From mark.tinka at seacom.mu Fri Aug 1 06:28:22 2014 From: mark.tinka at seacom.mu (Mark Tinka) Date: Fri, 1 Aug 2014 08:28:22 +0200 Subject: [rancid] Ignoring (Boot)Flash Changes (IOS and IOS XE) - Update! In-Reply-To: <201407281511.10356.mark.tinka@seacom.mu> References: <201407231702.45031.mark.tinka@seacom.mu> <201407250839.37104.mark.tinka@seacom.mu> <201407281511.10356.mark.tinka@seacom.mu> Message-ID: <201408010828.22510.mark.tinka@seacom.mu> On Monday, July 28, 2014 03:11:10 PM Mark Tinka wrote: > I now need to quiet down the "tracelogs" noise. Managed to sort this out. I created another section dedicated to "harddisk", since the existing one only handles "bootflash", and the "tracelogs" are coming from the "harddisk": ----- # filter frequently changing files from IOX harddisk if ($dev =~ /harddisk/) { next if (/temp_cont\s*$/); next if (/uptime_cont\s*$/); next if (/tracelogs\s*$/); } ----- Cheers, Mark. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. URL: From ricardo.ferreira at elephanttalk.com Mon Aug 4 13:16:03 2014 From: ricardo.ferreira at elephanttalk.com (Ricardo Ferreira) Date: Mon, 4 Aug 2014 15:16:03 +0200 Subject: [rancid] Setup SSH login method on a non-default port Message-ID: <53DF8793.4000005@elephanttalk.com> Hello everyone, First of all, I am not sure if this is the right place to ask questions. I am having an hard time configuring rancid to ssh into a zebra router running on an non-default SSH port. According to the manual, this works fine for telnet, but I see no reference in regards to SSH. / //*add*// //*method*// //**// //*{ssh}*// //*[{...}]*// Defines, in order, the connection methods to use for a device from the set {ssh, telnet, rsh}. Method telnet may have a suffix, indicating an alternate TCP port, of the form ":port". Note: Different versions of telnet treat the specification of a port differently. In particular, BSD derived telnets do not do option negotiation when a port is given. Some devices, Extreme switches for example, have undesirable telnet default options such as linemode. In the BSD case, to enable option negotiation when specifying a port the method should be "{telnet:-23}" or you should add "mode character" to .telnetrc. See //*telnet(1)*// for more information on telnet command-line syntax, telnet options, and .telnetrc. Example: add method * {ssh} {telnet:-3000} {rsh}/ I have tried without success: /add//method hostname {ssh: 2222}// //and also adding the host with the correct port into //.ssh/config/ Results: clogin error: Error: Connection Refused (ssh): Do you know if rancid supports logging in via SSH into a non-default port? Thanks for your time -- - no title specified Kind regards / Met vriendelijke groet / Saludos, Ricardo Ferreira Core IP Network Elephant Talk Communications -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.Ede at birchenallhowden.co.uk Mon Aug 4 13:38:46 2014 From: J.Ede at birchenallhowden.co.uk (Jason Ede) Date: Mon, 4 Aug 2014 13:38:46 +0000 Subject: [rancid] Mikrotik and last status on email... Message-ID: We're trying to monitor the config in our mikrotiks with rancid. However, in the config we're getting the last-status=succeeded appearing and disappearing from the /tool email line as shown below. - set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk last-status=succeeded password=password port=25 start-tls=yes user=someuser + set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk + password=password port=25 start-tls=yes + user=someuser Is there a way I can easily modify mtrancid to ignore whether last-status is there or not or even just remove it from the output so it doesn't even go into the CVS (it's not needed if need to restore configs). At last check for config on 1 router we've over 200 config versions all with the same change flipping back and forth... Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From alan.mckinnon at gmail.com Mon Aug 4 14:14:52 2014 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 04 Aug 2014 16:14:52 +0200 Subject: [rancid] Mikrotik and last status on email... In-Reply-To: References: Message-ID: <53DF955C.3030100@gmail.com> On 04/08/2014 15:38, Jason Ede wrote: > We?re trying to monitor the config in our mikrotiks with rancid. > However, in the config we?re getting the last-status=succeeded appearing > and disappearing from the /tool email line as shown below. > > > > > > - set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk > last-status=succeeded > password=password port=25 start-tls=yes user=someuser > > + set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk > > > + password=password port=25 start-tls=yes > > + user=someuser > > > > Is there a way I can easily modify mtrancid to ignore whether > last-status is there or not or even just remove it from the output so it > doesn?t even go into the CVS (it?s not needed if need to restore configs). This is an FAQ, check the archives for many requests to do this kind of thing on many devices. Basically, check @command table in mtrancid for the command that produces that output, identify the sub that deals with the output and add your custom bit in the body of the while loop: To discard the changing part, something like /^(set address=/S+/s/S+).*$/ && ProcessHistory(xxxxxxxxxxxxxx) && next; To discard the line entirely: /^(set address=/S+/s/S+).*$/ && next; I'm not familiar with Microtik to be able to say what goes in the ProcessHistory call marked "xxxxxxxxxxxxxxx". If you want to use that first snippet, you can probably copy-paste the existing ProcessHistory call towards the end of the while loop. It's very obvious with a little perl- and regex-fu how it should all go together Disclaimer: Those regexes may or may not work :-) I typed them without having a reference handy and we all know that a regex is defined as "a programming construct that is guaranteed to fail the first 5 times you try get it right" > > > > At last check for config on 1 router we?ve over 200 config versions all > with the same change flipping back and forth? > > > > Jason > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Mon Aug 4 14:28:34 2014 From: heas at shrubbery.net (heasley) Date: Mon, 4 Aug 2014 14:28:34 +0000 Subject: [rancid] Mikrotik and last status on email... In-Reply-To: <53DF955C.3030100@gmail.com> References: <53DF955C.3030100@gmail.com> Message-ID: <20140804142834.GB66569@shrubbery.net> Mon, Aug 04, 2014 at 04:14:52PM +0200, Alan McKinnon: > On 04/08/2014 15:38, Jason Ede wrote: > > We?re trying to monitor the config in our mikrotiks with rancid. > > However, in the config we?re getting the last-status=succeeded appearing > > and disappearing from the /tool email line as shown below. > > > > > > > > > > > > - set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk > > last-status=succeeded > > password=password port=25 start-tls=yes user=someuser > > > > + set address=xxx.xxx.xxx.xxx from=mikrotik at birchenallhowden.co.uk > > > > > > + password=password port=25 start-tls=yes > > > > + user=someuser is *any* of that relevant configuration? what does it do? is there something about your configuration that is causing this for you but not others, Jason? Is it just a difference in s/w version? > > > > > > Is there a way I can easily modify mtrancid to ignore whether > > last-status is there or not or even just remove it from the output so it > > doesn?t even go into the CVS (it?s not needed if need to restore configs). > > This is an FAQ, check the archives for many requests to do this kind of > thing on many devices. > > Basically, check @command table in mtrancid for the command that > produces that output, identify the sub that deals with the output and > add your custom bit in the body of the while loop: > > To discard the changing part, something like > > /^(set address=/S+/s/S+).*$/ && > ProcessHistory(xxxxxxxxxxxxxx) && next; > > To discard the line entirely: > > /^(set address=/S+/s/S+).*$/ && next; > > > I'm not familiar with Microtik to be able to say what goes in the > ProcessHistory call marked "xxxxxxxxxxxxxxx". If you want to use that > first snippet, you can probably copy-paste the existing ProcessHistory > call towards the end of the while loop. > > It's very obvious with a little perl- and regex-fu how it should all go > together > > > Disclaimer: Those regexes may or may not work :-) I typed them without > having a reference handy and we all know that a regex is defined as "a > programming construct that is guaranteed to fail the first 5 times you > try get it right" > > > > > > > > > > > > > At last check for config on 1 router we?ve over 200 config versions all > > with the same change flipping back and forth? > > > > > > > > Jason > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > -- > Alan McKinnon > alan.mckinnon at gmail.com > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Emmanuel.Halbwachs at obspm.fr Mon Aug 4 14:32:24 2014 From: Emmanuel.Halbwachs at obspm.fr (Emmanuel Halbwachs) Date: Mon, 4 Aug 2014 16:32:24 +0200 Subject: [rancid] Setup SSH login method on a non-default port In-Reply-To: <53DF8793.4000005@elephanttalk.com> References: <53DF8793.4000005@elephanttalk.com> Message-ID: <20140804143224.GZ8386@funk.lan> Hello, Ricardo Ferreira (Mon 2014-08-04 15:16:03 +0200) : > I am having an hard time configuring rancid to ssh into a zebra > router running on an non-default SSH port. > [...] > Do you know if rancid supports logging in via SSH into a non-default > port? Why not do this at the ssh level? In your $HOME/.ssh/config: Host zebra HostName zebra.example.org Port 2222 HTH, -- Emmanuel Halbwachs Observatoire de Paris Resp. R?seau/S?curit?/Infrastructure 5 Place Jules Janssen tel : +33 1 45 07 75 54 F 92195 MEUDON CEDEX v?hicules (GPS) : face 32 av. Marcellin Berthelot From prt at prt.org Mon Aug 4 14:59:57 2014 From: prt at prt.org (Paul Thornton) Date: Mon, 04 Aug 2014 15:59:57 +0100 Subject: [rancid] Setup SSH login method on a non-default port In-Reply-To: <53DF8793.4000005@elephanttalk.com> References: <53DF8793.4000005@elephanttalk.com> Message-ID: <53DF9FED.6060405@prt.org> On 04/08/2014 14:16, Ricardo Ferreira wrote: > I have tried without success: > /add//method hostname {ssh: 2222}// > //and also adding the host with the correct port into //.ssh/config/ > > Results: > clogin error: Error: Connection Refused (ssh): > > Do you know if rancid supports logging in via SSH into a non-default port? > Thanks for your time I think you need to have this configured like: add method router.hostname ssh:2222 (no space between the ssh: and the port number) and it should work. Paul. From mgoeres at gmail.com Fri Aug 15 15:41:41 2014 From: mgoeres at gmail.com (Matthew Goeres) Date: Fri, 15 Aug 2014 10:41:41 -0500 Subject: [rancid] Fortigate Fnlogin / Fnrancid Sending Premature Exit and showing up in diffs Message-ID: Hello, We have an issue with nearly all of our Fortigate firewalls where we get an extra exit in the config randomly somewhere in the config. I can't seem to put any rhyme or reason to why it is occurring and can't seem to figure out where in the script it decides it is done running the command table and to send the exit to close the shell. Line 382 is an example of the exit. 376: set tab-id 1 377: set column 1 378: next 379: edit 4 380: set widget-type sysres 381: set tab-id 1 382: exit 383: set column 2 384: set time-period 0 385: set chart-color 0 386: next 387: edit 5 388: set widget-type sessions 389: set tab-id 1 390: set column 2 391: next Line 262 is another example here: 255: next 256: edit "port8" 257: set vdom "MGMT" 258: set mode dhcp 259: set allowaccess ping https ssh fgfm 260: set type physical 261: set defaultgw enable 262: exit 263: next 264: edit "AuthLink0" 265: set vdom "root" 266: set ip 169.254.255.1 255.255.255.252 267: set allowaccess ping 268: set type vdom-link 269: next Thanks, Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From trent at appliedtrust.com Mon Aug 25 20:35:08 2014 From: trent at appliedtrust.com (Trnet R. Hein) Date: Mon, 25 Aug 2014 14:35:08 -0600 Subject: [rancid] Sweet: new open source router/device config monitoring tool - inspired by RANCID Message-ID: <53FB9DFC.4020001@atrust.com> Folks, For years, we've utilized RANCID, and found it to be invaluable. It's been our watchful eye, and our savior, many times. It is with great respect for and inspiration by RANCID that we've written a similar open source tool, in the Go programming language and using git as its native repository. A few highlights: + Stores device configs in Git + Simple configuration file + Single binary - only runtime dependency is Git + Email notifications + Built-in web status dashboard + Embedded Cisco IOS/ASA support + Supports external collection scripts (such as clogin, jlogin, etc.) + Currently supports Linux and OSX Check it out at http://gosweet.org We hope this tool will be as useful to you as RANCID has been to us. Cheers, -TR -- Trent R. Hein -- http://appliedtrust.com/trent AppliedTrust - http://appliedtrust.com - 303.245.4524 From Shaun.Krok at 888holdings.com Wed Aug 27 11:47:04 2014 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Wed, 27 Aug 2014 11:47:04 +0000 Subject: [rancid] BIG IP v.11 multiple partitions and rancid Message-ID: <57FD84723C05BB4FA3BB5F66AC609F640672E926@XCH-IL-MB2.888holdings.corp> Hi I am busy to integrate Rancid into our network and have an issue with partitions on BIG IP LTM v11.x All works fine but Rancid does not backup all partitions ... I am using the script from GIT with TMSH commands This command work from bash : tmsh -q -c "cd /; list recursive" but does not from the script .. This is a snip from the forum where the issue was identified but is anyone aware if there is a fix : Thanks Shaun here is a working tmsh version in the rancid git repo. The only thing that doesn't work when adjusting the script to list all partition co config is a tmsh -q -c "cd /; list recursive" - it errors out due to extra double quotes required by the -c option. On Dec 6, 2012 8:57 PM, "Darius Seroka" > wrote: Shaun Krok Network Team Herzliya Business Park Herzliya Pituach 46140 Israel Telephone: +972 (0)732889406 Mobile: +972 (0)50 2424381 email:shaun.krok at 888holdings.com [Description: Description: Description: Description: Description: 888] [Description: Description: 888] This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the "888 Group") and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 5415 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.gif Type: image/gif Size: 13717 bytes Desc: image002.gif URL: From Shaun.Krok at 888holdings.com Wed Aug 27 11:41:03 2014 From: Shaun.Krok at 888holdings.com (Shaun Krok) Date: Wed, 27 Aug 2014 11:41:03 +0000 Subject: [rancid] BIG IP v.11 multiple partitions and rancid Message-ID: <57FD84723C05BB4FA3BB5F66AC609F640672E8A3@XCH-IL-MB2.888holdings.corp> Hi I am busy to integrate Rancid into our network and have an issue with partitions on BIG IP LTM v11.x All works fine but Rancid does not backup all partitions ... I am using the script from GIT with TMSH commands This command work from bash : tmsh -q -c "cd /; list recursive" but does not from the script .. This is a snip from the forum where the issue was identified but is anyone aware if there is a fix : Thanks Shaun here is a working tmsh version in the rancid git repo. The only thing that doesn't work when adjusting the script to list all partition co config is a tmsh -q -c "cd /; list recursive" - it errors out due to extra double quotes required by the -c option. On Dec 6, 2012 8:57 PM, "Darius Seroka" > wrote: Shaun Krok Network Team Herzliya Business Park Herzliya Pituach 46140 Israel Telephone: +972 (0)732889406 Mobile: +972 (0)50 2424381 email:shaun.krok at 888holdings.com [Description: Description: Description: Description: Description: 888] [Description: Description: 888] This email message and its attachments are for the sole use of the intended recipient(s) and may not be shared with any other party. They may contain confidential information of 888 Holdings plc or its direct and indirect subsidiaries (together, the "888 Group") and are to be regarded as confidential information under any non-disclosure agreement. Any review, use, disclosure or distribution by persons or entities other than the intended recipient(s) is prohibited. Nothing in this message is capable of or intended to create any legally binding obligation. The 888 Group will only ever assume a legally binding obligation where recorded in a written agreement duly executed by the authorized signatories of the relevant 888 Group company. The 888 Group accepts no liability for any personal views expressed in this message. If you are not the intended recipient, please contact the sender by return and destroy all copies of the original message and its attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 5415 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.gif Type: image/gif Size: 13717 bytes Desc: image002.gif URL: