6BFAE6EA54341821D01FB8E617B6501E4B495@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <000001cac994$c3c80990$4b581cb0$@com> < http://www.eyrie.org/~eagle/notes/cvs/revisions.html < I believe the following command is what you are looking for: < Hi Ron I tried to use this command with one config file in the cvs. It worked J the revision number was updated and everything looked good, until I looked in the log files of rancid. Rancid was not able to update the config files anymore. L I might have done something wrong, but I don't know what. John Heasley wrote to me: "I know of no way to jump revisions in cvs or svn. " So I guess that this feature is not available in Rancid (yet?) Br Gregers -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100322/ce5f414b/attachment.html From rancid at ale.cx Mon Mar 22 18:35:26 2010 From: rancid at ale.cx (Alex DEKKER) Date: Mon, 22 Mar 2010 18:35:26 +0000 Subject: [rancid] Re: Controlling Version numbers in CVS In-Reply-To: <000001cac994$c3c80990$4b581cb0$@com> References: <001a01cac676$654c9a00$2fe5ce00$@com> <1FD6BFAE6EA54341821D01FB8E617B6501E4B495@EXCHANGE1.ntserv.doitbestcorp.com> <000001cac994$c3c80990$4b581cb0$@com> Message-ID: <201003221835.26682.rancid@ale.cx> On Monday 22 March 2010 07:53:30 Gregers Paludan Nakman wrote: > I tried to use this command with one config file in the cvs. It worked J > the revision number was updated and everything looked good, until I looked > in the log files of rancid. > > Rancid was not able to update the config files anymore. L I might have done > something wrong, but I don't know what. I would guess you ran this command as a user [eg root] other than the one you run RANCID as [eg rancid]. Check the ownership/permissions on RANCIDs files. > John Heasley wrote to me: > > "I know of no way to jump revisions in cvs or svn. " > > > > So I guess that this feature is not available in Rancid (yet?) It would be a feature of your version control system, not RANCID. alexd From david.mantock at gmx.ch Tue Mar 23 10:37:43 2010 From: david.mantock at gmx.ch (David Mantock) Date: Tue, 23 Mar 2010 11:37:43 +0100 Subject: [rancid] cvs [diff aborted] Message-ID: <20100323103743.257940@gmx.net> I have a remote CVS repository and normally everything works fine. We had problems with the server and now I am getting these errors: starting: Tue Mar 23 02:00:01 MET 2010 cvs [status aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.be.ch,v Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs [diff aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.be.ch,v cvs commit: Examining . cvs commit: Examining configs cvs [commit aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.ch,v ending: Tue Mar 23 02:25:19 MET 2010 Any help appreciated. Thanks -- GMX.at - ?sterreichs FreeMail-Dienst mit ?ber 2 Mio Mitgliedern E-Mail, SMS & mehr! Kostenlos: http://portal.gmx.net/de/go/atfreemail From david.mantock at gmx.ch Tue Mar 23 08:33:39 2010 From: david.mantock at gmx.ch (David Mantock) Date: Tue, 23 Mar 2010 09:33:39 +0100 Subject: [rancid] cvs [diff aborted] Message-ID: <20100323083339.283470@gmx.net> I have a remote repository and normally everything works fine, but we had problems wit the server and now I am getting these errors: starting: Tue Mar 23 02:00:01 MET 2010 cvs [status aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.be.ch,v Trying to get all of the configs. All routers sucessfully completed. cvs diff: Diffing . cvs diff: Diffing configs cvs [diff aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.be.ch,v cvs commit: Examining . cvs commit: Examining configs cvs [commit aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.ch,v ending: Tue Mar 23 02:25:19 MET 2010 Any help appreciated. Thanks -- Sicherer, schneller und einfacher. Die aktuellen Internet-Browser - jetzt kostenlos herunterladen! http://portal.gmx.net/de/go/atbrowser From heas at shrubbery.net Tue Mar 23 16:52:31 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 23 Mar 2010 09:52:31 -0700 Subject: [rancid] Re: cvs [diff aborted] In-Reply-To: <20100323103743.257940@gmx.net> References: <20100323103743.257940@gmx.net> Message-ID: <20100323165231.GB15475@shrubbery.net> Tue, Mar 23, 2010 at 11:37:43AM +0100, David Mantock: > I have a remote CVS repository and normally everything works fine. We had problems with the server and now I am getting these errors: looks like you lost an update to the file. run cvs update in the RouterSwitch dir. remove configs/kvpol.be.ch and run cvs update again if necessary. > starting: Tue Mar 23 02:00:01 MET 2010 > > cvs [status aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.be.ch,v > > > Trying to get all of the configs. > All routers sucessfully completed. > > cvs diff: Diffing . > cvs diff: Diffing configs > cvs [diff aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.be.ch,v > cvs commit: Examining . > cvs commit: Examining configs > cvs [commit aborted]: could not find desired version 1.12 in /tank/rancid/CVS/RouterSwitch/configs/kvpol.net.ch,v > > ending: Tue Mar 23 02:25:19 MET 2010 > > Any help appreciated. > > Thanks > -- > GMX.at - ?sterreichs FreeMail-Dienst mit ?ber 2 Mio Mitgliedern > E-Mail, SMS & mehr! Kostenlos: http://portal.gmx.net/de/go/atfreemail > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From david at davidkrider.com Tue Mar 23 18:49:05 2010 From: david at davidkrider.com (David Krider) Date: Tue, 23 Mar 2010 14:49:05 -0400 Subject: [rancid] Is there any way to show uncommitted changes Message-ID: <4BA90D21.4050500@davidkrider.com> I had hacked up my own version of Rancid without even knowing it (with expect, but no RCS). My version backed up both the `show config' and `show running' commands, and then did a diff between them, and sent any result in email for review. It was intended to show uncommitted changes to the gear. My boss sent me a link to Rancid, and I've just gotten it running and backing up several switches and a couple routers. Is there any way to get it to show me the difference between the running and permanent configs? I get the feeling there is, but I can't find it. Thanks, dk From heas at shrubbery.net Tue Mar 23 18:56:09 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 23 Mar 2010 11:56:09 -0700 Subject: [rancid] Re: Is there any way to show uncommitted changes In-Reply-To: <4BA90D21.4050500@davidkrider.com> References: <4BA90D21.4050500@davidkrider.com> Message-ID: <20100323185609.GL15475@shrubbery.net> Tue, Mar 23, 2010 at 02:49:05PM -0400, David Krider: > I had hacked up my own version of Rancid without even knowing it (with > expect, but no RCS). My version backed up both the `show config' and > `show running' commands, and then did a diff between them, and sent any > result in email for review. It was intended to show uncommitted changes > to the gear. My boss sent me a link to Rancid, and I've just gotten it > running and backing up several switches and a couple routers. Is there > any way to get it to show me the difference between the running and > permanent configs? I get the feeling there is, but I can't find it. no; write a script that takes router.db and uses *login -c 'command' to save the config at some regular interval, such as daily. From bob.weaver at ibfx.com Tue Mar 23 19:50:57 2010 From: bob.weaver at ibfx.com (Bob Weaver) Date: Tue, 23 Mar 2010 19:50:57 +0000 Subject: [rancid] Nxrancid woes Message-ID: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> We've been running Rancid for a couple years now on some pretty standard Cisco gear and the powers that be decided it was time to throw some Nexus switches into the mix. Seems like some strange things happen with these ones. We figured out that the service account Rancid uses to log in had to have a certain privilege level to execute some commands so that fixed our initial issues. But I'm still having some troubles. I've done quite a bit of searching around and narrowed the main problem down to the 'show version' command. It would appear that it does not have an EOL or something like that so the command that immediately follows it in the list appears to fail. In the debug output below I can see the first two commands then it appears to skip the 'show environment fan' which is right after the 'show version' in the command list then reports that it failed. If I comment out the 'show environment fan' command then the 'show environment temp' command becomes the missing one and so on. This is what leads me to believe that the 'show version' command is not "finishing clean" or however that should be stated. Do I need to add some regex to the ShowVersion subroutine to watch for some text in the lower portion of the 'show version' command to "tell" the script that it's over and good or something similar or am I way off track with all this? Here's the debug output (slightly shortened): # nxrancid -d x.x.x.x executing clogin -t 90 -c"term no monitor-force;show version;show environment fan;show environment temperature;show environment power; ......" x.x.x.x PROMPT MATCH: NY4-CORE-SW01# HIT COMMAND:NY4-CORE-SW01# term no monitor-force In RunCommand: NY4-CORE-SW01# term no monitor-force HIT COMMAND:NY4-CORE-SW01# show version In ShowVersion: NY4-CORE-SW01# show version TYPE = NXOS HIT COMMAND:NY4-CORE-SW01# show environment temperature In ShowEnvTemp: NY4-CORE-SW01# show environment temperature HIT COMMAND:NY4-CORE-SW01# show environment power In ShowEnv: NY4-CORE-SW01# show environment power ... ... HIT COMMAND:NY4-CORE-SW01# show running-config In WriteTerm: NY4-CORE-SW01# show running-config 192.168.128.4: found exit 192.168.128.4: missed cmd(s): show environment fan Any light that could be shed on this is appreciated. Thanks, Bob Weaver -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100323/aa904bb4/attachment.html From cgauthier at mapscu.com Tue Mar 23 20:08:11 2010 From: cgauthier at mapscu.com (Chris Gauthier) Date: Tue, 23 Mar 2010 13:08:11 -0700 Subject: [rancid] Re: Is there any way to show uncommitted changes In-Reply-To: <20100323185609.GL15475@shrubbery.net> References: <4BA90D21.4050500@davidkrider.com> <20100323185609.GL15475@shrubbery.net> Message-ID: I would be very interested in such a script! I just don't have time to write it. Chris G. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: Tuesday, March 23, 2010 11:56 AM To: David Krider Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Is there any way to show uncommitted changes Tue, Mar 23, 2010 at 02:49:05PM -0400, David Krider: > I had hacked up my own version of Rancid without even knowing it (with > expect, but no RCS). My version backed up both the `show config' and > `show running' commands, and then did a diff between them, and sent any > result in email for review. It was intended to show uncommitted changes > to the gear. My boss sent me a link to Rancid, and I've just gotten it > running and backing up several switches and a couple routers. Is there > any way to get it to show me the difference between the running and > permanent configs? I get the feeling there is, but I can't find it. no; write a script that takes router.db and uses *login -c 'command' to save the config at some regular interval, such as daily. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Mar 23 20:36:11 2010 From: heas at shrubbery.net (john heasley) Date: Tue, 23 Mar 2010 13:36:11 -0700 Subject: [rancid] Re: Nxrancid woes In-Reply-To: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> References: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> Message-ID: <20100323203611.GQ15475@shrubbery.net> Tue, Mar 23, 2010 at 07:50:57PM +0000, Bob Weaver: > We've been running Rancid for a couple years now on some pretty standard Cisco gear and the powers that be decided it was time to throw some Nexus switches into the mix. Seems like some strange things happen with these ones. We figured out that the service account Rancid uses to log in had to have a certain privilege level to execute some commands so that fixed our initial issues. But I'm still having some troubles. > > I've done quite a bit of searching around and narrowed the main problem down to the 'show version' command. It would appear that it does not have an EOL or something like that so the command that immediately follows it in the list appears to fail. In the debug output below I can see the first two commands then it appears to skip the 'show environment fan' which is right after the 'show version' in the command list then reports that it failed. If I comment out the 'show environment fan' command then the 'show environment temp' command becomes the missing one and so on. This is what leads me to believe that the 'show version' command is not "finishing clean" or however that should be stated. Do I need to add some regex to the ShowVersion subroutine to watch for some text in the lower portion of the 'show version' command to "tell" the script that it's over and good or something similar or am I way off track with all this? its probably that show environment clock o/p changed and ShowEnv is eat that and the show environment fan o/p. but, why isnt obvious. if you provide the hostname.raw file from NOPIPE=YES;export NOPIPE;nxrancid -d hostname, that will help find the problem. > Here's the debug output (slightly shortened): > > # nxrancid -d x.x.x.x > > executing clogin -t 90 -c"term no monitor-force;show version;show environment fan;show environment temperature;show environment power; ......" x.x.x.x > PROMPT MATCH: NY4-CORE-SW01# > HIT COMMAND:NY4-CORE-SW01# term no monitor-force > In RunCommand: NY4-CORE-SW01# term no monitor-force > HIT COMMAND:NY4-CORE-SW01# show version > In ShowVersion: NY4-CORE-SW01# show version > TYPE = NXOS > HIT COMMAND:NY4-CORE-SW01# show environment temperature > In ShowEnvTemp: NY4-CORE-SW01# show environment temperature > HIT COMMAND:NY4-CORE-SW01# show environment power > In ShowEnv: NY4-CORE-SW01# show environment power > ... ... > HIT COMMAND:NY4-CORE-SW01# show running-config > In WriteTerm: NY4-CORE-SW01# show running-config > 192.168.128.4: found exit > 192.168.128.4: missed cmd(s): show environment fan > > Any light that could be shed on this is appreciated. > > Thanks, > Bob Weaver > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From bob.weaver at ibfx.com Tue Mar 23 20:57:48 2010 From: bob.weaver at ibfx.com (Bob Weaver) Date: Tue, 23 Mar 2010 20:57:48 +0000 Subject: [rancid] Re: Nxrancid woes In-Reply-To: <20100323203611.GQ15475@shrubbery.net> References: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> <20100323203611.GQ15475@shrubbery.net> Message-ID: <66A20B39197AEA4F9B683592313C98BF0566F6@MRW-SRV-PMAIL02.corp.ibfx.com> We noticed early on that 'show environment clock' didn't work, on our Nexus switches anyway so it's been commented out from the beginning. I've used clogin to connect as our service.rancid user and tested all the other commands that aren't commented out and they work just fine from the console. I took a look at the .raw file and the output looks to me normal to me. The output of all the commands was there. The snipped below is the tail end of 'show version' and the head end of 'show environment fan'. I don't see anything that looks wrong but then I don't really know what I'm looking for either. Is it a problem that the 'MNY4-CORE-SW01# show environment fan' entry is attached to the end of the 'Core Plugin, Ethernet Plugin' part rather than being on its own line (newline)? Does that indicate that it thinks the '... fan' command was part of the 'show version' somehow? Kernel uptime is 206 day(s), 0 hour(s), 16 minute(s), 28 second(s)^M ^M Last reset ^M Reason: Unknown^M System version: 4.0(1a)N2(1)^M Service: ^M ^M plugin^M Core Plugin, Ethernet Plugin^MNY4-CORE-SW01# show environment fan^M^M ^M ^M Fan:^M ------------------------------------------------------^M Fan Model Hw Status^M ------------------------------------------------------^M Chassis-1 N5K-C5020-FAN -- ok^M Chassis-2 N5K-C5020-FAN -- ok^M Bob Weaver Ps, sorry about that first message in HTML format. I reloaded my computer last week and forgot to force Outlook back to plain text like I generally do. > > Tue, Mar 23, 2010 at 07:50:57PM +0000, Bob Weaver: > > We've been running Rancid for a couple years now on some pretty > standard Cisco gear and the powers that be decided it was time to throw > some Nexus switches into the mix. Seems like some strange things happen > with these ones. We figured out that the service account Rancid uses to > log in had to have a certain privilege level to execute some commands > so that fixed our initial issues. But I'm still having some troubles. > > > > I've done quite a bit of searching around and narrowed the main > problem down to the 'show version' command. It would appear that it > does not have an EOL or something like that so the command that > immediately follows it in the list appears to fail. In the debug output > below I can see the first two commands then it appears to skip the > 'show environment fan' which is right after the 'show version' in the > command list then reports that it failed. If I comment out the 'show > environment fan' command then the 'show environment temp' command > becomes the missing one and so on. This is what leads me to believe > that the 'show version' command is not "finishing clean" or however > that should be stated. Do I need to add some regex to the ShowVersion > subroutine to watch for some text in the lower portion of the 'show > version' command to "tell" the script that it's over and good or > something similar or am I way off track with all this? > > its probably that show environment clock o/p changed and ShowEnv is eat > that and the show environment fan o/p. but, why isnt obvious. if you > provide the hostname.raw file from NOPIPE=YES;export NOPIPE;nxrancid -d > hostname, that will help find the problem. > > > Here's the debug output (slightly shortened): > > > > # nxrancid -d x.x.x.x > > > > executing clogin -t 90 -c"term no monitor-force;show version;show > environment fan;show environment temperature;show environment power; > ......" x.x.x.x > > PROMPT MATCH: NY4-CORE-SW01# > > HIT COMMAND:NY4-CORE-SW01# term no monitor-force > > In RunCommand: NY4-CORE-SW01# term no monitor-force > > HIT COMMAND:NY4-CORE-SW01# show version > > In ShowVersion: NY4-CORE-SW01# show version > > TYPE = NXOS > > HIT COMMAND:NY4-CORE-SW01# show environment temperature > > In ShowEnvTemp: NY4-CORE-SW01# show environment temperature > > HIT COMMAND:NY4-CORE-SW01# show environment power > > In ShowEnv: NY4-CORE-SW01# show environment power > > ... ... > > HIT COMMAND:NY4-CORE-SW01# show running-config > > In WriteTerm: NY4-CORE-SW01# show running-config > > 192.168.128.4: found exit > > 192.168.128.4: missed cmd(s): show environment fan > > > > Any light that could be shed on this is appreciated. > > > > Thanks, > > Bob Weaver > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From ecables at gmail.com Wed Mar 24 00:06:40 2010 From: ecables at gmail.com (Eric Cables) Date: Tue, 23 Mar 2010 17:06:40 -0700 Subject: [rancid] Dell PowerConnect 5316M device archival in 2.3.3 Message-ID: After a quick search through the archives, I came across this link ( http://www.rickyninja.net/rancid/), which quickly allowed me to archive a couple Dell PowerConnect switches that I inherited. I am currently running 2.3.2, but after checking the latest 2.3.3 tarball it doesn't appear to have native Dell integration. This also makes me wonder if the other changes I've made over the years through community based patches (SAN-OS support, for example) will be supported once moving to 2.3.3 (once it is officially released). Is it possible to add in the dlogin/drancid/fe-rancid updates found in the above into the 2.3.3 release? Are other community based patches generally incorporated into the next release, or is that not common practice? Thanks, -- Eric Cables -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100323/2053402f/attachment.html From peo at chalmers.se Wed Mar 24 06:23:14 2010 From: peo at chalmers.se (Per-Olof Olsson) Date: Wed, 24 Mar 2010 07:23:14 +0100 Subject: [rancid] Re: Nxrancid woes In-Reply-To: <66A20B39197AEA4F9B683592313C98BF0566F6@MRW-SRV-PMAIL02.corp.ibfx.com> References: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> <20100323203611.GQ15475@shrubbery.net> <66A20B39197AEA4F9B683592313C98BF0566F6@MRW-SRV-PMAIL02.corp.ibfx.com> Message-ID: <4BA9AFD2.9050208@chalmers.se> Hello Also running nexus 5000 that not work with nxrancid. I see that parsing of 'show version' don't exit. Add force exit by return(1) if /Core Plugin, Ethernet Plugin/; Also update ShowEnvTemp. Nexus5000 differ in output format! All exit triggers have to be updated ------------------------- nx-sw1# show klsf ^ % Invalid command at '^' marker. ------------------------ Error text are not trigging subroutine exit! Include my just now running test of "nx5rancid" /Peo Bob Weaver wrote: > We noticed early on that 'show environment clock' didn't work, on our Nexus switches anyway so it's been commented out from the beginning. I've used clogin to connect as our service.rancid user and tested all the other commands that aren't commented out and they work just fine from the console. > > I took a look at the .raw file and the output looks to me normal to me. The output of all the commands was there. The snipped below is the tail end of 'show version' and the head end of 'show environment fan'. I don't see anything that looks wrong but then I don't really know what I'm looking for either. Is it a problem that the 'MNY4-CORE-SW01# show environment fan' entry is attached to the end of the 'Core Plugin, Ethernet Plugin' part rather than being on its own line (newline)? Does that indicate that it thinks the '... fan' command was part of the 'show version' somehow? > > Kernel uptime is 206 day(s), 0 hour(s), 16 minute(s), 28 second(s)^M > ^M > Last reset ^M > Reason: Unknown^M > System version: 4.0(1a)N2(1)^M > Service: ^M > ^M > plugin^M > Core Plugin, Ethernet Plugin^MNY4-CORE-SW01# show environment fan^M^M > ^M > ^M > Fan:^M > ------------------------------------------------------^M > Fan Model Hw Status^M > ------------------------------------------------------^M > Chassis-1 N5K-C5020-FAN -- ok^M > Chassis-2 N5K-C5020-FAN -- ok^M > > Bob Weaver > > Ps, sorry about that first message in HTML format. I reloaded my computer last week and forgot to force Outlook back to plain text like I generally do. > >> Tue, Mar 23, 2010 at 07:50:57PM +0000, Bob Weaver: >>> We've been running Rancid for a couple years now on some pretty >> standard Cisco gear and the powers that be decided it was time to throw >> some Nexus switches into the mix. Seems like some strange things happen >> with these ones. We figured out that the service account Rancid uses to >> log in had to have a certain privilege level to execute some commands >> so that fixed our initial issues. But I'm still having some troubles. >>> I've done quite a bit of searching around and narrowed the main >> problem down to the 'show version' command. It would appear that it >> does not have an EOL or something like that so the command that >> immediately follows it in the list appears to fail. In the debug output >> below I can see the first two commands then it appears to skip the >> 'show environment fan' which is right after the 'show version' in the >> command list then reports that it failed. If I comment out the 'show >> environment fan' command then the 'show environment temp' command >> becomes the missing one and so on. This is what leads me to believe >> that the 'show version' command is not "finishing clean" or however >> that should be stated. Do I need to add some regex to the ShowVersion >> subroutine to watch for some text in the lower portion of the 'show >> version' command to "tell" the script that it's over and good or >> something similar or am I way off track with all this? >> >> its probably that show environment clock o/p changed and ShowEnv is eat >> that and the show environment fan o/p. but, why isnt obvious. if you >> provide the hostname.raw file from NOPIPE=YES;export NOPIPE;nxrancid -d >> hostname, that will help find the problem. >> >>> Here's the debug output (slightly shortened): >>> >>> # nxrancid -d x.x.x.x >>> >>> executing clogin -t 90 -c"term no monitor-force;show version;show >> environment fan;show environment temperature;show environment power; >> ......" x.x.x.x >>> PROMPT MATCH: NY4-CORE-SW01# >>> HIT COMMAND:NY4-CORE-SW01# term no monitor-force >>> In RunCommand: NY4-CORE-SW01# term no monitor-force >>> HIT COMMAND:NY4-CORE-SW01# show version >>> In ShowVersion: NY4-CORE-SW01# show version >>> TYPE = NXOS >>> HIT COMMAND:NY4-CORE-SW01# show environment temperature >>> In ShowEnvTemp: NY4-CORE-SW01# show environment temperature >>> HIT COMMAND:NY4-CORE-SW01# show environment power >>> In ShowEnv: NY4-CORE-SW01# show environment power >>> ... ... >>> HIT COMMAND:NY4-CORE-SW01# show running-config >>> In WriteTerm: NY4-CORE-SW01# show running-config >>> 192.168.128.4: found exit >>> 192.168.128.4: missed cmd(s): show environment fan >>> >>> Any light that could be shed on this is appreciated. >>> >>> Thanks, >>> Bob Weaver >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: nx5rancid Url: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100324/e229263b/attachment.ksh From wpereira at pop-sp.rnp.br Wed Mar 24 12:43:39 2010 From: wpereira at pop-sp.rnp.br (Wagner Pereira) Date: Wed, 24 Mar 2010 09:43:39 -0300 Subject: [rancid] htpasswd is working in only one machine Message-ID: <4BAA08FB.8090405@pop-sp.rnp.br> Hi, folks. I made all the configs described in the manual, but the htpasswd/htaccess authentication method is working only in my machine. It means that just for me it is necessary provide the user/password for access the Rancid via cvsweb. Thanks for any help. -- Wagner Pereira PoP-SP/RNP - Ponto de Presen?a da RNP em S?o Paulo CCE/USP - Centro de Computa??o Eletr?nica da Universidade de S?o Paulo http://www.pop-sp.rnp.br Tel. (11) 3091-8901 From rwest at zyedge.com Wed Mar 24 12:48:59 2010 From: rwest at zyedge.com (Ryan West) Date: Wed, 24 Mar 2010 12:48:59 +0000 Subject: [rancid] Re: htpasswd is working in only one machine In-Reply-To: <4BAA08FB.8090405@pop-sp.rnp.br> References: <4BAA08FB.8090405@pop-sp.rnp.br> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD1923E5@zy-ex1.zyedge.local> Wagner, > -----Original Message----- > Sent: Wednesday, March 24, 2010 8:44 AM > To: Rancid Mailing List > Subject: [rancid] htpasswd is working in only one machine > > Hi, folks. > > I made all the configs described in the manual, but the > htpasswd/htaccess authentication method is working only in my machine. > > It means that just for me it is necessary provide the user/password for > access the Rancid via cvsweb. > > Thanks for any help. > This is out of scope of RANCID, but this is what I used for LDAP authentication and simple .htaccess. http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html#LDAP -ryan From heas at shrubbery.net Wed Mar 24 21:11:38 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 24 Mar 2010 14:11:38 -0700 Subject: [rancid] Re: Nxrancid woes In-Reply-To: <4BA9AFD2.9050208@chalmers.se> References: <66A20B39197AEA4F9B683592313C98BF0566A2@MRW-SRV-PMAIL02.corp.ibfx.com> <20100323203611.GQ15475@shrubbery.net> <66A20B39197AEA4F9B683592313C98BF0566F6@MRW-SRV-PMAIL02.corp.ibfx.com> <4BA9AFD2.9050208@chalmers.se> Message-ID: <20100324211138.GA4304@shrubbery.net> Wed, Mar 24, 2010 at 07:23:14AM +0100, Per-Olof Olsson: > Hello > > > Also running nexus 5000 that not work with nxrancid. > > I see that parsing of 'show version' don't exit. > Add force exit by > return(1) if /Core Plugin, Ethernet Plugin/; > > Also update ShowEnvTemp. Nexus5000 differ in output format! please try the attached. if this doesn't work, please send the .raw file as described below to me. > >> if you > >> provide the hostname.raw file from NOPIPE=YES;export NOPIPE;nxrancid -d > >> hostname, that will help find the problem. -------------- next part -------------- #! @PERLV_PATH@ ## ## $Id: nxrancid.in 2170 2010-03-24 21:07:00Z heas $ ## ## @PACKAGE@ @VERSION@ ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-dV] [-l] [-f filename | hostname] # use Getopt::Std; getopts('dflV'); if ($opt_V) { print "@PACKAGE@ @VERSION@\n"; exit(0); } $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $timeo = 90; # clogin timeout in seconds my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string) = (@_); if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); if (/^Cisco Nexus Operating System/) { $type = "NXOS";} if (/^Software$/) { while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^\s*$cmd\s*$/); if (/^$/) { goto EndSoftware; } /\s*([^:]*:)\s*(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!Software: $1 $2\n") && next; } } EndSoftware: if (/^Hardware$/) { while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^\s*$cmd\s*$/); if (/^$/) { goto EndHardware; } if (/^\s*(.*) CPU\s*with (\d*) kB(.*)$/) { my($tmp) = int($2 / 1024); ProcessHistory("COMMENTS","keysort","A2", "!Hardware: $1 CPU with $tmp MB$3\n"); next; } if (/^\s*(.*)\s*with (\d*) kB(.*)$/) { my($tmp) = int($2 / 1024); ProcessHistory("COMMENTS","keysort","A2", "!Hardware: $1with $tmp MB$3\n"); next; } /^\s*(.*)$/ && ProcessHistory("COMMENTS","keysort","A2", "!Hardware: $1\n") && next; } } EndHardware: if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/) { my($tmp) = int($2 / 1024); ProcessHistory("COMMENTS","keysort","B1", "!Memory: $1: $tmp MB$3\n"); next; } } print STDERR "TYPE = $type\n" if ($debug); ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $proc - a $type router\n"); ProcessHistory("COMMENTS","keysort","B0", "!\n"); ProcessHistory("COMMENTS","keysort","C0", "!\n"); ProcessHistory("COMMENTS","","", "!\n"); return(0); } # This routine parses "show version build-info" sub ShowVersionBuild { print STDERR " In ShowVersionBuild: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); /^Built By / && ProcessHistory("COMMENTS","","", "!Build: $_"); /^On Date / && ProcessHistory("COMMENTS","","", "!Build: $_"); /^From Tree / && ProcessHistory("COMMENTS","","", "!Build: $_"); /^Base Tag / && ProcessHistory("COMMENTS","","", "!Build: $_"); /^Release for / && ProcessHistory("COMMENTS","","", "!Build: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show license *" sub ShowLicense { print STDERR " In ShowLicense: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); /^-+$/ && next; # Skip lines of all dashes. s/ Grace .+$/ Grace/; # Drop anything after Grace. ProcessHistory("COMMENTS","","", "!LIC: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show system redundancy status" sub ShowRedundancy { print STDERR " In ShowRedundancy: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Red: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show environment" sub ShowEnv { print STDERR " In ShowEnv: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { last; }; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show environment temperature" sub ShowEnvTemp { print STDERR " In ShowEnvTemp: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); # Cut out CurTemp - drop the 2nd to last field. #-------------------------------------------------------------------- #Module Sensor MajorThresh MinorThres CurTemp Status # (Celsius) (Celsius) (Celsius) #5 Outlet1 (s1) 125 125 33 Ok #5 QEng1Sn1(s10) 115 105 39 Ok s/^(.+\s)(\S+\s+)(\S+\s*)$/$1$3/; s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show environment power" sub ShowEnvPower { print STDERR " In ShowEnvPower: $_" if ($debug); while () { tr/\015//d; if (/^$prompt/) { last}; next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); # Cut out Actual Output/Draw. #Power Actual Total #Supply Model Output Capacity Status # (Watts ) (Watts ) #------- ------------------- ----------- ----------- -------------- #1 ------------ 0 W 0 W Absent #3 749 W 5480 W Ok # Actual Power #Module Model Draw Allocated Status # (Watts ) (Watts ) #------- ------------------- ----------- ----------- -------------- #2 NURBURGRING N/A 573 W Powered-Up #fan1 N/A 720 W Powered-Up s/ Actual / /; s/ Output / /; s/ \(Watts \) / /; s/ Draw / /; s/ ----------- / /; s/ N\/A / / || s/ \d+ W / /; # Does not chop enough to line up. /actual draw/ && next; # Drop changing total power output. s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Env: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show boot" sub ShowBoot { print STDERR " In ShowBoot: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if /Ambiguous command/i; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); s/ variable = / = /; ProcessHistory("COMMENTS","","","!Variable: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(1) if /(No such device|Error Sending Request)/i; return(1) if /\%Error: No such file or directory/; return(1) if /No space information available/; return(1) if / is either not present or not formatted/; return(-1) if /\%Error calling/; return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; if (/^\s*(\d+) bytes /) { my($tmp) = int($1 / (1024 * 1024)); s/$1 bytes /$tmp MB /; } ProcessHistory("COMMENTS","","","!Flash: $dev: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show module". sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); while () { tr/\015//d; return if (/^\s*\^$/); last if (/online diag status/i); last if (/^$prompt/); next if (/^\s*$cmd\s*$/); return(1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); s/(.*) \*$/$1/; # Drop a trailing '*' /^\* this terminal session/ && next; s/ +$//; # Drop trailing ' ' ProcessHistory("COMMENTS","","","!Mod: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show inventory". sub ShowInventory { print STDERR " In ShowInventory: $_" if ($debug); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); if (/^(NAME: "[^"]*",)\s+(DESCR: "[^"]+")/) { ProcessHistory("COMMENTS","","", sprintf("!%-30s %s\n", $1, $2)); next; } # split PID/VID/SN line if (/^PID: (\S*)\s*,\s+VID: (\S*)\s*,\s+SN: (\S*)\s*$/) { my($entries) = ""; $entries .= "!PID: $1\n" if ($1); $entries .= "!VID: $2\n" if ($2); $entries .= "!SN: $3\n" if ($3); ProcessHistory("COMMENTS","","", "$entries"); next; } # split broken PID/VID/SN lines. if (/^PID: (\S*)\s*,\s+VID: (\S*)\s*$/) { my($entries) = ""; $entries .= "!PID: $1\n" if ($1); $entries .= "!VID: $2\n" if ($2); ; tr/\015//d; /^\s*,\s+SN: (\S*)\s*$/; $entries .= "!SN: $1\n" if ($1); ProcessHistory("COMMENTS","","", "$entries"); next; } ProcessHistory("COMMENTS","","","!$_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show vtp status" sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","","","!VTP: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); ($_ = , return(1)) if (!$DO_SHOW_VLAN); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(1) if /Ambiguous command/i; # newer releases (~12.1(9)) place the vlan config in the normal # configuration (write term). return(1) if ($type =~ /^(3550|4500)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); s/^$1\s{$len}//; } ProcessHistory("COMMENTS","","","!VLAN: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show debug" sub ShowDebug { print STDERR " In ShowDebug: $_" if ($debug); my($lines) = 0; while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); /^No matching debug flags set$/ && next; /^No debug flags set$/ && next; ProcessHistory("COMMENTS","","","!DEBUG: $_"); $lines++; } if ($lines) { ProcessHistory("COMMENTS","","","!\n"); } return(0); } # This routine parses "show cores" sub ShowCores { print STDERR " In ShowCores: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); ProcessHistory("COMMENTS","","","!CORES: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show processes log" sub ShowProcLog { print STDERR " In ShowProcLog: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/\% Invalid command at /); return(-1) if (/command authorization failed/i); ProcessHistory("COMMENTS","","","!PROC_LOGS: $_"); } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); my($lineauto,$comment,$linecnt) = (0,0,0); while () { tr/\015//d; last if (/^$prompt/); return(1) if /Line has invalid autocommand /; return(1) if (/(Invalid input detected|Type help or )/i); return(-1) if (/\% Invalid command at /); return(0) if ($found_end); # Only do this routine once return(-1) if (/command authorization failed/i); # /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked $linecnt++; $lineauto = 0 if (/^[^ ]/); # # skip the crap # if (/^(##+$|(Building|Current) configuration)/i) { # while () { # next if (/^Current configuration\s*:/i); # next if (/^:/); # next if (/^([%!].*|\s*)$/); # next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S # last; # } # if (defined($config_register)) { # ProcessHistory("","","","!\nconfig-register $config_register\n"); # } # tr/\015//d; # } # # some versions have other crap mixed in with the bits in the # # block above # /^! (Last configuration|NVRAM config last)/ && next; # # skip consecutive comment lines to avoid oscillating extra comment # # line on some access servers. grrr. # if (/^!/) { # next if ($comment); # ProcessHistory("","","",$_); # $comment++; # next; # } # $comment = 0; # Dog gone Cool matches to process the rest of the config /^!Command: show running-config/ && next; # kill this junk /^!Time: / && next; # kill this junk # /^tftp-server flash / && next; # kill any tftp remains # /^ntp clock-period / && next; # kill ntp clock-period # /^ length / && next; # kill length on serial lines # /^ width / && next; # kill width on serial lines # $lineauto = 1 if /^ modem auto/; # /^ speed / && $lineauto && next; # kill speed on serial lines # /^ clockrate / && next; # kill clockrate on serial interfaces # if (/^(enable )?(password|passwd)( level \d+)? / && $filter_pwds >= 1) { # ProcessHistory("ENABLE","","","!$1$2$3 \n"); # next; # } # if (/^(enable secret) / && $filter_pwds >= 2) { # ProcessHistory("ENABLE","","","!$1 \n"); # next; # } # if (/^username (\S+)(\s.*)? secret /) { # if ($filter_pwds >= 2) { # ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); # } else { # ProcessHistory("USER","keysort","$1","$_"); # } # next; # } # Sort username and delete passwords. if (/^username (\S+) password (\d) (\S+)(\s.*)$/) { if ($filter_pwds >= 2) { ProcessHistory("USER","keysort","$1","!username $1 password $4\n"); } elsif ($filter_pwds >= 1 && $2 ne "5") { ProcessHistory("USER","keysort","$1","!username $1 password $4\n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } # Sort any other username info. /^username (\S+) .*$/ && ProcessHistory("USER","keysort","$1","$_") && next; # Sort snmp user and delete passwords. if (/^snmp-server user (\S+) (\S+) auth md5 (\S+) priv (\S+) localizedkey$/) { if ($filter_pwds >= 2) { ProcessHistory("SNMP-USER","keysort","$1","!snmp-server user $1 $2 auth md5 priv localizedkey\n"); } else { ProcessHistory("SNMP-USER","keysort","$1","$_"); } next; } # Sort any other snmp user info. /^snmp-server user (\S+) .*$/ && ProcessHistory("SNMP-USER","keysort","$1","$_") && next; # Delete bgp passwords. if (/^(\s*)password (\d) (\S+)(\s.*)?$/) { if ($filter_pwds >= 2) { ProcessHistory("","","","!$1password $4"); } elsif ($filter_pwds >= 1 && $2 ne "5") { ProcessHistory("","","","!$1password $4"); } else { ProcessHistory("","","","$_"); } next; } # # cisco AP w/ IOS # if (/^(wlccp \S+ username (\S+)(\s.*)? password) (\d \S+|\S+)/) { # if ($filter_pwds >= 1) { # ProcessHistory("USER","keysort","$2","!$1 \n"); # } else { # ProcessHistory("USER","keysort","$2","$_"); # } # next; # } # if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1\n"); # next; # } # if (/^( set session-key (in|out)bound esp \d+ (authenticator|cypher) )/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1\n"); # next; # } # if (/^(\s*)password / && $filter_pwds >= 1) { # ProcessHistory("LINE-PASS","","","!$1password \n"); # next; # } # if (/^(\s*)secret / && $filter_pwds >= 2) { # ProcessHistory("LINE-PASS","","","!$1secret \n"); # next; # } # if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { # ProcessHistory("","","","! neighbor $1 password \n"); # next; # } # if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # if (/^(ip ftp password) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # # isis passwords appear to be completely plain-text # if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) { # ProcessHistory("","","","!isis password $2\n"); next; # } # if (/^\s+(domain-password|area-password) (\S+)( .*)?/ # && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 $3\n"); next; # } # # this is reversable, despite 'md5' in the cmd # if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # # this is also reversable, despite 'md5 encrypted' in the cmd # if (/^( message-digest-key \d+ md5 (7|encrypted)) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 $'"); next; # } # # filter HSRP passwords # if (/^(\s+standby \d+ authentication) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # # this appears in "measurement/sla" images # if (/^(\s+key-string \d?)/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # if (/^( l2tp tunnel \S+ password)/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # # i am told these are plain-text on the PIX # if (/^(vpdn username (\S+) password)/) { # if ($filter_pwds >= 1) { # ProcessHistory("USER","keysort","$2","!$1 \n"); # } else { # ProcessHistory("USER","keysort","$2","$_"); # } # next; # } # if (/^( cable shared-secret )/ && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); # next; # } # /fair-queue individual-limit/ && next; # # sort ip explicit-paths. # if (/^ip explicit-path name (\S+)/) { # my($key) = $1; # my($expath) = $_; # while () { # tr/\015//d; # last if (/^$prompt/); # last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); # if (/^ip explicit-path name (\S+)/) { # ProcessHistory("EXPATH","keysort","$key","$expath"); # $key = $1; # $expath = $_; # } else { # $expath .= $_; # } # } # ProcessHistory("EXPATH","keysort","$key","$expath"); # } # # sort route-maps # if (/^route-map (\S+)/) { # my($key) = $1; # my($routemap) = $_; # while () { # tr/\015//d; # last if (/^$prompt/ || ! /^(route-map |[ !])/); # if (/^route-map (\S+)/) { # ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); # $key = $1; # $routemap = $_; # } else { # $routemap .= $_; # } # } # ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); # } # # filter out any RCS/CVS tags to avoid confusing local CVS storage # s/\$(Revision|Id):/ $1:/; # # order access-lists # /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && # ProcessHistory("ACL $1 $2","$aclsort","$3","$_") && next; # # order extended access-lists # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && # ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && # ProcessHistory("EACL $1 $2","$aclsort","$3","$_") && next; # /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && # ProcessHistory("EACL $1 $2","$aclsort","0.0.0.0","$_") && next; # # order arp lists # /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && # ProcessHistory("ARP","$aclsort","$1","$_") && next; # /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && # ProcessHistory("PACL $1 $3","$aclsort","$4","ip prefix-list $1 $3 $4$5\n") # && next; # # order logging statements # /^logging (\d+\.\d+\.\d+\.\d+)/ && # ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order cli alias names /^cli alias name (\S+) .*$/ && ProcessHistory("CLI-ALIAS","keysort","$1","$_") && next; # order snmp-server enable trap statements /^snmp-server enable traps (.*)$/ && ProcessHistory("SNMP-TRAPS","keysort","$1","$_") && next; # # order/prune snmp-server host statements # # we only prune lines of the form # # snmp-server host a.b.c.d # if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { # if ($filter_commstr) { # my($ip) = $1; # my($line) = "snmp-server host $ip"; # my(@tokens) = split(' ', $'); # my($token); # while ($token = shift(@tokens)) { # if ($token eq 'version') { # $line .= " " . join(' ', ($token, shift(@tokens))); # if ($token eq '3') { # $line .= " " . join(' ', ($token, shift(@tokens))); # } # } elsif ($token eq 'vrf') { # $line .= " " . join(' ', ($token, shift(@tokens))); # } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { # $line .= " " . $token; # } else { # $line = "!$line " . join(' ', ("", join(' ', at tokens))); # last; # } # } # ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); # } else { # ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); # } # next; # } # if (/^(snmp-server community) (\S+)/) { # if ($filter_commstr) { # ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; # } else { # ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; # } # } # # prune tacacs/radius server keys # if (/^((tacacs|radius)-server\s(\w*[-\s(\s\S+])*\s?key) (\d )?\w+/ # && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 $'"); next; # } # # order clns host statements # /^clns host \S+ (\S+)/ && # ProcessHistory("CLNS","keysort","$1","$_") && next; # # order alias statements # /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # # delete ntp auth password - this md5 is a reversable too # if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { # ProcessHistory("","","","!$1 \n"); next; # } # # order ntp peers/servers # if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { # $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); # ProcessHistory("NTP","keysort",$sortkey,"$_"); # next; # } # # order ip host statements # /^ip host (\S+) / && # ProcessHistory("IPHOST","keysort","$1","$_") && next; # # order ip nat source static statements # /^ip nat (\S+) source static (\S+)/ && # ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # # order atm map-list statements # /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && # ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # # order ip rcmd lines # /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # # # system controller # /^syscon address (\S*) (\S*)/ && # ProcessHistory("","","","!syscon address $1 \n") && # next; # if (/^syscon password (\S*)/ && $filter_pwds >= 1) { # ProcessHistory("","","","!syscon password \n"); # next; # } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. the ": " game is for the PIX if (/^(: +)?end$/) { $found_end = 1; return(0); } } # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE, SAN, or NXOS and we have seen at least 5 lines # of write term output, we can be reasonably sure that we got the config. if (($type == "CE" || $type == "SAN" || $type == "NXOS" ) && $linecnt > 5) { $found_end = 1; return(0); } return(0); } # This routine parses a single command that returns no required info. sub RunCommand { print STDERR " In RunCommand: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); return(1) if /Line has invalid autocommand /; return(1) if (/(Invalid input detected|Type help or )/i); } return(0); } # dummy function sub DoNothing {print STDOUT;} ############################## # add these: # show version module X - wait until can show all # show version module X epld - wait until can show all ############################## # Main @commandtable = ( {'term no monitor-force' => 'RunCommand'}, {'show version' => 'ShowVersion'}, {'show version build-info all' => 'ShowVersionBuild'}, {'show license' => 'ShowLicense'}, {'show license usage' => 'ShowLicense'}, {'show license host-id' => 'ShowLicense'}, {'show system redundancy status' => 'ShowRedundancy'}, {'show environment clock' => 'ShowEnv'}, {'show environment fan' => 'ShowEnv'}, {'show environment temperature' => 'ShowEnvTemp'}, {'show environment power' => 'ShowEnvPower'}, {'show boot' => 'ShowBoot'}, {'dir bootflash:' => 'DirSlotN'}, {'dir debug:' => 'DirSlotN'}, {'dir logflash:' => 'DirSlotN'}, {'dir slot0:' => 'DirSlotN'}, {'dir usb1:' => 'DirSlotN'}, {'dir usb2:' => 'DirSlotN'}, {'dir volatile:' => 'DirSlotN'}, {'show module' => 'ShowModule'}, {'show module xbar' => 'ShowModule'}, {'show inventory' => 'ShowInventory'}, {'show vtp status' => 'ShowVTP'}, # drop? {'show vlan' => 'ShowVLAN'}, {'show debug' => 'ShowDebug'}, {'show cores vdc-all' => 'ShowCores'}, {'show processes log vdc-all' => 'ShowProcLog'}, {'show running-config' => 'WriteTerm'}, ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $cisco_cmds = join(";", at commands); $cmds_regexp = join("|", map quotemeta($_), @commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/[>#]\s?exit$/) { print STDERR ("$host: found exit\n") if ($debug); $clean_run = 1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run = 0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; print STDERR ("$host: $cmd failed: $rval\n") if ($debug); last TOP; } if (/[>#]\s?exit$/) { print STDERR ("$host: found exit\n") if ($debug); $clean_run = 1; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); print STDERR "$host: clean: $clean_run, end: $found_end\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } From heas at shrubbery.net Wed Mar 24 21:25:38 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 24 Mar 2010 14:25:38 -0700 Subject: [rancid] Re: Dell PowerConnect 5316M device archival in 2.3.3 In-Reply-To: References: Message-ID: <20100324212538.GB4304@shrubbery.net> Tue, Mar 23, 2010 at 05:06:40PM -0700, Eric Cables: > After a quick search through the archives, I came across this link ( > http://www.rickyninja.net/rancid/), which quickly allowed me to archive a > couple Dell PowerConnect switches that I inherited. I am currently running > 2.3.2, but after checking the latest 2.3.3 tarball it doesn't appear to have > native Dell integration. This also makes me wonder if the other changes > I've made over the years through community based patches (SAN-OS support, > for example) will be supported once moving to 2.3.3 (once it is officially > released). > > Is it possible to add in the dlogin/drancid/fe-rancid updates found in the > above into the 2.3.3 release? Are other community based patches generally > incorporated into the next release, or is that not common practice? I won't import patches or new modules that I can't verify somehow because they become support burdens for me - only occasionally is a contributed module 95%+ functional and if i dont have that h/w myself, its really difficult to help with problems. riverstone and netscreen for example. nothing against their authors; consider my side of it. someone else, you, verifying that the module works is great. I'd like to see o/p and .raw files from a few folks, w/o stuff removed (change things like password crypts to something similar but equal syntax), to help ensure everything is covered. then try to make sure that error cases are handled. please share your o/p. i'm happy to make an unsupported section of the ftpsite for unproven modules, if folks would like to send them to me. From ecables at gmail.com Wed Mar 24 21:44:56 2010 From: ecables at gmail.com (Eric Cables) Date: Wed, 24 Mar 2010 14:44:56 -0700 Subject: [rancid] Re: Dell PowerConnect 5316M device archival in 2.3.3 In-Reply-To: <20100324212538.GB4304@shrubbery.net> References: <20100324212538.GB4304@shrubbery.net> Message-ID: An unsupported, or "use at your own risk," modules section on the FTP site would certainly make finding these easier, and allow for a central repository that will remain up as long as RANCID is supported. As it stands now they are hosted on various FTP/Web servers, which will probably be broken links as time goes by. -- Eric Cables On Wed, Mar 24, 2010 at 2:25 PM, john heasley wrote: > Tue, Mar 23, 2010 at 05:06:40PM -0700, Eric Cables: > > After a quick search through the archives, I came across this link ( > > http://www.rickyninja.net/rancid/), which quickly allowed me to archive > a > > couple Dell PowerConnect switches that I inherited. I am currently > running > > 2.3.2, but after checking the latest 2.3.3 tarball it doesn't appear to > have > > native Dell integration. This also makes me wonder if the other changes > > I've made over the years through community based patches (SAN-OS support, > > for example) will be supported once moving to 2.3.3 (once it is > officially > > released). > > > > Is it possible to add in the dlogin/drancid/fe-rancid updates found in > the > > above into the 2.3.3 release? Are other community based patches > generally > > incorporated into the next release, or is that not common practice? > > I won't import patches or new modules that I can't verify somehow because > they become support burdens for me - only occasionally is a contributed > module 95%+ functional and if i dont have that h/w myself, its really > difficult to help with problems. riverstone and netscreen for example. > nothing against their authors; consider my side of it. > > someone else, you, verifying that the module works is great. I'd like to > see o/p and .raw files from a few folks, w/o stuff removed (change things > like password crypts to something similar but equal syntax), to help > ensure everything is covered. then try to make sure that error cases are > handled. please share your o/p. > > i'm happy to make an unsupported section of the ftpsite for unproven > modules, if folks would like to send them to me. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100324/ce3221c3/attachment.html From heas at shrubbery.net Wed Mar 24 23:24:14 2010 From: heas at shrubbery.net (john heasley) Date: Wed, 24 Mar 2010 16:24:14 -0700 Subject: [rancid] Re: Is there any way to show uncommitted changes In-Reply-To: References: <4BA90D21.4050500@davidkrider.com> <20100323185609.GL15475@shrubbery.net> Message-ID: <20100324232414.GG4304@shrubbery.net> Tue, Mar 23, 2010 at 01:08:11PM -0700, Chris Gauthier: > I would be very interested in such a script! I just don't have time to write it. for r in `cut -d: -f 1-3 */router.db | grep -i ':cisco:up' | cut -d: -f 1` do clogin -c 'write mem' $r end > Chris G. > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley > Sent: Tuesday, March 23, 2010 11:56 AM > To: David Krider > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Is there any way to show uncommitted changes > > Tue, Mar 23, 2010 at 02:49:05PM -0400, David Krider: > > I had hacked up my own version of Rancid without even knowing it (with > > expect, but no RCS). My version backed up both the `show config' and > > `show running' commands, and then did a diff between them, and sent any > > result in email for review. It was intended to show uncommitted changes > > to the gear. My boss sent me a link to Rancid, and I've just gotten it > > running and backing up several switches and a couple routers. Is there > > any way to get it to show me the difference between the running and > > permanent configs? I get the feeling there is, but I can't find it. > > no; write a script that takes router.db and uses *login -c 'command' to > save the config at some regular interval, such as daily. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From arnold at nipper.de Thu Mar 25 00:48:53 2010 From: arnold at nipper.de (Arnold Nipper) Date: Thu, 25 Mar 2010 01:48:53 +0100 Subject: [rancid] rancid for Arista Message-ID: <4BAAB2F5.1060106@nipper.de> Is there already someone working on it? Config is very C-ish, Arnold -- Arnold Nipper / nIPper consulting, Sandhausen, Germany email: arnold at nipper.de phone: +49 6224 9259 299 mobile: +49 172 2650958 fax: +49 6224 9259 333 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 251 bytes Desc: OpenPGP digital signature Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100325/10b8d8e3/attachment.bin From david at davidkrider.com Thu Mar 25 01:43:23 2010 From: david at davidkrider.com (David Krider) Date: Wed, 24 Mar 2010 21:43:23 -0400 Subject: [rancid] Re: Is there any way to show uncommitted changes In-Reply-To: <20100324232414.GG4304@shrubbery.net> References: <4BA90D21.4050500@davidkrider.com> <20100323185609.GL15475@shrubbery.net> <20100324232414.GG4304@shrubbery.net> Message-ID: <4BAABFBB.5090508@davidkrider.com> On 03/24/2010 07:24 PM, john heasley wrote: > Tue, Mar 23, 2010 at 01:08:11PM -0700, Chris Gauthier: >> I would be very interested in such a script! I just don't have time to write it. > > for r in `cut -d: -f 1-3 */router.db | grep -i ':cisco:up' | cut -d: -f 1` > do > clogin -c 'write mem' $r > end > Not to be obtuse, but what commands does rancid actually run normally? I know it's at least "show run", but there's some extra there. I've tried tracing the scripts, but I can't sort it out. I want to generate exactly the same output as it's getting during a normal run (except to "show conf"), so I can diff with the configs it's saving to the config directory, with as little differences as possible. dk From heas at shrubbery.net Thu Mar 25 05:47:13 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 25 Mar 2010 05:47:13 +0000 Subject: [rancid] Re: rancid for Arista In-Reply-To: <4BAAB2F5.1060106@nipper.de> References: <4BAAB2F5.1060106@nipper.de> Message-ID: <20100325054713.GA28180@shrubbery.net> Thu, Mar 25, 2010 at 01:48:53AM +0100, Arnold Nipper: > Is there already someone working on it? Config is very C-ish, see rancid 2.3.3 From jj33 at pobox.com Thu Mar 25 14:27:56 2010 From: jj33 at pobox.com (John Jetmore) Date: Thu, 25 Mar 2010 10:27:56 -0400 Subject: [rancid] Small issue with drancid and old Dell PowerConnect 3324 Message-ID: <8bf78fbc1003250727s8df4c17w3efd2ff04d5dca06@mail.gmail.com> I have the dlogin/drancid scripts from rickyninja.net working well(*) for a PowerConnect M6220, thanks much for the package. After getting it working I decided to try it on some older 3324s I have deployed. They are close to working just as well, I have only one oddity. The end of the config that gets committed to CVS looks like this: (...) plv-sw-02#exitConnection closed by foreign host. end In the output from the run I have this: FOUND PROMPT: plv-sw-02# found_end = 1, clean_run = 0 plv-sw-02: End of run not found end All routers sucessfully completed. I've confirmed that the final "end" gets added statically, so that's not as odd as I thought it was at first. The line which should be getting rid of that prompt is in drancid:WriteTerm(): if (/$prompt\s?exit$/) { warn "left WriteTerm on: $_"; $clean_run=1;last; } It seems I could make this go away by changing the regexp like so: if (/$prompt\s?exit(?:Connection closed by foreign host.\s*)?$/) { warn "left WriteTerm on: $_"; $clean_run=1;last; } My question then is whether this seems like the appropriate change (and possibly something that could go back into the rickyninja scripts) or if this is a sign of some issue with my switch config or some other item that I would be better off addressing externally to rancid. Thanks --John (*) For posterity, the rickyninja page lists the last release as 11/14/2009, but the package was actually last updated on 11/20/2009. I just happened to grab it on 11/19/2009, and though I only implemented it in the last couple of weeks I would have saved a bunch of diagnosing if I had realized I didn't have the most recent version. Here's the diff between the 20091114 and 20091120 versions: --- rancid-dell-extension-20091114/drancid 2009-11-14 13:02:14.000000000 -0600 +++ rancid-dell-extension-20091120/drancid 2009-11-20 00:28:19.000000000 -0600 @@ -154,8 +154,9 @@ return(1) if /^% Unrecognized command/; return(0) if ($found_version); # Only do this routine once # the pager can not be disabled per-session on the dell - s/^More: .+.*//sg; - s/^\s*--More-- or \\(q\\)uit.*//sg; + s/^More: .+ \033\[\K//; + s/^More: .+\s*//; + s/^\s*--More-- or \(q\)uit\s*//; ProcessHistory("","","","$_"); } ProcessHistory("","","","!\n"); @@ -173,8 +174,9 @@ next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^% Unrecognized command/; # the pager can not be disabled per-session on the dell - s/^More: .+.*//sg; - s/^\s*--More-- or \\(q\\)uit.*//sg; + s/^More: .+ \033\[\K//; + s/^More: .+\s*//; + s/^\s*--More-- or \(q\)uit\s*//; ProcessHistory("","","","$_"); } ProcessHistory("","","","!\n"); @@ -191,8 +193,9 @@ next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^% Unrecognized command/; # the pager can not be disabled per-session on the dell - s/^More: .+.*//sg; - s/^\s*--More-- or \\(q\\)uit.*//sg; + s/^More: .+ \033\[\K//; + s/^More: .+\s*//; + s/^\s*--More-- or \(q\)uit\s*//; if (/^(enable )?(password|passwd)( level \d+)? / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2$3 \n"); From jj33 at pobox.com Thu Mar 25 14:36:04 2010 From: jj33 at pobox.com (John Jetmore) Date: Thu, 25 Mar 2010 10:36:04 -0400 Subject: [rancid] Re: Small issue with drancid and old Dell PowerConnect 3324 In-Reply-To: <8bf78fbc1003250727s8df4c17w3efd2ff04d5dca06@mail.gmail.com> References: <8bf78fbc1003250727s8df4c17w3efd2ff04d5dca06@mail.gmail.com> Message-ID: <8bf78fbc1003250736i5d2ceaecv2fdd4be858230681@mail.gmail.com> Aaand I'm an idiot. I just saw this same issue addressed at http://www.rickyninja.net/rancid/patches/echo-newline-final-exit-3324.txt ahem. That patch is dated 3/10/2010, I thought I would have seen something on this list but I guess not. Sorry for the noise. --John On Thu, Mar 25, 2010 at 10:27 AM, John Jetmore wrote: > I have the dlogin/drancid scripts from rickyninja.net working well(*) > for a PowerConnect M6220, thanks much for the package. ?After getting > it working I decided to try it on some older 3324s I have deployed. > They are close to working just as well, I have only one oddity. ?The > end of the config that gets committed to CVS looks like this: > > ? ?(...) > ? ?plv-sw-02#exitConnection closed by foreign host. > ? ?end > > In the output from the run I have this: > > ? ?FOUND PROMPT: plv-sw-02# > ? ?found_end = 1, clean_run = 0 > ? ?plv-sw-02: End of run not found > ? ?end > ? ?All routers sucessfully completed. > > I've confirmed that the final "end" gets added statically, so that's > not as odd as I thought it was at first. ?The line which should be > getting rid of that prompt is in drancid:WriteTerm(): > > ? ?if (/$prompt\s?exit$/) { warn "left WriteTerm on: $_"; $clean_run=1;last; } > > It seems I could make this go away by changing the regexp like so: > > ? ?if (/$prompt\s?exit(?:Connection closed by foreign host.\s*)?$/) { > warn "left WriteTerm on: $_"; $clean_run=1;last; } > > My question then is whether this seems like the appropriate change > (and possibly something that could go back into the rickyninja > scripts) or if this is a sign of some issue with my switch config or > some other item that I would be better off addressing externally to > rancid. > > Thanks > --John > > (*) For posterity, the rickyninja page lists the last release as > 11/14/2009, but the package was actually last updated on 11/20/2009. > I just happened to grab it on 11/19/2009, and though I only > implemented it in the last couple of weeks I would have saved a bunch > of diagnosing if I had realized I didn't have the most recent version. > ?Here's the diff between the 20091114 and 20091120 versions: > > --- rancid-dell-extension-20091114/drancid ? ? ?2009-11-14 > 13:02:14.000000000 -0600 > +++ rancid-dell-extension-20091120/drancid ? ? ?2009-11-20 > 00:28:19.000000000 -0600 > @@ -154,8 +154,9 @@ > ? ? ? ? return(1) if /^% Unrecognized command/; > ? ? ? ? return(0) if ($found_version); ? ? ? ? ? ? ? ?# Only do this > routine once > ? ? ? ? # the pager can not be disabled per-session on the dell > - ? ? ? ?s/^More: .+.*//sg; > - ? ? ? ?s/^\s*--More-- or \\(q\\)uit.*//sg; > + ? ? ? ?s/^More: .+ \033\[\K//; > + ? ? ? ?s/^More: .+\s*//; > + ? ? ? ?s/^\s*--More-- or \(q\)uit\s*//; > ? ? ? ? ProcessHistory("","","","$_"); > ? ? } > ? ? ProcessHistory("","","","!\n"); > @@ -173,8 +174,9 @@ > ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); > ? ? ? ? return(1) if /^% Unrecognized command/; > ? ? ? ? # the pager can not be disabled per-session on the dell > - ? ? ? ?s/^More: .+.*//sg; > - ? ? ? ?s/^\s*--More-- or \\(q\\)uit.*//sg; > + ? ? ? ?s/^More: .+ \033\[\K//; > + ? ? ? ?s/^More: .+\s*//; > + ? ? ? ?s/^\s*--More-- or \(q\)uit\s*//; > ? ? ? ? ProcessHistory("","","","$_"); > ? ? } > ? ? ProcessHistory("","","","!\n"); > @@ -191,8 +193,9 @@ > ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); > ? ? ? ? return(1) if /^% Unrecognized command/; > ? ? ? ? # the pager can not be disabled per-session on the dell > - ? ? ? ?s/^More: .+.*//sg; > - ? ? ? ?s/^\s*--More-- or \\(q\\)uit.*//sg; > + ? ? ? ?s/^More: .+ \033\[\K//; > + ? ? ? ?s/^More: .+\s*//; > + ? ? ? ?s/^\s*--More-- or \(q\)uit\s*//; > > ? ? ? ? if (/^(enable )?(password|passwd)( level \d+)? / && > $filter_pwds >= 1) { > ? ? ? ? ? ? ProcessHistory("ENABLE","","","!$1$2$3 \n"); > From sjuon74 at gmail.com Thu Mar 25 07:37:14 2010 From: sjuon74 at gmail.com (Stefan Juon) Date: Thu, 25 Mar 2010 08:37:14 +0100 Subject: [rancid] figure out prompt in h3clogin fails Message-ID: Hi all I try to make rancid working for h3c/3com switches. Therefore I got the appropriate enhancements from http://sites.google.com/site/jrbinks/code/rancid/h3c. I can login to a switch using h3clogin, no problem. But once expect should figure out the prompt it hangs. Here is an example of sending the command "dis device" to a switch called npd0011: rancid at sksch001:~$ h3clogin -autoenable -t 5 -c "dis device" npd0011 npd0011 spawn ssh -c 3des -x -l rancid npd0011 rancid at npd0011's password: undo terminal monitor Info: Current terminal monitor is off. Error: TIMEOUT reached I firstly did some tries using the options autoenable and noenable, without any success. In the expect script h3clogin I noticed this section: # we are logged in, now figure out the full prompt send "\r" expect { -re "\[\r\n]+" { exp_continue; } # -re "^(.+:)1 $prompt" { # stoopid extreme cmd-line numbers and # # prompt based on state of config changes, # # which may have an * at the beginning. # h3c: # send_user "% test\r" # set junk $expect_out(1,string) # regsub -all "^\\\* " $expect_out(1,string) {} junk # set prompt ".? ?$junk\[0-9]+ $expect_out(2,string)"; # set platform "extreme" # } -re "^.+$prompt" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } -re "^.+> \\\(enable\\\)" { set junk $expect_out(0,string); regsub -all "\[\]\[]" $junk {\\&} prompt; } } I used to use expect in the past but this is far away...from my understanding we send a \r and as a next step we try to determine the prompt, which obviously failes. Any ideas? Rgs, Stefan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100325/c68e9854/attachment.html From Drikus.Brits at vodacom.co.za Thu Mar 25 17:55:39 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Thu, 25 Mar 2010 19:55:39 +0200 Subject: [rancid] rancid issues with IOS XR Message-ID: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> HI all, Hope someone can help on this issue. I seem to be having an issue logging onto IOS XR routers using clogin, or the xrrancid patch as described by previous forums. the output i get when using -autoenable or configuring the devices in my .cloginrc file returns the same output. It seems to skip the initial expect sequence for Username: and then returns with another auth reques, after the second prompt the expect script appear to have died, as i can then type in my own authentication details. User Access Verification Username: User Access Verification Username: telnet> quit Any ideas ? I have tried this on rancid 2.3.2a7 and the new 2.3.3, but still no luck. Thanks, Drikus ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From jethro.binks at strath.ac.uk Thu Mar 25 18:34:01 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 25 Mar 2010 18:34:01 +0000 (GMT) Subject: [rancid] Re: figure out prompt in h3clogin fails In-Reply-To: References: Message-ID: On Thu, 25 Mar 2010, Stefan Juon wrote: > I try to make rancid working for h3c/3com switches. Therefore I got the > appropriate enhancements from > http://sites.google.com/site/jrbinks/code/rancid/h3c. I can login to a > switch using h3clogin, no problem. But once expect should figure out the > prompt it hangs. Here is an example of sending the command "dis device" to a > switch called npd0011: Hi Stefan, I wrote this code, a long time ago. I haven't looked at it in ages, but it works day-to-day for me. However, when I wrote it I only had 3Com 5500 models. I've now got something else plus some more models to come soon, but I've not tested against them yet. What model were you trying this against? I'll do some more tests later. In the meantime, the usual method for debugging would be something like: env NOPIPE=y PATH=${PATH}:/usr/local/libexec/rancid h3crancid -d devicename which will create a .new and a .raw file without output in your working directory. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From heas at shrubbery.net Thu Mar 25 20:16:53 2010 From: heas at shrubbery.net (john heasley) Date: Thu, 25 Mar 2010 13:16:53 -0700 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> Message-ID: <20100325201653.GC4304@shrubbery.net> Thu, Mar 25, 2010 at 07:55:39PM +0200, Drikus Brits: > HI all, > > Hope someone can help on this issue. > > I seem to be having an issue logging onto IOS XR routers using clogin, or the xrrancid patch as described by previous forums. > > the output i get when using -autoenable or configuring the devices in my .cloginrc file returns the same output. > > It seems to skip the initial expect sequence for Username: and then returns with another auth reques, after the second prompt the expect script appear to have died, as i can then type in my own authentication details. > > User Access Verification > > Username: > > User Access Verification > > Username: > telnet> quit you'll have to share the o/p of clogin -d hostname with us. From Drikus.Brits at vodacom.co.za Fri Mar 26 06:36:06 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Fri, 26 Mar 2010 08:36:06 +0200 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <20100325201653.GC4304@shrubbery.net> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> Message-ID: <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> Hi, Find below the debug section 10.117.144.75 spawn telnet 10.117.144.75 parent: waiting for sync byte parent: telling child to go ahead parent: now unsynchronized from child spawn: returns {24151} expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no Trying 10.117.144.75... expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no Connected to 10.117.144.75. Escape character is '^]'. expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? no "Login invalid"? no CCC #################################################################################### ### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ### ### You must have explicit permission to access or configure this device. All expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no "(Connection closed by|Connection to [^\n\r]+ closed)"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match glob pattern "unknown host\r"? no expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match glob pattern "Host is unreachable"? no "No address associated with name"? no "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "(denied|Sorry)"? no "Login failed"? no "% (Bad passwords|Authentication failed)"? no "Press any key to continue"? no "Enter Selection: "? no "Last login:"? no "@[^\r\n]+ ([Pp]assword|passwd):"? no "(Username|Login|login|user name|User):"? no "([Pp]assword|passwd):"? no "(#| \(enable\))"? yes expect: set expect_out(0,string) "#" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n#" send: sending "\r" to { exp6 } expect: does "###################################################################################\r\n### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match regular expression "[\r\n]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "###################################################################################\r\n" expect: continuing expect expect: does "### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match regular expression "[\r\n]+"? yes expect: set expect_out(0,string) "\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "### UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ###\r\n" expect: continuing expect expect: does "### You must have explicit permission to access or configure this device. All " (spawn_id exp6) match regular expression "[\r\n]+"? no "^(.+[:.])1 ((#| \(enable\)))"? no "^.+(#| \(enable\))"? yes expect: set expect_out(0,string) "###" expect: set expect_out(1,string) "#" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "###" tty_raw_noecho: was raw = 0 echo = 1 spawn id exp6 sent < ###\r\n### activities performed on this device may be logged and violations of this ###\r\n### policy may result in disciplinary action and may be reported to law ###\r\n### enforcement agencies. There is no right to privacy on this device. ###\r\n####################################################################################\r\n\r\n MMNM\r\n MMMM\r\n MMNM\r\n MMNNM\r\n MMMM\r\n MMNM\r\n MMMMM\r\n MNMM\r\n MMMMM MMMMM MMMM\r\n MM> ### ### activities performed on this device may be logged and violations of this ### ### policy may result in disciplinary action and may be reported to law ### ### enforcement agencies. There is no right to privacy on this device. ### #################################################################################### MMNM MMMM MMNM MMNNM MMMM MMNM MMMMM MNMM MMMMM MMMMM MMMM MMspawn id exp6 sent MM MM MM MMMMM MMMM MMNM MM MMM NMNMN MMMM MMMMMMMMMMMMNMM MNM MMM MMMMN MMMMM MMMMM MMM MMMN MMMM MMMM MMMM MMMM MMMM MMMM MMMM MNMMMMspawn id exp6 sent MMMM MMM MMMM NMMM MMMM MMNM MMMMM MMMMMM MMM MMMNMM MMMM MMMM MNMM MMNMM MMMMMM MMMMMMMMM MMM MMM MMMMM MMMM MNMMMMMM MMM MNM MMMMM MMMM MM MM MMMMM MNMMM MM M MNMM MDMM M M NMM MMMM MMMM ##################################################################################### ### Device Hostname ### ### my-ios-xr ### ##################################################################################### spawn id exp6 sent <\r\nUser Access Verification\r\n\r\nUsername: > User Access Verification Username: spawn id exp6 sent <\r\n> spawn id exp6 sent <\r\nUser Access Verification\r\n\r\nUsername: > User Access Verification Username: spawn id exp0 sent ----- at this point I sent a couple of d's spawn id exp0 sent spawn id exp6 sent dspawn id exp6 sent dspawn id exp0 sent <\u001d> ----- and quit the telnet session spawn id exp6 sent <\r\ntelnet> > telnet> spawn id exp0 sent spawn id exp6 sent qspawn id exp0 sent spawn id exp6 sent uspawn id exp0 sent spawn id exp6 sent ispawn id exp0 sent spawn id exp6 sent tspawn id exp0 sent <\r> spawn id exp6 sent <\r\nConnection closed.\r\n> Connection closed. interact: received eof from spawn_id exp6 write() failed to write anything - will sleep(1) and retry... tty_set: raw = 0, echo = 1 tty_set: raw = 5, echo = 0 -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Thursday, March 25, 2010 10:17 PM To: Drikus Brits Cc: Rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid issues with IOS XR Thu, Mar 25, 2010 at 07:55:39PM +0200, Drikus Brits: > HI all, > > Hope someone can help on this issue. > > I seem to be having an issue logging onto IOS XR routers using clogin, or the xrrancid patch as described by previous forums. > > the output i get when using -autoenable or configuring the devices in my .cloginrc file returns the same output. > > It seems to skip the initial expect sequence for Username: and then returns with another auth reques, after the second prompt the expect script appear to have died, as i can then type in my own authentication details. > > User Access Verification > > Username: > > User Access Verification > > Username: > telnet> quit you'll have to share the o/p of clogin -d hostname with us. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From sjuon74 at gmail.com Fri Mar 26 08:43:16 2010 From: sjuon74 at gmail.com (Stefan Juon) Date: Fri, 26 Mar 2010 09:43:16 +0100 Subject: [rancid] Re: figure out prompt in h3clogin fails Message-ID: >Hi Stefan, >I wrote this code, a long time ago. I haven't looked at it in ages, but >it works day-to-day for me. However, when I wrote it I only had 3Com 5500 >models. I've now got something else plus some more models to come soon, >but I've not tested against them yet. What model were you trying this >against?> > >I'll do some more tests later. > >In the meantime, the usual method for debugging would be something like: > > env NOPIPE=y PATH=${PATH}:/usr/local/libexec/rancid h3crancid -d devicename > >which will create a .new and a .raw file without output in your working >directory. > >Jethro. Nice to meet u Jethro and thank you for you effort for h3clogin ;-) I try to make rancid work against a H3C S5120 (and furthermore a S7500E, S5800). Once I set NOPIPE=y the .new and .raw are touched. However there is no new information: .new: !RANCID-CONTENT-TYPE: h3c ! .raw: npd0011 spawn ssh -c 3des -x -l rancid npd0011 rancid at npd0011's password: undo terminal monitor Info: Current terminal monitor is off. Error: TIMEOUT reached Am I right the after sending \r the prompt is automaticlly determined? Stefan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100326/379f79d8/attachment.html From jj33 at pobox.com Fri Mar 26 12:05:10 2010 From: jj33 at pobox.com (John Jetmore) Date: Fri, 26 Mar 2010 08:05:10 -0400 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> Message-ID: <8bf78fbc1003260505o2792e022sff498b237cc509ac@mail.gmail.com> This looks similar to a problem we had where the '#' symbols in our banner were being mistaken for the '#' in the enable prompt and confusing rancid. One of my colleagues applied this patch before I was involved in our rancid install: 423a428,435 > -re ".+##########.+Verification" { > # Account for the hosed up banner via telnet > exp_continue > } > -re ".+##########.+" { > # Account for the hosed up banner via ssh > exp_continue > } This may be a silly patch but it's worked for us and I've never had to reevaluate it. If you used something like this you might have to change the number of contiguous hashes based on the output you sent. --John 2010/3/26 Drikus Brits : > Hi, > > Find below the debug section > > > > 10.117.144.75 > spawn telnet 10.117.144.75 > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {24151} > > expect: does "" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > "(#| \(enable\))"? no > "Login invalid"? no > Trying 10.117.144.75... > > expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.117.144.75...\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > "(#| \(enable\))"? no > "Login invalid"? no > Connected to 10.117.144.75. > Escape character is '^]'. > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > "(#| \(enable\))"? no > "Login invalid"? no > > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\n" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > "(#| \(enable\))"? no > "Login invalid"? no > CCC > #################################################################################### > ### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?### > ### You must have explicit permission to access or configure this device. All > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match regular expression "(Connection refused|Secure connection [^\n\r]+ refused)"? no > "(Connection closed by|Connection to [^\n\r]+ closed)"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match glob pattern "unknown host\r"? no > > expect: does "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n####################################################################################\r\n### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match glob pattern "Host is unreachable"? no > "No address associated with name"? no > "(Host key not found |The authenticity of host .* be established).*(yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "(denied|Sorry)"? no > "Login failed"? no > "% (Bad passwords|Authentication failed)"? no > "Press any key to continue"? no > "Enter Selection: "? no > "Last login:"? no > "@[^\r\n]+ ([Pp]assword|passwd):"? no > "(Username|Login|login|user name|User):"? no > "([Pp]assword|passwd):"? no > "(#| \(enable\))"? yes > expect: set expect_out(0,string) "#" > expect: set expect_out(1,string) "#" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "Trying 10.117.144.75...\r\nConnected to 10.117.144.75.\r\nEscape character is '^]'.\r\n\r\nCCC\r\n#" > send: sending "\r" to { exp6 } > > expect: does "###################################################################################\r\n### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match regular expression "[\r\n]+"? yes > expect: set expect_out(0,string) "\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "###################################################################################\r\n" > expect: continuing expect > > expect: does "### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match regular expression "[\r\n]+"? yes > expect: set expect_out(0,string) "\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "### ? ? ? ? ? ?UNAUTHORISED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED ? ? ? ? ?###\r\n" > expect: continuing expect > > expect: does "### You must have explicit permission to access or configure this device. All ?" (spawn_id exp6) match regular expression "[\r\n]+"? no > "^(.+[:.])1 ((#| \(enable\)))"? no > "^.+(#| \(enable\))"? yes > expect: set expect_out(0,string) "###" > expect: set expect_out(1,string) "#" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "###" > tty_raw_noecho: was raw = 0 ?echo = 1 > spawn id exp6 sent < ?###\r\n### activities performed on this device may be logged and violations of this ? ? ###\r\n### policy may result in disciplinary action and may be reported to law ? ? ? ? ?###\r\n### enforcement agencies. There is no right to privacy on this device. ? ? ? ? ? ###\r\n####################################################################################\r\n\r\n ? ? ? ? ? ? ? ? ? ? ? ?MMNM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNNM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MMMMM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MNMM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MMMMM MMMMM ?MMMM\r\n ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MM> > ?### > ### activities performed on this device may be logged and violations of this ? ? ### > ### policy may result in disciplinary action and may be reported to law ? ? ? ? ?### > ### enforcement agencies. There is no right to privacy on this device. ? ? ? ? ? ### > #################################################################################### > > ? ? ? ? ? ? ? ? ? ? ? ?MMNM > ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNNM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MMMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MNMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MMMMM MMMMM ?MMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?MMspawn id exp6 sent > MM MM MM MMMMM ?MMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMNM ?MM MMM ?NMNMN ?MMMM > ? ? ? ? ? ? ? ? ? MMMMMMMMMMMMNMM ?MNM MMM ? MMMMN ? MMMMM > ? ? ? ? ? ? ? ? MMMMM ? ? ? ?MMM ?MMMN ?MMMM ?MMMM ? ? MMMM > ? ? ? ? ? ? ? ? MMMM ? ? ? ?MMMM ?MMMM ?MMMM ?MNMMMMspawn id exp6 sent > MMMM ? MMM > ? ? ? ? ? ? ? ? ? MMMM ? ? ?NMMM ?MMMM ?MMNM ?MMMMM ? MMMMMM MMM > ? ? ? ? ? ? ? ? ? ?MMMNMM ? MMMM ?MMMM ?MNMM ?MMNMM ? ? ? ? MMMMMM > ? ? ? ? ? ? ? ? ? ? ? ?MMMMMMMMM ? MMM ?MMM ?MMMMM ? ? ? ? ? ? ?MMMM > ? ? ? ? ? ? ? ? ? ? ? ? ?MNMMMMMM ?MMM ?MNM ?MMMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM ? ?MM ?MM ?MMMMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MNMMM MM ?M ?MNMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MDMM M ?M NMM > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? MMMM ?MMMM > > ##################################################################################### > ### ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Device Hostname ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ### > ### ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?my-ios-xr ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?### > ##################################################################################### > > spawn id exp6 sent <\r\nUser Access Verification\r\n\r\nUsername: > > > User Access Verification > > Username: spawn id exp6 sent <\r\n> > > spawn id exp6 sent <\r\nUser Access Verification\r\n\r\nUsername: > > > User Access Verification > > Username: spawn id exp0 sent ? ? ? ? ? ? ? ? ? ----- at this point I sent a couple of d's > spawn id exp0 sent > spawn id exp6 sent > dspawn id exp6 sent > dspawn id exp0 sent <\u001d> ? ? ? ? ? ? ? ? ? ? ? ----- and quit the telnet session > spawn id exp6 sent <\r\ntelnet> > > > telnet> spawn id exp0 sent > spawn id exp6 sent > qspawn id exp0 sent > spawn id exp6 sent > uspawn id exp0 sent > spawn id exp6 sent > ispawn id exp0 sent > spawn id exp6 sent > tspawn id exp0 sent <\r> > spawn id exp6 sent <\r\nConnection closed.\r\n> > > Connection closed. > interact: received eof from spawn_id exp6 > write() failed to write anything - will sleep(1) and retry... > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tty_set: raw = 0, echo = 1 > tty_set: raw = 5, echo = 0 > > > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Thursday, March 25, 2010 10:17 PM > To: Drikus Brits > Cc: Rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid issues with IOS XR > > Thu, Mar 25, 2010 at 07:55:39PM +0200, Drikus Brits: >> HI all, >> >> Hope someone can help on this issue. >> >> I seem to be having an issue logging onto IOS XR routers using clogin, or the xrrancid patch as described by previous forums. >> >> the output i get when using -autoenable or configuring the devices in my .cloginrc file returns the same output. >> >> It seems to skip the initial expect sequence for Username: and then returns with another auth reques, after the second prompt the expect script appear to have died, as i can then type in my own authentication details. >> >> User Access Verification >> >> Username: >> >> User Access Verification >> >> Username: >> telnet> quit > > you'll have to share the o/p of clogin -d hostname with us. > ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From valvai81 at mail.comune.modena.it Fri Mar 26 08:27:22 2010 From: valvai81 at mail.comune.modena.it (Valentino Vaia) Date: Fri, 26 Mar 2010 09:27:22 +0100 Subject: [rancid] Re: Switch Allied Telesyn and Enterasys B2 In-Reply-To: References: Message-ID: <201003260827.o2Q8RMnU013347@mail.comune.modena.it> Hi Nick, My scripts works as all the others present in the rancid project. To use them You must: - modify in the directory bin of rancid the script "rancid-fe" and add in the vendor table %vendortable = ( 'at' => 'ATrancid', ) - add the script ATlogin and ATrancid in the directory bin where are stored the others scripts as *login *rancid. - In the directory var/, you must add in the "router.db" :at:up - remember to add in the ".cloginrc" the username and the password of your devices add user add password Valentino Nick Ryce ha scritto: > > Hi Valentino, > > > > Just came across your post. Where would I add the scripts so rancid > knows how to login and collect AT device info. Had a google and > everything is as clear as mud. > > > > Nick > > > > *From:* Valentino Vaia [mailto:valvai81 at gmail.com] > *Sent:* 17 March 2010 07:55 > *To:* Alan Cooper; rancid-discuss at shrubbery.net > *Subject:* Re: [rancid] Re: Switch Allied Telesyn and Enterasys B2 > > > > I use these scripts to backup AT-8000S Series. > I hope what these will be useful for you > > Valentino > > 2010/3/16 Alan Cooper > > > Hi Valentino, > > I would be most interested in the Allied Telesyn scripts and would be > most grateful if you could post to list. > > Regards, > Alan > > > -----Original Message----- > From: Valentino Vaia [mailto:valvai81 at mail.comune.modena.it > ] > Sent: 07 January 2010 14:43 > To: rancid-discuss at shrubbery.net > Cc: Alan Cooper > Subject: Switch Allied Telesyn and Enterasys B2 > > Hello, > I'm currently using rancid 2.3.2 to backup the configuration of > different vendor's switches. > I have developed some script to backup the configuration of the Allied > Telesis AT-8000S and Enterasys B2/B3. > For the Enterasys 's switch I modified the rivstone scripts. > I'm not so good as a code writer I created some scripts for the Allied > Telesis similar to the rest of the project. > I successfully tested them, and now I'm using them in production in my > enviroment. > If someone is interested please tell me, and I'll post them to the list. > > Regards > --Valentino > > -- > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender. Any > offers or quotation of service are subject to formal specification. > Errors and omissions excepted. Please note that any views or opinions > presented in this email are solely those of the author and do not > necessarily represent those of Lumison. > Finally, the recipient should check this email and any attachments for the > presence of viruses. Lumison accept no liability for any > damage caused by any virus transmitted by this email. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > -- > Valentino Vaia > Via Lugli 21/1 > Modena 41100 > cell: 328 7216808 (wind) > GMAIL: valvai81 at gmail.com > > > ------------------------------------------------------------------------ > -- > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the sender. Any > offers or quotation of service are subject to formal specification. > Errors and omissions excepted. Please note that any views or opinions > presented in this email are solely those of the author and do not > necessarily represent those of Lumison. > Finally, the recipient should check this email and any attachments for the > presence of viruses. Lumison accept no liability for any > damage caused by any virus transmitted by this email. From heas at shrubbery.net Fri Mar 26 17:44:25 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 26 Mar 2010 10:44:25 -0700 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> Message-ID: <20100326174425.GS4304@shrubbery.net> > #################################################################################### remove the #s from the banner. From Drikus.Brits at vodacom.co.za Fri Mar 26 18:18:22 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Fri, 26 Mar 2010 20:18:22 +0200 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <20100326174425.GS4304@shrubbery.net> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <20100326174425.GS4304@shrubbery.net> Message-ID: <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, March 26, 2010 7:44 PM To: Drikus Brits Cc: john heasley; Rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid issues with IOS XR > #################################################################################### remove the #s from the banner. -------------------------------------- Removing the hashes's seems to work, however , the exact same banner exists on all other IOS routers & switches without issues. It's just with IOS XR routers that I have, that it appears to break ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From heas at shrubbery.net Fri Mar 26 18:32:58 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 26 Mar 2010 11:32:58 -0700 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <20100326174425.GS4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> Message-ID: <20100326183258.GY4304@shrubbery.net> Fri, Mar 26, 2010 at 08:18:22PM +0200, Drikus Brits: > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, March 26, 2010 7:44 PM > To: Drikus Brits > Cc: john heasley; Rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid issues with IOS XR > > > #################################################################################### > > remove the #s from the banner. > > > -------------------------------------- > > Removing the hashes's seems to work, however , the exact same banner exists on all other IOS routers & switches without issues. It's just with IOS XR routers that I have, that it appears to break i presume that the IOS routers are not auto-enabling, but the XR is. From heas at shrubbery.net Sat Mar 27 01:14:38 2010 From: heas at shrubbery.net (john heasley) Date: Fri, 26 Mar 2010 18:14:38 -0700 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <8bf78fbc1003260505o2792e022sff498b237cc509ac@mail.gmail.com> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <8bf78fbc1003260505o2792e022sff498b237cc509ac@mail.gmail.com> Message-ID: <20100327011438.GA28406@shrubbery.net> Fri, Mar 26, 2010 at 08:05:10AM -0400, John Jetmore: > This looks similar to a problem we had where the '#' symbols in our > banner were being mistaken for the '#' in the enable prompt and > confusing rancid. One of my colleagues applied this patch before I > was involved in our rancid install: > > 423a428,435 > > -re ".+##########.+Verification" { > > # Account for the hosed up banner via telnet > > exp_continue > > } > > -re ".+##########.+" { > > # Account for the hosed up banner via ssh > > exp_continue > > } > > This may be a silly patch but it's worked for us and I've never had to > reevaluate it. If you used something like this you might have to > change the number of contiguous hashes based on the output you sent. nothing comes to mind thats universal. i thought # Default prompt. set prompt "(>|[^#]#| \\(enable\\))" but that doesnt cover all cases. sorry, just dont use # or > in the banner; ! perhaps. From jethro.binks at strath.ac.uk Sun Mar 28 19:34:25 2010 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Sun, 28 Mar 2010 20:34:25 +0100 (BST) Subject: [rancid] Re: figure out prompt in h3clogin fails In-Reply-To: References: Message-ID: (I wrote this but did not send it at the time; subsequently I have sent Stefan a new version to try which fixes some issues). On Fri, 26 Mar 2010, Stefan Juon wrote: > Nice to meet u Jethro and thank you for you effort for h3clogin ;-) I > try to make rancid work against a H3C S5120 (and furthermore a S7500E, > S5800). Once I set NOPIPE=y the .new and .raw are touched. However there > is no new information: > > .new: > !RANCID-CONTENT-TYPE: h3c > ! > > .raw: > npd0011 > spawn ssh -c 3des -x -l rancid npd0011 > rancid at npd0011's password: > > undo terminal monitor > Info: Current terminal monitor is off. > > > > Error: TIMEOUT reached > > Am I right the after sending \r the prompt is automaticlly determined? Something like that, but it can be very fragile across different boxes. I have a question: I have one (3Com-branded) 4800G (apparently the same as the H3C-branded S5500, but not the same as the 3Com-branded 5500) which issues bell (ding!) when it prints the prompt. Does your model happen to do this? I will be away next week so may not get to look at this any more. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From Drikus.Brits at vodacom.co.za Mon Mar 29 05:18:42 2010 From: Drikus.Brits at vodacom.co.za (Drikus Brits) Date: Mon, 29 Mar 2010 07:18:42 +0200 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <20100326183258.GY4304@shrubbery.net> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <20100326174425.GS4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> <20100326183258.GY4304@shrubbery.net> Message-ID: <2462C3A55E5DA04395C77B0400E5300306D81275E5@ZAMDC02104.vodacom.corp> -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, March 26, 2010 8:33 PM To: Drikus Brits Cc: john heasley; Rancid-discuss at shrubbery.net Subject: Re: [rancid] rancid issues with IOS XR Fri, Mar 26, 2010 at 08:18:22PM +0200, Drikus Brits: > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, March 26, 2010 7:44 PM > To: Drikus Brits > Cc: john heasley; Rancid-discuss at shrubbery.net > Subject: Re: [rancid] rancid issues with IOS XR > > > #################################################################################### > > remove the #s from the banner. > > > -------------------------------------- > > Removing the hashes's seems to work, however , the exact same banner exists on all other IOS routers & switches without issues. It's just with IOS XR routers that I have, that it appears to break i presume that the IOS routers are not auto-enabling, but the XR is. ----------------------------------- That would be correct, the IOS routers are not auto=enabling. Removing the #'s from my banner works , but would mean that I would need to update at least 200+ core routers to have a set standard across all routers, or go with a slight difference on my IOS XR routers. d. ?This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp " From perc69 at gmail.com Mon Mar 29 08:26:16 2010 From: perc69 at gmail.com (Per Carlson) Date: Mon, 29 Mar 2010 10:26:16 +0200 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D81275E5@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <20100326174425.GS4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> <20100326183258.GY4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D81275E5@ZAMDC02104.vodacom.corp> Message-ID: <746ca6da1003290126wf394a1fm52ccae10f22a5e56@mail.gmail.com> Hi. > That would be correct, the IOS routers are not auto=enabling. Removing the #'s from my banner works , but would mean that I would need to update at least 200+ core routers to have a set standard across all routers, or go with a slight difference on my IOS XR routers. As clogin works today, '#' in a login banner together with -autoenable won't work. You are not totally out of luck though: you can easily change the login banner on the IOS-devices with clogin :-) -- Pelle A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? From heas at shrubbery.net Mon Mar 29 16:35:44 2010 From: heas at shrubbery.net (john heasley) Date: Mon, 29 Mar 2010 09:35:44 -0700 Subject: [rancid] Re: rancid issues with IOS XR In-Reply-To: <2462C3A55E5DA04395C77B0400E5300306D81275E5@ZAMDC02104.vodacom.corp> References: <2462C3A55E5DA04395C77B0400E5300306D8126B02@ZAMDC02104.vodacom.corp> <20100325201653.GC4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D8126C56@ZAMDC02104.vodacom.corp> <20100326174425.GS4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D812749B@ZAMDC02104.vodacom.corp> <20100326183258.GY4304@shrubbery.net> <2462C3A55E5DA04395C77B0400E5300306D81275E5@ZAMDC02104.vodacom.corp> Message-ID: <20100329163543.GN7336@shrubbery.net> Mon, Mar 29, 2010 at 07:18:42AM +0200, Drikus Brits: > That would be correct, the IOS routers are not auto=enabling. Removing the #'s from my banner works , but would mean that I would need to update at least 200+ core routers to have a set standard across all routers, or go with a slight difference on my IOS XR routers. you can use clogin to modify the ones where clogin works and if you hack clogin for the time being as the other user suggested you can modify all of them. From denaccie at gmail.com Wed Mar 31 13:55:36 2010 From: denaccie at gmail.com (My Name) Date: Wed, 31 Mar 2010 09:55:36 -0400 Subject: [rancid] Fwd: rancid In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: My Name Date: Wed, Mar 31, 2010 at 9:41 AM Subject: rancid To: cisco-nsp at puck.nether.net I am using rancid for configuration management, it's working well except that on a GSR I keep getting diff changes on the uptime change, how do I correct this issue? as always, thanx for the help Joe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100331/7300691a/attachment.html