From me at falz.net  Wed Aug  1 00:40:28 2018
From: me at falz.net (Chris Wopat)
Date: Tue, 31 Jul 2018 19:40:28 -0500
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <20180731211419.GI72511@shrubbery.net>
References: <CALsLHchRy9KS2vMsU34Qqg+eZkgiJT79Ng=NZzf4i2AZyW5Y+g@mail.gmail.com>
 <20180731211419.GI72511@shrubbery.net>
Message-ID: <CALsLHcionKAdWfy3vtuCNfpXsL0DLTUOA7brJ8YS5mup8i89Pg@mail.gmail.com>

On Tue, Jul 31, 2018 at 4:14 PM, heasley <heas at shrubbery.net> wrote:
>
> This is from:
> r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines
>
> fnrancid: update recent fortinet software - Diego Ercolani
> Cleaned-up a little by me.
>
> afaict, the justification for full-configuration was so that VDOMs would
> be included in the output.  perhaps this behavior has changed since this
> change??  I have none of these devices.
>

I had previously never used a vdom, but i just created one with:

config system global
set vdom-admin enable
config vdom
edit test-vdom
config system settings
set status enable

.. then let it run with just 'show' and it certainly shows it (its much
more than this, it created a cert and and a bunch of other stuff), This is
FortiOS 5.6.3.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180731/d0fdff1b/attachment.html>

From nick.nauwelaerts at aquafin.be  Wed Aug  1 08:37:03 2018
From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts)
Date: Wed, 1 Aug 2018 08:37:03 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <639c2aeb-8d74-8c38-39c0-e83b3f09c263@keystonenap.com>
References: <CALsLHchRy9KS2vMsU34Qqg+eZkgiJT79Ng=NZzf4i2AZyW5Y+g@mail.gmail.com>
 <20180731211419.GI72511@shrubbery.net>
 <639c2aeb-8d74-8c38-39c0-e83b3f09c263@keystonenap.com>
Message-ID: <23699c0fc7084cffa45244728cd3724e@aquafin.be>

hm,
i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.

would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?

thx

// nick


From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Doug Hughes
Sent: Tuesday, July 31, 2018 23:18
To: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortigate additional tweaks and device filters




On 7/31/2018 5:14 PM, heasley wrote:

Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:

Hi Heasley and folks,



Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to

filter out some additional chattiness, see:



http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html

http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html



A few people chimed in seeming to be OK with the propsed changes, which are

to filter these things:



next if (/^\s*IPS-ETDB: .*/);

next if (/^\s*APP-DB: .*/);

next if (/^\s*IPS Malicious URL Database: .*/);

next if (/^\s*Botnet DB: .*/);



Mentioning this as 3.8 came out and i didn't notice any of these included.



We have an additional fortigate tweak we make every time we update too,

which to change from 'show full-configuration' to just 'show' in

@commandtable. 'full-configuration' shows default config, just like the

cisco 'full' command. It's really not necessary IMO.



This is from:

r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines



fnrancid: update recent fortinet software - Diego Ercolani

Cleaned-up a little by me.



afaict, the justification for full-configuration was so that VDOMs would

be included in the output.  perhaps this behavior has changed since this

change??  I have none of these devices.

I think you are right.. I have a vague recollection of this as well.
--
Doug Hughes
Keystone NAP
Fairless Hills, PA
1.844.KEYBLOCK (439.2562)

[http://www.keystonenap.com/wp-content/themes/keystoneNAP/images/keystone-nap-logo.png]



________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

[https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
  P Denk aan het milieu. Druk deze mail niet onnodig af.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180801/b50ea6dd/attachment.html>

From heas at shrubbery.net  Wed Aug  1 15:35:13 2018
From: heas at shrubbery.net (heasley)
Date: Wed, 1 Aug 2018 15:35:13 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
References: <CALsLHchRy9KS2vMsU34Qqg+eZkgiJT79Ng=NZzf4i2AZyW5Y+g@mail.gmail.com>
 <20180731211419.GI72511@shrubbery.net>
 <639c2aeb-8d74-8c38-39c0-e83b3f09c263@keystonenap.com>
 <23699c0fc7084cffa45244728cd3724e@aquafin.be>
Message-ID: <20180801153513.GC39565@shrubbery.net>

Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
> hm,
> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
> 
> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?

Could be; what are they?  version stamp of what exactly?

> thx
> 
> // nick
> 
> 
> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Doug Hughes
> Sent: Tuesday, July 31, 2018 23:18
> To: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Fortigate additional tweaks and device filters
> 
> 
> 
> 
> On 7/31/2018 5:14 PM, heasley wrote:
> 
> Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
> 
> Hi Heasley and folks,
> 
> 
> 
> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
> 
> filter out some additional chattiness, see:
> 
> 
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html
> 
> 
> 
> A few people chimed in seeming to be OK with the propsed changes, which are
> 
> to filter these things:
> 
> 
> 
> next if (/^\s*IPS-ETDB: .*/);
> 
> next if (/^\s*APP-DB: .*/);
> 
> next if (/^\s*IPS Malicious URL Database: .*/);
> 
> next if (/^\s*Botnet DB: .*/);
> 
> 
> 
> Mentioning this as 3.8 came out and i didn't notice any of these included.
> 
> 
> 
> We have an additional fortigate tweak we make every time we update too,
> 
> which to change from 'show full-configuration' to just 'show' in
> 
> @commandtable. 'full-configuration' shows default config, just like the
> 
> cisco 'full' command. It's really not necessary IMO.
> 
> 
> 
> This is from:
> 
> r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines
> 
> 
> 
> fnrancid: update recent fortinet software - Diego Ercolani
> 
> Cleaned-up a little by me.
> 
> 
> 
> afaict, the justification for full-configuration was so that VDOMs would
> 
> be included in the output.  perhaps this behavior has changed since this
> 
> change??  I have none of these devices.
> 
> I think you are right.. I have a vague recollection of this as well.
> --
> Doug Hughes
> Keystone NAP
> Fairless Hills, PA
> 1.844.KEYBLOCK (439.2562)
> 
> [http://www.keystonenap.com/wp-content/themes/keystoneNAP/images/keystone-nap-logo.png]
> 
> 
> 
> ________________________________
> 
> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.
> 
> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>   P Denk aan het milieu. Druk deze mail niet onnodig af.

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From nick.nauwelaerts at aquafin.be  Wed Aug  1 19:22:42 2018
From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts)
Date: Wed, 1 Aug 2018 19:22:42 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <20180801153513.GC39565@shrubbery.net>
References: <CALsLHchRy9KS2vMsU34Qqg+eZkgiJT79Ng=NZzf4i2AZyW5Y+g@mail.gmail.com>
 <20180731211419.GI72511@shrubbery.net>
 <639c2aeb-8d74-8c38-39c0-e83b3f09c263@keystonenap.com>
 <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <20180801153513.GC39565@shrubbery.net>
Message-ID: <b068266ef4cd45418f64acbe928c9f34@aquafin.be>

they're a combination of version & download time as i understand it.

they can be either manually updated or via a scheduled run, but for most if not all a valid support contract is required.
the reason why i prefer this info to be available is because some also change parts of the running config, though as far as i can tell this is only for autoupdating ips rules.

(example of an autoupdate 2 weeks ago)

 #Version: FortiGate-800C XXX
 #Extreme DB: 1.00000(2012-10-17 15:47)
-#IPS-ETDB: 13.00413(2018-07-17 00:10)
+#IPS-ETDB: 13.00414(2018-07-18 00:13)
 #Serial-Number: FG800XXX
 #Botnet DB: 4.00261(2018-06-22 10:09)
 #BIOS version: XXX
@@ -39065,10 +39065,14 @@
 end
 config ips rule "Adobe.Acrobat.PDF.XSL.Engine.Javascript.Handling.Use.After.Free"
 end
+config ips rule "Adobe.Acrobat.PDF.U3D.Data.Stream.PICT.Memory.Corruption"
+end
 config ips rule "Adobe.Acrobat.EMF.EmfPlusObject.Memory.Corruption"
 end
 config ips rule "Adobe.Acrobat.XPS2PDF.Cmap.Encoding.Information.Disclosure"
 end
+config ips rule "Adobe.Acrobat.PDF.LZW.Decoding.Memory.Corruption"
+end
 config ips rule "Adobe.Acrobat.PDF.Javascript.Annotation.Out.of.Bounds.Read"
 end
 config ips rule "Adobe.Acrobat.EMF.EmfPlusDrawLines.PointData.Heap.Overflow"



i guess you could argue that the information thats being filtered is somewhat incomplete to begin with, since for example for antivirus you get the av definitions version but lack the av engine version. as i understand it this was due to the way how firewalls with or without vdoms parse their commands?



FG800C # config global
FG800C (global) # diagnose autoupdate versions
AV Engine
---------
Version: 5.00178
Contract Expiry Date: Sun Oct 28 2018
Last Updated using manual update on Thu Jun 30 14:26:00 2016
Last Update Attempt: Wed Aug  1 01:58:39 2018
Result: No Updates

Virus Definitions
---------
Version: 61.00126
Contract Expiry Date: Sun Oct 28 2018
Last Updated using scheduled update on Wed Aug  1 01:58:39 2018
Last Update Attempt: Wed Aug  1 01:58:39 2018
Result: Updates Installed

<snip>

Vulnerability Compliance and Management
---------
Version: 1.00384
Contract Expiry Date: Sun Oct 28 2018
Last Updated using manual update on Fri Oct  2 23:54:00 2015
Last Update Attempt: n/a
Result: Updates Installed




// nick




-----Original Message-----
From: heasley [mailto:heas at shrubbery.net] 
Sent: Wednesday, August 1, 2018 17:35
To: Nick Nauwelaerts <nick.nauwelaerts at aquafin.be>
Cc: Doug Hughes <doug.hughes at keystonenap.com>; rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortigate additional tweaks and device filters

Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
> hm,
> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
> 
> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?

Could be; what are they?  version stamp of what exactly?

> thx
> 
> // nick
> 
> 
> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Doug Hughes
> Sent: Tuesday, July 31, 2018 23:18
> To: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Fortigate additional tweaks and device filters
> 
> 
> 
> 
> On 7/31/2018 5:14 PM, heasley wrote:
> 
> Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
> 
> Hi Heasley and folks,
> 
> 
> 
> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
> 
> filter out some additional chattiness, see:
> 
> 
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html
> 
> 
> 
> A few people chimed in seeming to be OK with the propsed changes, which are
> 
> to filter these things:
> 
> 
> 
> next if (/^\s*IPS-ETDB: .*/);
> 
> next if (/^\s*APP-DB: .*/);
> 
> next if (/^\s*IPS Malicious URL Database: .*/);
> 
> next if (/^\s*Botnet DB: .*/);
> 
> 
> 
> Mentioning this as 3.8 came out and i didn't notice any of these included.
> 
> 
> 
> We have an additional fortigate tweak we make every time we update too,
> 
> which to change from 'show full-configuration' to just 'show' in
> 
> @commandtable. 'full-configuration' shows default config, just like the
> 
> cisco 'full' command. It's really not necessary IMO.
> 
> 
> 
> This is from:
> 
> r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines
> 
> 
> 
> fnrancid: update recent fortinet software - Diego Ercolani
> 
> Cleaned-up a little by me.
> 
> 
> 
> afaict, the justification for full-configuration was so that VDOMs would
> 
> be included in the output.  perhaps this behavior has changed since this
> 
> change??  I have none of these devices.
> 
> I think you are right.. I have a vague recollection of this as well.
> --
> Doug Hughes
> Keystone NAP
> Fairless Hills, PA
> 1.844.KEYBLOCK (439.2562)
> 
> [http://www.keystonenap.com/wp-content/themes/keystoneNAP/images/keystone-nap-logo.png]
> 
> 
> 
> ________________________________
> 
> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.
> 
> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>   P Denk aan het milieu. Druk deze mail niet onnodig af.

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss


From me at falz.net  Thu Aug  2 14:25:30 2018
From: me at falz.net (Chris Wopat)
Date: Thu, 2 Aug 2018 09:25:30 -0500
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
Message-ID: <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>

> Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
>> hm,
>> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
>>
>> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?
> Could be; what are they?  version stamp of what exactly?
> 


My additions to filter are based on the fact that there's already a 
block of these being filtered, this is just 'more of the same' chatty 
stuff that changes daily.

I'd say go one way or another- add more similar filters (my suggestion) 
or do none or have a toggle-able option. FILTER_OSC sounds more like 
it's for security stuff, so that doesn't seem like the best fit to me.

Has a new FILTER_CRUFT type of option been discussed in the past? Unsure 
if this fits the category of any other previously discussed things.

--Chris


From heas at shrubbery.net  Thu Aug  2 22:15:48 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 2 Aug 2018 22:15:48 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
Message-ID: <20180802221548.GA9206@shrubbery.net>

Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
> > Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
> >> hm,
> >> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
> >>
> >> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?
> > Could be; what are they?  version stamp of what exactly?
> > 
> 
> 
> My additions to filter are based on the fact that there's already a 
> block of these being filtered, this is just 'more of the same' chatty 
> stuff that changes daily.
> 
> I'd say go one way or another- add more similar filters (my suggestion) 
> or do none or have a toggle-able option. FILTER_OSC sounds more like 
> it's for security stuff, so that doesn't seem like the best fit to me.
> 
> Has a new FILTER_CRUFT type of option been discussed in the past? Unsure 
> if this fits the category of any other previously discussed things.

it was intended for stuff that oscillated but is still desirable (by some).
so, seems to fit the application, perhaps for the other similar filters.
again, i dont know the platform, so I need input.


From nick.nauwelaerts at aquafin.be  Fri Aug  3 15:34:05 2018
From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts)
Date: Fri, 3 Aug 2018 15:34:05 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <20180802221548.GA9206@shrubbery.net>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
 <20180802221548.GA9206@shrubbery.net>
Message-ID: <7f42ce1b97184b7db7cb34174fb0dba0@aquafin.be>

i guess the fortinet module could use some polishing. it does a great job for getting a complete running config backup. but other information could certainly be welcome to.

perhaps i'll have a look at converting it to a library later on, then you can just comment out the modules you have no interest in. but that will have to wait until i get aerohive hiveos polished a bit.

// nick


-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley
Sent: Friday, August 3, 2018 00:16
To: Chris Wopat <me at falz.net>
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortigate additional tweaks and device filters

Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
> > Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
> >> hm,
> >> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
> >>
> >> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?
> > Could be; what are they?  version stamp of what exactly?
> >
>
>
> My additions to filter are based on the fact that there's already a
> block of these being filtered, this is just 'more of the same' chatty
> stuff that changes daily.
>
> I'd say go one way or another- add more similar filters (my suggestion)
> or do none or have a toggle-able option. FILTER_OSC sounds more like
> it's for security stuff, so that doesn't seem like the best fit to me.
>
> Has a new FILTER_CRUFT type of option been discussed in the past? Unsure
> if this fits the category of any other previously discussed things.

it was intended for stuff that oscillated but is still desirable (by some).
so, seems to fit the application, perhaps for the other similar filters.
again, i dont know the platform, so I need input.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

________________________________

Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>

In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.

[https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
  P Denk aan het milieu. Druk deze mail niet onnodig af.


From me at falz.net  Fri Aug  3 16:29:03 2018
From: me at falz.net (Chris Wopat)
Date: Fri, 3 Aug 2018 11:29:03 -0500
Subject: [rancid] Ciena Waveserver 1.6 - fluctuating power values + other
 improvement suggestions
Message-ID: <CALsLHcgR3YQ_MeF7MSvoPS+YAvGC=N=MgHozvq85cgLcUr0SJw@mail.gmail.com>

We recently upgraded some Ciena Waveservers to v1.6, Ciena added power draw
info to the output of "show chassis". That value fluctuates a lot, causing
diffs on most rancid-runs. looking to see the best method to filter it out.

Attached is a .txt file (or see
https://falz.net/static/waveserver-1.6-chassis.txt)  with sample output
from 1.5 and 1.6m where the power column was added as well as a new box
displaying a total power value, which also fluctuates.

Is there a quick and easy way to filter out just the power values? If not,
a proposed solution would be to run these commands instead of 'chassis
show':

chassis show capabilities
chassis show mac

These would not show the power related info, but it would show the rest of
whats normally in the 'chassis show command'.

While looking in to this issue, we also notice that the command 'software
show' is run, but our diffs never show the output of it. If i run this via
command line, it does show output.

Lastly, there's a few other useful commands that I could see being added
fairly painlessly that show some useful information. Some of these came
from looking at what Juniper does already and some are unique to Fortigate
(the service things).

alarm show
blade show
license client show
license file list
service-domain show
service show map
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180803/2cdd1275/attachment.html>
-------------- next part --------------
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! saos 1.6

waveserver-v1.6# chassis show

<snip static stuff>

! 
! +------------------ CHASSIS POWER SUMMARY ------------------+
! | Parameter                   | Value                       |
! +-----------------------------+-----------------------------+
! | Total Power (W)             |                       564.0 |
! +-----------------------------+-----------------------------+
! 
! +------------------------------------ POWER SUPPLY STATUS ---------------------------------------+-----------+
! | Slot   | Admin    | Oper   | Type    | Model            | Serial Number | Part Number / Rev    | Power (W) |
! +--------+----------+--------+---------+------------------+---------------+----------------------+-----------+
! | PSU-1  | Enabled  | Normal | DC      | WS DC PSU        | blah          |    186-1501-900/AB   |     255.5 |
! +--------+----------+--------+---------+------------------+---------------+----------------------+-----------+
! | PSU-2  | Enabled  | Normal | DC      | WS DC PSU        | blah          |    186-1501-900/AB   |     308.5 |
! +--------+----------+--------+---------+------------------+---------------+----------------------+-----------+


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! saos 1.5

waveserver-v1.5# chassis show

<snip static stuff>

!
! +------------------------------------ POWER SUPPLY STATUS ---------------------------------------+
! | Slot   | Admin    | Oper   | Type    | Model            | Serial Number | Part Number / Rev    |
! +--------+----------+--------+---------+------------------+---------------+----------------------+
! | PSU-1  | Enabled  | Normal | DC      | WS DC PSU        | blah          |    186-1501-900/AB   |
! +--------+----------+--------+---------+------------------+---------------+----------------------+
! | PSU-2  | Enabled  | Normal | DC      | WS DC PSU        | blah          |    186-1501-900/AB   |
! +--------+----------+--------+---------+------------------+---------------+----------------------+


From heas at shrubbery.net  Fri Aug  3 20:08:51 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 3 Aug 2018 20:08:51 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <7f42ce1b97184b7db7cb34174fb0dba0@aquafin.be>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
 <20180802221548.GA9206@shrubbery.net>
 <7f42ce1b97184b7db7cb34174fb0dba0@aquafin.be>
Message-ID: <20180803200851.GC42805@shrubbery.net>

Fri, Aug 03, 2018 at 03:34:05PM +0000, Nick Nauwelaerts:
> i guess the fortinet module could use some polishing. it does a great job for getting a complete running config backup. but other information could certainly be welcome to.
> 
> perhaps i'll have a look at converting it to a library later on, then you can just comment out the modules you have no interest in. but that will have to wait until i get aerohive hiveos polished a bit.

i'll convert it, but someone needs to commit to testing it for me, since i
have none of these devices.

> // nick
> 
> 
> -----Original Message-----
> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley
> Sent: Friday, August 3, 2018 00:16
> To: Chris Wopat <me at falz.net>
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Fortigate additional tweaks and device filters
> 
> Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
> > > Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
> > >> hm,
> > >> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
> > >>
> > >> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?
> > > Could be; what are they?  version stamp of what exactly?
> > >
> >
> >
> > My additions to filter are based on the fact that there's already a
> > block of these being filtered, this is just 'more of the same' chatty
> > stuff that changes daily.
> >
> > I'd say go one way or another- add more similar filters (my suggestion)
> > or do none or have a toggle-able option. FILTER_OSC sounds more like
> > it's for security stuff, so that doesn't seem like the best fit to me.
> >
> > Has a new FILTER_CRUFT type of option been discussed in the past? Unsure
> > if this fits the category of any other previously discussed things.
> 
> it was intended for stuff that oscillated but is still desirable (by some).
> so, seems to fit the application, perhaps for the other similar filters.
> again, i dont know the platform, so I need input.
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
> 
> ________________________________
> 
> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
> 
> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.
> 
> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>   P Denk aan het milieu. Druk deze mail niet onnodig af.


From heas at shrubbery.net  Fri Aug  3 20:49:28 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 3 Aug 2018 20:49:28 +0000
Subject: [rancid] Ciena Waveserver 1.6 - fluctuating power values +
 other improvement suggestions
In-Reply-To: <20180803204521.C81772B8899@sea.shrubbery.net>
 <CALsLHcgR3YQ_MeF7MSvoPS+YAvGC=N=MgHozvq85cgLcUr0SJw@mail.gmail.com>
Message-ID: <20180803204928.GF42805@shrubbery.net>

Fri, Aug 03, 2018 at 11:29:03AM -0500, Chris Wopat:
> We recently upgraded some Ciena Waveservers to v1.6, Ciena added power draw
> info to the output of "show chassis". That value fluctuates a lot, causing
> diffs on most rancid-runs. looking to see the best method to filter it out.
> 
> Attached is a .txt file (or see
> https://falz.net/static/waveserver-1.6-chassis.txt)  with sample output
> from 1.5 and 1.6m where the power column was added as well as a new box
> displaying a total power value, which also fluctuates.
> 
> Is there a quick and easy way to filter out just the power values? If not,

does the patch below do it?  I no longer have any of these devices.

> a proposed solution would be to run these commands instead of 'chassis
> show':
> 
> chassis show capabilities
> chassis show mac
> 
> These would not show the power related info, but it would show the rest of
> whats normally in the 'chassis show command'.
> 
> While looking in to this issue, we also notice that the command 'software
> show' is run, but our diffs never show the output of it. If i run this via
> command line, it does show output.

what does the cmd output look like?  output from one of ours looked like:

! WS>  software show
! +---------------- ACTIVE RELEASE INFORMATION -------------------+
! | Parameter                     | Value                         |
! +-------------------------------+-------------------------------+
! | Version                       | 1.0.1                         |
! | Build                         | ae03                          |
! | Build Date                    | 2015.12.16-13:36.17           |
! | Catalog Name                  | 1.0.1-ae03_svrbuild_wvsrvr    |
! +-------------------------------+-----------+---------+---------+
! | Release Component             | Version   | Build   | State   |
! +-------------------------------+-----------+---------+---------+
! | Waveserver OS                 | 1.0.1     | ae03    | Active  |
! | WS Control Datapath Firmware  | 1.0.1     | ae03    | Active  |
! | WS Wavelogic Firmware         | 1.0.1     | ae03    | Active  |
! | WS Controller App             | 1.0.1     | ae03    | Active  |
! | WS Datapath App               | 1.0.1     | ae03    | Active  |
! | WS Management App             | 1.0.1     | ae03    | Active  |
! | WS MIB                        | 01-00-00  | 00      | Active  |
! | WS YANG                       | 01-00-00  | 00      | Active  |
! | WS HW-ID                      | 003       | 00      | Active  |
! | WS SW-ID                      | 01        | 00      | Active  |
! +-------------------------------+-----------+---------+---------+

> Lastly, there's a few other useful commands that I could see being added
> fairly painlessly that show some useful information. Some of these came
> from looking at what Juniper does already and some are unique to Fortigate
> (the service things).
> 
> alarm show
> blade show
> license client show
> license file list
> service-domain show
> service show map

you have to show me output of these.

Index: wavesvros.pm.in
===================================================================
--- wavesvros.pm.in	(revision 3846)
+++ wavesvros.pm.in	(working copy)
@@ -103,6 +103,7 @@
 # This routine parses "chassis show"
 sub ShowChassis {
     my($INPUT, $OUTPUT, $cmd) = @_;
+    my($PSW) = 0;
     print STDERR "    In ShowChassisClocks: $_" if ($debug);
 
     # include the command
@@ -113,8 +114,8 @@
 	last if (/^$prompt/);
 	/no matching entry found/ && return(-1);	# unknown cmd
 
-	# skip fan status
-	if (/CFU FAN STATUS/) {
+	# skip fan status/chassis power draw
+	if (/(cfu fan status|chassis power summary)/i) {
 	    while (<$INPUT>) {
 		tr/\015//d;
 		return(-1) if (/^$prompt/);
@@ -121,6 +122,20 @@
 		last if (/^\s*$/);
 	    }
 	}
+	# filter PS wattage from power supply status
+	if (/(cfu fan status|chassis power summary)/i) {
+	    while (<$INPUT>) {
+		tr/\015//d;
+		return(-1) if (/^$prompt/);
+		$PSW = 1 if (/power \(w\)/i);
+		if ($PSW && /^(|[^|]+){7,}|\s+([0-9.]+ |)/) {
+		    ProcessHistory("","","","! $1|\n");
+		} else {
+		    ProcessHistory("","","","! $_");
+		}
+		last if (/^\s*$/);
+	    }
+	}
 
 	ProcessHistory("","","","! $_");
     }


From me at falz.net  Sat Aug  4 17:57:23 2018
From: me at falz.net (Chris Wopat)
Date: Sat, 4 Aug 2018 12:57:23 -0500
Subject: [rancid] Ciena Waveserver 1.6 - fluctuating power values +
 other improvement suggestions
In-Reply-To: <20180803204928.GF42805@shrubbery.net>
References: <20180803204521.C81772B8899@sea.shrubbery.net>
 <CALsLHcgR3YQ_MeF7MSvoPS+YAvGC=N=MgHozvq85cgLcUr0SJw@mail.gmail.com>
 <20180803204928.GF42805@shrubbery.net>
Message-ID: <CALsLHchPyX-n1iabPeiPB7dReLahnGQtgD9gKC5p9ftcrfJiaQ@mail.gmail.com>

On Fri, Aug 3, 2018 at 3:49 PM, heasley <heas at shrubbery.net> wrote:

does the patch below do it?  I no longer have any of these devices.
>
>
I applied ran, no changes at all. Should it be scrubbing the power value
out of the config?




> what does the cmd output look like?  output from one of ours looked like:
>
>
Attached is a text file (or at
https://falz.net/static/waveserver-commands-2018-08-04.txt) that has its
output, as well as output of the other proposed commands. This output is
from the CLI, when running in rancid, it simply omits the output and goes
directly to the next command:

! waveserver-1.6> software show
! waveserver-1.6> chassis show

Looking back at diffs, these started live running os 1.3.1, when we moved
to 1.5.0 that section disappeared. We're now on the latest, which is 1.6.0
and it's still gone. It appears that the main difference is that that
section now starts with an ascii box labeled "SOFTWARE STATE INFORMATION"
before the previously existing "ACTIVE RELEASE INFORMATION" box.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180804/ed09c9f6/attachment.html>
-------------- next part --------------

waveserver-1.6# software show 
Operation is in progress...
+---------------- SOFTWARE STATE INFORMATION -------------------+
| Parameter                     | Value                         |
+-------------------------------+-------------------------------+
| Software Operational State    | Normal                        |
| Upgrade  Operational State    | Commit Complete               |
+-------------------------------+-------------------------------+
| Auto-revert Timer             | Not running                   |
| User-revert Timer             | Not running                   |
+-------------------------------+-------------------------------+
| Last Command File Executed    |                               |
+-------------------------------+-------------------------------+
+---------------- ACTIVE RELEASE INFORMATION -------------------+
| Parameter                     | Value                         |
+-------------------------------+-------------------------------+
| Version                       | 1.6.0                         |
| Build                         | fl31                          |
| Build Date                    | 2018.05.11-01:21.03           |
| Catalog Name                  | 1.6.0-fl31_svrbuild_wvsrvr    |
+-------------------------------+-----------+---------+---------+
| Release Component             | Version   | Build   | State   |
+-------------------------------+-----------+---------+---------+
| Waveserver OS                 | 1.6.0     | fl31    | Active  |
| WS Control Datapath Firmware  | 1.5.0     | ej24    | Active  |
| WS Control Firmware           | 1.6.0     | fl02    | Active  |
| WS Datapath Firmware          | 1.6.0     | fl14    | Active  |
| WS Wavelogic Firmware         | 1.2.0     | bf88    | Active  |
| WS Controller App             | 1.6.0     | fl31    | Active  |
| WS Datapath App               | 1.6.0     | fl31    | Active  |
| WS Management App             | 1.6.0     | fl31    | Active  |
| WS License Service App        | 1.6.0     | fl31    | Active  |
| WS Datapath2 Firmware         | 1.6.0     | fl14    | Active  |
| WS Datapath Encryption App    | 1.6.0     | fl31    | Active  |
| WS MIB                        | 01-06-00  | 00      | Active  |
| WS YANG                       | 01-06-00  | 00      | Active  |
| WS HW-ID                      | 005       | 00      | Active  |
| WS SW-ID                      | 01        | 00      | Active  |
+-------------------------------+-----------+---------+---------+
+------------------------+--------+--------------+---------+---------+
| Licensed Feature       | In-Use | Availability | Type    | Status  |
+------------------------+--------+--------------+---------+---------+
| Software Release 1.3.0 | No     | Available    | Served  | Valid   |
| Software Release 1.5.0 | No     | Available    | Served  | Valid   |
| Software Release 1.6.0 | Yes    | Held         | PreAuth | Valid   |
+------------------------+--------+--------------+---------+---------+



waveserver-1.6# alarm show

+----------- ALARM STATUS ------------+
| On | Dis | Description              |
+----+-----+--------------------------+
|    |     | Warning                  |
|    |     | Minor Visible            |
|  * |     | Major Visible            |
|    |     | Critical Visible         |
+----+-----+--------------------------+

+--------------------------------------- ACTIVE ALARMS -----------------------------------------------------------+
|IID  |Ack|ATID |Severity| Date & Time (Local)      | Instance       | Description                                |
+-----+---+-----+--------+--------------------------+----------------+--------------------------------------------+
|   24|   |   55|   major| Fri Aug  3 00:03:00 2018 |         Chassis| SW release License is missing              |
|   78|   |   28|   major| Fri Aug  3 01:51:14 2018 |          XCVR-8| XCVR Missing                               |
+-----+---+-----+--------+--------------------------+----------------+--------------------------------------------+
| |          \---------> ATID : Alarm Table ID                                                                    |
| \--------------------> IID  : Alarm Instance ID                                                                 |
+-----------------------------------------------------------------------------------------------------------------+


waveserver-1.6# blade show 

+----------------------------------- BLADE SUMMARY -------------------------------------------+
|           |                        |      |          |         | # Port |      Port         |
| Slot      | Model                  | Type | Admin    | Oper    | / Chnl |    Base MAC       |
+-----------+------------------------+------+----------+---------+--------+-------------------+
| Chassis-1 | Waveserver I-CSLM 400G | 01   | Enabled  | Up      | 12/44  | 9c:7a:03:8e:eb:4a |
+-----------+------------------------+------+----------+---------+--------+-------------------+

waveserver-1.6# license client show 
+------------------------------- LICENSE CLIENT STATE --------------------------------------------+
| Parameter                     | Value                                                           |
+-------------------------------+-----------------------------------------------------------------+
| Admin State                   | Enabled                                                         |
| Oper State                    | Up                                                              |
+-------------------------------+-----------------------------------------------------------------+
| Compliance State              | Not Compliant                                                   |
+-------------------------------+-----------------------------------------------------------------+
| Registration ID               | REDACTED                                                        |
| Number of License Server(s)   | 0                                                               |
+-------------------------------+-----------------------------------------------------------------+


waveserver-1.6# license file list 
Processed: 
  ciena-REDACTED-201808011218.lic                  6901       Wed Aug  1 11:20:32 2018
      
Downloads: 
  ciena-REDACTED-201808020907.lic                  7456       Fri Aug  3 00:24:42 2018
      
Requests: 
  /license/request/REDACTED_registration.bin       349        Wed Aug  1 11:14:40 2018
      
  /license/request/waveserver-1.6-rma-2018_registration.bin   364        Wed Aug  1 11:17:04 2018

waveserver-1.6# service-domain show 

+-------+--------------------- SERVICE-DOMAIN TABLE ----------------------+-----+-----+
|       |                                  |                              |     | Svc |
| Index | Name                             | Description                  |Attch| Cnt |
+-------+----------------------------------+------------------------------+-----+-----+
| 1     | AUTOGEN-SVCDOMAIN-1              |                              |     | 1   |
| 2     | AUTOGEN-SVCDOMAIN-2              |                              |  Y  | 1   |
| 3     | AUTOGEN-SVCDOMAIN-3              |                              |     | 1   |
| 4     | AUTOGEN-SVCDOMAIN-4              |                              |  Y  | 1   |
| 5     | AUTOGEN-SVCDOMAIN-5              |                              |     | 12  |
| 6     | AUTOGEN-SVCDOMAIN-6              |                              |     | 12  |
| 7     | AUTOGEN-SVCDOMAIN-7              |                              |     | 12  |
| 8     | AUTOGEN-SVCDOMAIN-8              |                              |     | 12  |
| 11    | SVCDOM-11                        |                              |  Y  |     |
| 12    | SVCDOM-12                        |                              |  Y  | 4   |
| 19    | SVCDOM-19                        |                              |     |     |
| 20    | SVCDOM-20                        |                              |  Y  | 1   |
+-------+----------------------------------+------------------------------+-----+-----+


waveserver-1.6# service show map  
  
+--------------------------------------- SERVICE MAP ------------------------------------------------------------+  
|UNI |     |             Service                             |           Service-Domain            |    I-NNI    |  
|Port|Speed|Idx |Name                            | ID |Type  |Idx |Name                            |Port1 |Port2 |  
+----+-----+----+--------------------------------+----+------+----+--------------------------------+------+------+  
|6   |100G |50  |AUTOGEN-SERVICE-200             |200 |E-EPL |2   |AUTOGEN-SVCDOMAIN-2             |1.2   |      |  
|8   |100G |80  |SVC-8                           |1080|E-EPL |20  |SVCDOM-20                       |      |12.2  |  
|11.1|10G  |111 |SVC-111                         |1111|EPL   |12  |SVCDOM-12                       |      |12.1  |  
|11.2|10G  |112 |SVC-112                         |1112|EPL   |12  |SVCDOM-12                       |      |12.1  |  
|11.3|10G  |113 |SVC-113                         |1113|EPL   |12  |SVCDOM-12                       |      |12.1  |  
|11.4|10G  |114 |SVC-114                         |1114|EPL   |12  |SVCDOM-12                       |      |12.1  |  
|    |     |52  |AUTOGEN-SERVICE-400             |400 |E-EPL |4   |AUTOGEN-SVCDOMAIN-4             |      |12.2  |  
|    |     |1   |AUTOGEN-SERVICE-521             |521 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |2   |AUTOGEN-SERVICE-522             |522 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |3   |AUTOGEN-SERVICE-523             |523 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |4   |AUTOGEN-SERVICE-524             |524 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |5   |AUTOGEN-SERVICE-531             |531 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |6   |AUTOGEN-SERVICE-532             |532 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |7   |AUTOGEN-SERVICE-533             |533 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |8   |AUTOGEN-SERVICE-534             |534 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |9   |AUTOGEN-SERVICE-541             |541 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |10  |AUTOGEN-SERVICE-542             |542 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |11  |AUTOGEN-SERVICE-643             |643 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |12  |AUTOGEN-SERVICE-644             |644 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |13  |AUTOGEN-SERVICE-651             |651 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |14  |AUTOGEN-SERVICE-652             |652 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |15  |AUTOGEN-SERVICE-653             |653 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |16  |AUTOGEN-SERVICE-654             |654 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |17  |AUTOGEN-SERVICE-661             |661 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |18  |AUTOGEN-SERVICE-662             |662 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |19  |AUTOGEN-SERVICE-663             |663 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |20  |AUTOGEN-SERVICE-664             |664 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |21  |AUTOGEN-SERVICE-771             |771 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |22  |AUTOGEN-SERVICE-772             |772 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |23  |AUTOGEN-SERVICE-773             |773 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |24  |AUTOGEN-SERVICE-774             |774 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |25  |AUTOGEN-SERVICE-781             |781 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |26  |AUTOGEN-SERVICE-782             |782 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |27  |AUTOGEN-SERVICE-783             |783 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |28  |AUTOGEN-SERVICE-784             |784 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |29  |AUTOGEN-SERVICE-791             |791 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |30  |AUTOGEN-SERVICE-792             |792 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |31  |AUTOGEN-SERVICE-893             |893 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |32  |AUTOGEN-SERVICE-894             |894 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |33  |AUTOGEN-SERVICE-801             |801 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |34  |AUTOGEN-SERVICE-802             |802 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |35  |AUTOGEN-SERVICE-803             |803 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |36  |AUTOGEN-SERVICE-804             |804 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |37  |AUTOGEN-SERVICE-811             |811 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |38  |AUTOGEN-SERVICE-812             |812 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |39  |AUTOGEN-SERVICE-813             |813 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |40  |AUTOGEN-SERVICE-814             |814 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |41  |AUTOGEN-SERVICE-520             |520 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |42  |AUTOGEN-SERVICE-530             |530 |EPL   |5   |AUTOGEN-SVCDOMAIN-5             |      |      |  
|    |     |43  |AUTOGEN-SERVICE-650             |650 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |44  |AUTOGEN-SERVICE-660             |660 |EPL   |6   |AUTOGEN-SVCDOMAIN-6             |      |      |  
|    |     |45  |AUTOGEN-SERVICE-770             |770 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |46  |AUTOGEN-SERVICE-780             |780 |EPL   |7   |AUTOGEN-SVCDOMAIN-7             |      |      |  
|    |     |47  |AUTOGEN-SERVICE-800             |800 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |48  |AUTOGEN-SERVICE-810             |810 |EPL   |8   |AUTOGEN-SVCDOMAIN-8             |      |      |  
|    |     |49  |AUTOGEN-SERVICE-100             |100 |E-EPL |1   |AUTOGEN-SVCDOMAIN-1             |      |      |  
|    |     |51  |AUTOGEN-SERVICE-300             |300 |E-EPL |3   |AUTOGEN-SVCDOMAIN-3             |      |      |  
+----+-----+----+--------------------------------+----+------+----+--------------------------------+------+------+  


From nick.nauwelaerts at aquafin.be  Sun Aug  5 16:19:41 2018
From: nick.nauwelaerts at aquafin.be (Nick Nauwelaerts)
Date: Sun, 5 Aug 2018 16:19:41 +0000
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <20180803200851.GC42805@shrubbery.net>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
 <20180802221548.GA9206@shrubbery.net>
 <7f42ce1b97184b7db7cb34174fb0dba0@aquafin.be>,
 <20180803200851.GC42805@shrubbery.net>
Message-ID: <A3A57EC7-1FCE-4B43-AB3F-3635FA266FEC@aquafin.be>

i wouldnt mind testing at all, atm running a 800c cluster on 5.2, and expecting a 500e cluster with 5.6 by the end of the month.

// nick

> On 03 Aug 2018, at 22:08, heasley <heas at shrubbery.net> wrote:
> 
> Fri, Aug 03, 2018 at 03:34:05PM +0000, Nick Nauwelaerts:
>> i guess the fortinet module could use some polishing. it does a great job for getting a complete running config backup. but other information could certainly be welcome to.
>> 
>> perhaps i'll have a look at converting it to a library later on, then you can just comment out the modules you have no interest in. but that will have to wait until i get aerohive hiveos polished a bit.
> 
> i'll convert it, but someone needs to commit to testing it for me, since i
> have none of these devices.
> 
>> // nick
>> 
>> 
>> -----Original Message-----
>> From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley
>> Sent: Friday, August 3, 2018 00:16
>> To: Chris Wopat <me at falz.net>
>> Cc: rancid-discuss at shrubbery.net
>> Subject: Re: [rancid] Fortigate additional tweaks and device filters
>> 
>> Thu, Aug 02, 2018 at 09:25:30AM -0500, Chris Wopat:
>>>> Wed, Aug 01, 2018 at 08:37:03AM +0000, Nick Nauwelaerts:
>>>>> hm,
>>>>> i actually like to have those versions in the output. if something breaks my first reaction tends to be: "what changed?", and rancid is usually the first place i check.
>>>>> 
>>>>> would it be an option to control this with FILTER_OSC , even though its not quite it's intended application?
>>>> Could be; what are they?  version stamp of what exactly?
>>> 
>>> 
>>> My additions to filter are based on the fact that there's already a
>>> block of these being filtered, this is just 'more of the same' chatty
>>> stuff that changes daily.
>>> 
>>> I'd say go one way or another- add more similar filters (my suggestion)
>>> or do none or have a toggle-able option. FILTER_OSC sounds more like
>>> it's for security stuff, so that doesn't seem like the best fit to me.
>>> 
>>> Has a new FILTER_CRUFT type of option been discussed in the past? Unsure
>>> if this fits the category of any other previously discussed things.
>> 
>> it was intended for stuff that oscillated but is still desirable (by some).
>> so, seems to fit the application, perhaps for the other similar filters.
>> again, i dont know the platform, so I need input.
>> 
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/rancid-discuss
>> 
>> ________________________________
>> 
>> Volg Aquafin op Facebook<https://www.facebook.com/AquafinNV> | Twitter<https://twitter.com/aquafinnv> | YouTube<http://www.youtube.com/channel/UCk_4P5BJ-MtEEDCkCsR_KqQ?feature=mhee> | LinkedIN<http://www.linkedin.com/company/aquafin/products>
>> 
>> In het kader van de uitoefening van onze taken verzamelen we bij Aquafin persoonsgegevens. Hoe we omgaan met deze gegevens en wat de rechten van de betrokkenen zijn, kan je nalezen in onze privacy policy<https://www.aquafin.be/nl-be/privacy-policy>.
>> 
>> [https://www.aquafin.be/sites/aquafin/files/styles/paragraph_with_caption/public/2018-06/email_banner_web.jpg]<https://www.aquafin.be/>
>>  P Denk aan het milieu. Druk deze mail niet onnodig af.


From me at falz.net  Mon Aug  6 12:27:25 2018
From: me at falz.net (Chris Wopat)
Date: Mon, 6 Aug 2018 07:27:25 -0500
Subject: [rancid] Fortigate additional tweaks and device filters
In-Reply-To: <20180803200851.GC42805@shrubbery.net>
References: <23699c0fc7084cffa45244728cd3724e@aquafin.be>
 <7dc76327-7fff-a745-7f68-5dabdd480530@falz.net>
 <20180802221548.GA9206@shrubbery.net>
 <7f42ce1b97184b7db7cb34174fb0dba0@aquafin.be>
 <20180803200851.GC42805@shrubbery.net>
Message-ID: <CALsLHcjFr_rD5i+XV50ZaxsLgPZ3v5PVh_51gmJVxifV9gFSHw@mail.gmail.com>

On Fri, Aug 3, 2018 at 3:08 PM, heasley <heas at shrubbery.net> wrote:

> Fri, Aug 03, 2018 at 03:34:05PM +0000, Nick Nauwelaerts:
> > i guess the fortinet module could use some polishing. it does a great
> job for getting a complete running config backup. but other information
> could certainly be welcome to.
> >
> > perhaps i'll have a look at converting it to a library later on, then
> you can just comment out the modules you have no interest in. but that will
> have to wait until i get aerohive hiveos polished a bit.
>
> i'll convert it, but someone needs to commit to testing it for me, since i
> have none of these devices.
>


We can test as well. we have a small variety - 1000d, 600d, 100d, 500e, all
of which are running 5.6.something.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180806/6d4ba128/attachment.html>

From me at falz.net  Mon Aug  6 12:19:49 2018
From: me at falz.net (Chris Wopat)
Date: Mon, 6 Aug 2018 07:19:49 -0500
Subject: [rancid] Ciena Waveserver 1.6 - fluctuating power values +
 other improvement suggestions
In-Reply-To: <CALsLHchPyX-n1iabPeiPB7dReLahnGQtgD9gKC5p9ftcrfJiaQ@mail.gmail.com>
References: <20180803204521.C81772B8899@sea.shrubbery.net>
 <CALsLHcgR3YQ_MeF7MSvoPS+YAvGC=N=MgHozvq85cgLcUr0SJw@mail.gmail.com>
 <20180803204928.GF42805@shrubbery.net>
 <CALsLHchPyX-n1iabPeiPB7dReLahnGQtgD9gKC5p9ftcrfJiaQ@mail.gmail.com>
Message-ID: <CALsLHcgEYH+pY-+f-VYT-GPXYaa7dbcUqTUF9uW1+TLJhbcArA@mail.gmail.com>

On Sat, Aug 4, 2018 at 12:57 PM, Chris Wopat <me at falz.net> wrote:

> On Fri, Aug 3, 2018 at 3:49 PM, heasley <heas at shrubbery.net> wrote:
>
> does the patch below do it?  I no longer have any of these devices.
>>
>>
> I applied ran, no changes at all. Should it be scrubbing the power value
> out of the config?
>

Rechecked logs, it was actually giving an error and not running properly,
changed "$PSW" to "my $PSW" to get it to run. This took care of half of the
problem- it did filter out the "CHASSIS POWER SUMMARY" box, but there's
still a power value in the new last column of "POWER SUPPLY STATUS" box.

! +------------------------------------ POWER SUPPLY STATUS
---------------------------------------+-----------+
! | Slot   | Admin    | Oper   | Type    | Model            | Serial Number
| Part Number / Rev    | Power (W) |
!
+--------+----------+--------+---------+------------------+---------------+----------------------+-----------+
! | PSU-1  | Enabled  | Normal | DC      | WS DC PSU        | blah
|    186-1501-900/AB   |     256.0 |
!
+--------+----------+--------+---------+------------------+---------------+----------------------+-----------+
! | PSU-2  | Enabled  | Normal | DC      | WS DC PSU        | blah
|    186-1501-900/AB   |     314.0 |
!
+--------+----------+--------+---------+------------------+---------------+----------------------+-----------+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180806/58d311c9/attachment.html>

From rmelville at otes.com  Wed Aug 15 20:17:28 2018
From: rmelville at otes.com (Ryan Melville)
Date: Wed, 15 Aug 2018 20:17:28 +0000
Subject: [rancid] Help Using git with RANCID
Message-ID: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>

Hi,

I have tried my darndest to git RANCID working with a remote git server based on the few web articles and forum threads, but am still missing something.  Assistance would be appreciated.

rancid.conf
LIST_OF_GROUPS="all"
RCSSYS=git; export RCSSYS
CVSROOT=$BASEDIR/repos; export CVSROOT

I ran sudo -H -u rancid /mnt/rancid/rancid/bin/rancid-cvs and it seemed happy.

My "/mnt/rancid/rancid/var" directory is now:

   all/
   logs/
   repos/

Under "all/" is now:

  configs/
  .git/
  router.db
  routers.all
  routers.down
  routers.up

Under "repos/" is:

  all/

This article (https://www.cryptomonkeys.com/2016/11/rancid-git/) implies one needs to do a clone of a remote repo.  If so, into what local directory?  And must I first remote something rancid-cvs created?

The forum threads do not mention a clone.  They imply creating a remote.  But in which of the two git-repo-like directories created by rancid-cvs (var/all/.git or var/repos/all)?

I am expecting the end result to be a clone of a remote repo (for each group) somewhere under rancid/var, and for rancid-run to operate in that location and after making changes effectively does a "git push" back to my remote git server.

I just cannot seem to cobble together the correct series of commands from the multiple sources of information.

Regards,

Ryan Melville
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180815/f5909dc2/attachment.html>

From heas at shrubbery.net  Thu Aug 16 07:52:58 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 16 Aug 2018 07:52:58 +0000
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>
Message-ID: <20180816075257.GA64290@shrubbery.net>

Wed, Aug 15, 2018 at 08:17:28PM +0000, Ryan Melville:
> Hi,
> 
> I have tried my darndest to git RANCID working with a remote git server based on the few web articles and forum threads, but am still missing something.  Assistance would be appreciated.
> 
> rancid.conf
> LIST_OF_GROUPS="all"
> RCSSYS=git; export RCSSYS
> CVSROOT=$BASEDIR/repos; export CVSROOT
> 
> I ran sudo -H -u rancid /mnt/rancid/rancid/bin/rancid-cvs and it seemed happy.

perfect.
cd $BASEDIR/<group>
git remote add <somename> <giturlofexistingremote>
git remote set-url --add --push origin $CVSROOT/all
git remote set-url --add --push origin <giturlofexistingremote>

test (and initial push) it:
	git push <somename>
This must not require interactive authentication, which i leave to your
own research.


From p at tristero.se  Fri Aug 17 19:16:51 2018
From: p at tristero.se (Pavel Korovin)
Date: Fri, 17 Aug 2018 22:16:51 +0300
Subject: [rancid] [patch] fluctuating data from cisco-nx
Message-ID: <20180817191651.rwgej63yih2mxgyl@tristero.se>

Dear all,

There are several issues with fluctuating data received from Cisco Nexus
platform (55xx, 77xx):

* accounting logs filenames are named as accounting_log,
  accounting_log.0, etc. These filenames are not filtered out from the
  output

* "show interface transceiver" command introduced in v3.8 produces huge
  (temperature, current, power & voltage); imagine how much output produces
  N5596 with 96 ports/transceivers. I propose to filter out this output
  if FILTER_OSC != NO

* if PAR_COUNT is > 1 (by default, it's 5) and rancid simultaneously runs
  "show version" in multiple VDCs on the same device, bootflash size
  values hop between 0 and actual size, with each invocation producing cvs
  commits and change notifications. To reproduce, run "show ver"
  simultaneously on multiple VDCs. It seems that NX-OS requires exclusive
  access to hardware to determine the size of bootflash and fails during
  concurrent access. I cannot offer any better solution than just
  providing a knob to filter out bootflash size fluctuations by setting
  FILTER_OSC = ALL.

Please see the diff attached.

-- 
With best regards,
Pavel Korovin
-------------- next part --------------
$OpenBSD$

Index: lib/nxos.pm.in
--- lib/nxos.pm.in.orig
+++ lib/nxos.pm.in
@@ -186,7 +186,7 @@ EndSoftware:
 	    }
 	}
 EndHardware:
-	if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/) {
+	if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/ && ($filter_osc < 2)) {
 	    my($tmp) = int($2 / 1024);
 	    ProcessHistory("COMMENTS","keysort","B1",
 			   "!Memory: $1: $tmp MB$3\n");
@@ -496,8 +496,8 @@ sub DirSlotN {
 	# Drop bootvar_debug log files
 	/\s+bootvar_debug\./ && next;
 
-	# Drop accounting.log
-	/\s+accounting\.log$/ && next;
+	# Drop accounting logs
+	/\s+accounting.log.*/ && next;
 
 	# Drop vtp_debug.log and vtp_debug_old.log CDETS bug CSCuy87611
 	/\s+vtp_debug(_old)?\.log$/ && next;
@@ -574,6 +574,9 @@ sub ShowIntTransceiver {
 	return(-1) if (/No token match at /);	# 1000v
 	return(-1) if (/\% Permission denied/);
 	return(-1) if (/command authorization failed/i);
+	
+	# filter out oscillating data from transceivers if FILTER_OSC != NO
+	next if (/(Temperature|Current|Power|Voltage)\s+:/ && ($filter_osc >= 1));
 
 	ProcessHistory("COMMENTS","","","!$_");
     }

From rmelville at otes.com  Fri Aug 17 02:28:01 2018
From: rmelville at otes.com (Ryan Melville)
Date: Fri, 17 Aug 2018 02:28:01 +0000
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <20180816075257.GA64290@shrubbery.net>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <20180816075257.GA64290@shrubbery.net>
Message-ID: <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>

Thank you! I will try this and report back.

Regards,

Ryan Melville
________________________________
From: heasley <heas at shrubbery.net>
Sent: Thursday, August 16, 2018 2:53 AM
To: Ryan Melville
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Help Using git with RANCID

Wed, Aug 15, 2018 at 08:17:28PM +0000, Ryan Melville:
> Hi,
>
> I have tried my darndest to git RANCID working with a remote git server based on the few web articles and forum threads, but am still missing something.  Assistance would be appreciated.
>
> rancid.conf
> LIST_OF_GROUPS="all"
> RCSSYS=git; export RCSSYS
> CVSROOT=$BASEDIR/repos; export CVSROOT
>
> I ran sudo -H -u rancid /mnt/rancid/rancid/bin/rancid-cvs and it seemed happy.

perfect.
cd $BASEDIR/<group>
git remote add <somename> <giturlofexistingremote>
git remote set-url --add --push origin $CVSROOT/all
git remote set-url --add --push origin <giturlofexistingremote>

test (and initial push) it:
        git push <somename>
This must not require interactive authentication, which i leave to your
own research.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180817/4e61ea3f/attachment.html>

From heas at shrubbery.net  Sat Aug 18 20:59:04 2018
From: heas at shrubbery.net (heasley)
Date: Sat, 18 Aug 2018 20:59:04 +0000
Subject: [rancid] [patch] fluctuating data from cisco-nx
In-Reply-To: <20180817191651.rwgej63yih2mxgyl@tristero.se>
References: <20180817191651.rwgej63yih2mxgyl@tristero.se>
Message-ID: <20180818205903.GA58528@shrubbery.net>

Fri, Aug 17, 2018 at 10:16:51PM +0300, Pavel Korovin:
> Dear all,
> 
> There are several issues with fluctuating data received from Cisco Nexus
> platform (55xx, 77xx):
> 
> * accounting logs filenames are named as accounting_log,
>   accounting_log.0, etc. These filenames are not filtered out from the
>   output
> 
> * "show interface transceiver" command introduced in v3.8 produces huge
>   (temperature, current, power & voltage); imagine how much output produces
>   N5596 with 96 ports/transceivers. I propose to filter out this output
>   if FILTER_OSC != NO
> 
> * if PAR_COUNT is > 1 (by default, it's 5) and rancid simultaneously runs
>   "show version" in multiple VDCs on the same device, bootflash size

slot0 too?  or just bootflash?

>   values hop between 0 and actual size, with each invocation producing cvs
>   commits and change notifications. To reproduce, run "show ver"
>   simultaneously on multiple VDCs. It seems that NX-OS requires exclusive
>   access to hardware to determine the size of bootflash and fails during
>   concurrent access. I cannot offer any better solution than just
>   providing a knob to filter out bootflash size fluctuations by setting
>   FILTER_OSC = ALL.
> 
> Please see the diff attached.
> 
> -- 
> With best regards,
> Pavel Korovin

> $OpenBSD$
> 
> Index: lib/nxos.pm.in
> --- lib/nxos.pm.in.orig
> +++ lib/nxos.pm.in
> @@ -186,7 +186,7 @@ EndSoftware:
>  	    }
>  	}
>  EndHardware:
> -	if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/) {
> +	if (/^\s+(bootflash|slot0):\s+(\d+) kB(.*)$/ && ($filter_osc < 2)) {
>  	    my($tmp) = int($2 / 1024);
>  	    ProcessHistory("COMMENTS","keysort","B1",
>  			   "!Memory: $1: $tmp MB$3\n");
> @@ -496,8 +496,8 @@ sub DirSlotN {
>  	# Drop bootvar_debug log files
>  	/\s+bootvar_debug\./ && next;
>  
> -	# Drop accounting.log
> -	/\s+accounting\.log$/ && next;
> +	# Drop accounting logs
> +	/\s+accounting.log.*/ && next;

was removal of the escape of the . intentional?

>  	# Drop vtp_debug.log and vtp_debug_old.log CDETS bug CSCuy87611
>  	/\s+vtp_debug(_old)?\.log$/ && next;
> @@ -574,6 +574,9 @@ sub ShowIntTransceiver {
>  	return(-1) if (/No token match at /);	# 1000v
>  	return(-1) if (/\% Permission denied/);
>  	return(-1) if (/command authorization failed/i);
> +	
> +	# filter out oscillating data from transceivers if FILTER_OSC != NO
> +	next if (/(Temperature|Current|Power|Voltage)\s+:/ && ($filter_osc >= 1));

The ones that I have access to, do not include this. :)  It seems to always
be approperiate to filter this, so I've removed the FILTER_OSC knob.


From p at tristero.se  Sat Aug 18 21:22:57 2018
From: p at tristero.se (Pavel Korovin)
Date: Sun, 19 Aug 2018 00:22:57 +0300
Subject: [rancid] [patch] fluctuating data from cisco-nx
In-Reply-To: <20180818205903.GA58528@shrubbery.net>
References: <20180817191651.rwgej63yih2mxgyl@tristero.se>
 <20180818205903.GA58528@shrubbery.net>
Message-ID: <20180818212257.bzvzfg62xrr46urd@tristero.se>

On 08/18, heasley wrote:
> Fri, Aug 17, 2018 at 10:16:51PM +0300, Pavel Korovin:
> > There are several issues with fluctuating data received from Cisco Nexus
> > platform (55xx, 77xx):
> > 
> > * if PAR_COUNT is > 1 (by default, it's 5) and rancid simultaneously runs
> >   "show version" in multiple VDCs on the same device, bootflash size
> 
> slot0 too?  or just bootflash?
 
I don't have Nexus devices with slot0 size > 0, but I suppose it should
be the same story.

> >   values hop between 0 and actual size, with each invocation producing cvs
> >   commits and change notifications. To reproduce, run "show ver"
> >   simultaneously on multiple VDCs. It seems that NX-OS requires exclusive
> >   access to hardware to determine the size of bootflash and fails during
> >   concurrent access. I cannot offer any better solution than just
> >   providing a knob to filter out bootflash size fluctuations by setting
> >   FILTER_OSC = ALL.

> > -	# Drop accounting.log
> > -	/\s+accounting\.log$/ && next;
> > +	# Drop accounting logs
> > +	/\s+accounting.log.*/ && next;
> 
> was removal of the escape of the . intentional?

Yes. I don't remember if earlier versions of NX-OS use
accounting_log or accounting.log naming, so it will filter both.
 
-- 
With best regards,
Pavel Korovin


From weylin at bu.edu  Mon Aug 20 02:49:23 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Mon, 20 Aug 2018 02:49:23 +0000
Subject: [rancid] [patch] fluctuating data from cisco-nx
In-Reply-To: <20180818212257.bzvzfg62xrr46urd@tristero.se>
References: <20180817191651.rwgej63yih2mxgyl@tristero.se>
 <20180818205903.GA58528@shrubbery.net>
 <20180818212257.bzvzfg62xrr46urd@tristero.se>
Message-ID: <C421F915-1E1A-4462-906F-CFB652A6DBED@bu.edu>

6.2(16):

Nexus-7010-16-2-16# echo ; dir logflash: ; echo

      50193    Aug 19 22:48:09 2018  accounting_log
     250109    Aug 12 23:34:44 2018  accounting_log.1
       4096    Nov 28 03:32:34 2013  core/
       4096    Nov 28 03:32:34 2013  debug/
       1068    May 03 05:50:16 2018  event_archive_1
      25645    May 22 16:42:41 2016  forwarding_debug_data
       4096    Nov 28 03:32:34 2013  generic/
       4096    Feb 12 04:29:44 2014  log/

Usage for logflash://sup-local
 6916423680 bytes used
  963309568 bytes free
 7879733248 bytes total

Nexus-7010-16-2-16#

?On 8/18/18, 5:22 PM, "Pavel Korovin" <p at tristero.se> wrote:

    On 08/18, heasley wrote:
    > Fri, Aug 17, 2018 at 10:16:51PM +0300, Pavel Korovin:
    > > There are several issues with fluctuating data received from Cisco Nexus
    > > platform (55xx, 77xx):
    > > 
    > > * if PAR_COUNT is > 1 (by default, it's 5) and rancid simultaneously runs
    > >   "show version" in multiple VDCs on the same device, bootflash size
    > 
    > slot0 too?  or just bootflash?
     
    I don't have Nexus devices with slot0 size > 0, but I suppose it should
    be the same story.
    
    > >   values hop between 0 and actual size, with each invocation producing cvs
    > >   commits and change notifications. To reproduce, run "show ver"
    > >   simultaneously on multiple VDCs. It seems that NX-OS requires exclusive
    > >   access to hardware to determine the size of bootflash and fails during
    > >   concurrent access. I cannot offer any better solution than just
    > >   providing a knob to filter out bootflash size fluctuations by setting
    > >   FILTER_OSC = ALL.
    
    > > -	# Drop accounting.log
    > > -	/\s+accounting\.log$/ && next;
    > > +	# Drop accounting logs
    > > +	/\s+accounting.log.*/ && next;
    > 
    > was removal of the escape of the . intentional?
    
    Yes. I don't remember if earlier versions of NX-OS use
    accounting_log or accounting.log naming, so it will filter both.
     
    -- 
    With best regards,
    Pavel Korovin
    
    
    


From itsupport at newscred.com  Tue Aug 21 16:26:23 2018
From: itsupport at newscred.com (Technology Support)
Date: Tue, 21 Aug 2018 12:26:23 -0400
Subject: [rancid] Login to Dell N3048p switch
Message-ID: <CAL0jy26jq=ZNk1PkMU6HaSYJe_1UCaphbA7a0Uz1HJPygUc_Lg@mail.gmail.com>

I got Rancid 3.8 up and running and I am able to get email alerts. It works
well with Cisco switch.
However, our core switches are Dell N3048p.
I tried many combinations in the router.db file like the below

*192.168.1.1;dell;up*
*192.168.1.1;dlink;up*
*192.168.1.1;smc;up*
*192.168.1.1;force10;up*

This is based on what I was reading in several support forums.
When I am running

*/usr/local/rancid/bin/dllogin 192.168.1.1*
OR

*/usr/local/rancid/bin/clogin 192.168.1.1 *
OR
*/usr/local/rancid/bin/hlogin 192.168.1.1*


They are all able to login to the switch with no issue.
However, when I am running

*/usr/local/rancid/bin/rancid-run*

nothing really happens and the only email alert I am getting is like the
below


*Index: router.db==============================*
*==============================*




*=======retrieving revision 1.4diff -u -4 -r1.4 router.db@@ -1 +1 @@-
192.168.1.1;force10;up+ 192.168.1.1;dell;up;*

When I am looking at the logs, I am getting an error like the below


























*cat Switches.20180821.160114starting: Tue Aug 21 16:01:14 UTC 2018cvs add:
192.168.1.1 already exists, with version number 1.5Added 192.168.1.1Trying
to get all of the configs.192.168.1.1 <http://192.168.1.1>: missed cmd(s):
all commands192.168.1.1 <http://192.168.1.1>: End of run not
found192.168.1.1 dllogin error: Error: TIMEOUT
reached=====================================Getting missed routers: round
1.All routers successfully completed.cvs diff: Diffing .cvs diff: Diffing
configscvs commit: Examining .cvs commit: Examining configsChecking in
router.db;/usr/local/rancid/var/CVS/Switches/router.db,v  <--  router.dbnew
revision: 1.12; previous revision: 1.11done*

I am able to see files being created in ViewVC web page but no config data
in them. I am getting the below line in one of the files



*#RANCID-CONTENT-TYPE: D-Link*
Is there anything else I can check in order to get this working?

Please let me know if you would like me to provide additional details.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180821/45a6e220/attachment.html>

From heas at shrubbery.net  Wed Aug 22 09:36:27 2018
From: heas at shrubbery.net (heasley)
Date: Wed, 22 Aug 2018 09:36:27 +0000
Subject: [rancid] Login to Dell N3048p switch
In-Reply-To: <CAL0jy26jq=ZNk1PkMU6HaSYJe_1UCaphbA7a0Uz1HJPygUc_Lg@mail.gmail.com>
References: <CAL0jy26jq=ZNk1PkMU6HaSYJe_1UCaphbA7a0Uz1HJPygUc_Lg@mail.gmail.com>
Message-ID: <20180822093627.GB81235@shrubbery.net>

Tue, Aug 21, 2018 at 12:26:23PM -0400, Technology Support:
> I got Rancid 3.8 up and running and I am able to get email alerts. It works
> well with Cisco switch.
> However, our core switches are Dell N3048p.
> I tried many combinations in the router.db file like the below
> 
> *192.168.1.1;dell;up*
> *192.168.1.1;dlink;up*
> *192.168.1.1;smc;up*
> *192.168.1.1;force10;up*
> 
> This is based on what I was reading in several support forums.
> When I am running
> 
> */usr/local/rancid/bin/dllogin 192.168.1.1*
> OR
> 
> */usr/local/rancid/bin/clogin 192.168.1.1 *
> OR
> */usr/local/rancid/bin/hlogin 192.168.1.1*
> 
> 
> They are all able to login to the switch with no issue.

Section 3 Q 2 of the FAQ has basic testing procedure.  Please follow
this to narrow the problem.


From rmelville at otes.com  Wed Aug 22 14:40:54 2018
From: rmelville at otes.com (Ryan Melville)
Date: Wed, 22 Aug 2018 14:40:54 +0000
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <20180816075257.GA64290@shrubbery.net>
 <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>
Message-ID: <DM5PR1901MB220048B3CEDF397B0B907584D4300@DM5PR1901MB2200.namprd19.prod.outlook.com>

Thank you for the advice, which got me on the right track.  I think those commands probably would have worked as-is, but my ideal state was having RANCID's local git workspace wire directly back to my git server *only* and not also push to the local ($CVSROOT) git repo.

So my steps were the following, picking up after the "sudo -H -u rancid /mnt/rancid/rancid/bin/rancid-cvs" command:

1) Create new empty 'rancid-<group>' repository on my (external) master git server (Atlassian Bitbucket, in my case).

2) Create 'rancid' user on my master git server, and give it read/write permission to the new repo.

3) Store 'rancid' user git credentials on my RANCID server, which requires a temporary clone that is then immediately deleted.

sudo -H -u rancid git config --global user.name "rancid"
sudo -H -u rancid git config --global user.email "rancid@<mydomain>"
sudo -H -u rancid git config --global credential.helper store
sudo -H -u rancid git clone https://rancid@<my-git-server>/scm/rancid-<group>.git<https://rancid@%3cmy-git-server%3e/scm/rancid-%3cgroup%3e.git>
(enter 'rancid' user passwords when prompted)
sudo -H -u rancid rm -rf rancid-all

4) Re-wire RANCID's git workspace to the master git server, instead of its local git server/repo.  Uses my particular RANCID installation path and group name ("all").

cd /mnt/rancid/rancid/var/all
sudo -H -u rancid git remote set-url origin https://rancid@<my-git-server>/scm/rancid-all.git
sudo -H -u rancid git push -u origin --all
sudo -H -u rancid git push origin --tags


At this point, I made a change to a network device, waited for my next cron execution of rancid-run, and then observed the changes in my master git repo, so I believe it was all working well.

Regards,

Ryan Melville

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180822/3529c2f9/attachment.html>

From m_zouhairy at skno.by  Thu Aug 23 06:54:21 2018
From: m_zouhairy at skno.by (Vacheslav)
Date: Thu, 23 Aug 2018 09:54:21 +0300
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <DM5PR1901MB220048B3CEDF397B0B907584D4300@DM5PR1901MB2200.namprd19.prod.outlook.com>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <20180816075257.GA64290@shrubbery.net>
 <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>
 <DM5PR1901MB220048B3CEDF397B0B907584D4300@DM5PR1901MB2200.namprd19.prod.outlook.com>
Message-ID: <3d7201d43aae$1ec710f0$5c5532d0$@skno.by>

 

 

From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> On Behalf Of
Ryan Melville
Sent: Wednesday, August 22, 2018 5:41 PM
To: heasley <heas at shrubbery.net>
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Help Using git with RANCID

 

>Thank you for the advice, which got me on the right track.  I think those
commands probably would have worked as-is, but my ideal state was having
RANCID's local git workspace wire directly back to my git server *only* and
not also push to the local ($CVSROOT) git repo.

 

>So my steps were the following, picking up after the "sudo -H -u rancid
/mnt/rancid/rancid/bin/rancid-cvs" command:

 

>1) Create new empty 'rancid-<group>' repository on my (external) master git
server (Atlassian Bitbucket, in my case).

 

>2) Create 'rancid' user on my master git server, and give it read/write
permission to the new repo.

 

>3) Store 'rancid' user git credentials on my RANCID server, which requires
a temporary clone that is then immediately deleted.

 

sudo -H -u rancid git config --global user.name "rancid"

sudo -H -u rancid git config --global user.email "rancid@<mydomain>"

sudo -H -u rancid git config --global credential.helper store

sudo -H -u rancid git clone https://rancid@
<https://rancid@%3cmy-git-server%3e/scm/rancid-%3cgroup%3e.git>
<my-git-server>/scm/rancid-<group>.git

(enter 'rancid' user passwords when prompted)

sudo -H -u rancid rm -rf rancid-all

 

>4) Re-wire RANCID's git workspace to the master git server, instead of its
local git server/repo.  Uses my particular RANCID installation path and
group name ("all").

 

>cd /mnt/rancid/rancid/var/all

sudo -H -u rancid git remote set-url origin https://rancid@
<https://rancid@%3cmy-git-server%3e/scm/rancid-all.git>
<my-git-server>/scm/rancid-all.git

sudo -H -u rancid git push -u origin --all

sudo -H -u rancid git push origin --tags

 

 

>At this point, I made a change to a network device, waited for my next cron
execution of rancid-run, and then observed the changes in my master git
repo, so I believe it was all working well.

 

Was or is? Big difference!

 

>Regards,

 

>Ryan Melville

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180823/e4a982b4/attachment.html>

From m_zouhairy at skno.by  Thu Aug 23 11:44:09 2018
From: m_zouhairy at skno.by (Vacheslav)
Date: Thu, 23 Aug 2018 14:44:09 +0300
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <0f303dc9-2ebb-4c10-9648-9ff2c57a84d1@otes.com>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <20180816075257.GA64290@shrubbery.net>
 <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>
 <DM5PR1901MB220048B3CEDF397B0B907584D4300@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <3d7201d43aae$1ec710f0$5c5532d0$@skno.by>
 <0f303dc9-2ebb-4c10-9648-9ff2c57a84d1@otes.com>
Message-ID: <06a501d43ad6$9afef700$d0fce500$@skno.by>

So not a native english speaker? Was means not working anymore, wonder how you can manage a network if the basics are scewed!

 

From: Ryan Melville <rmelville at otes.com> 
Sent: Thursday, August 23, 2018 2:38 PM
To: Vacheslav <m_zouhairy at skno.by>; 'heasley' <heas at shrubbery.net>
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Help Using git with RANCID

 

> Was or is? Big difference!

"is", from my perspective. 

"was", from your perspective, due to email transit time. :) 

 

Regards,

 

Ryan Melville

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180823/fd102842/attachment.html>

From howie at thingy.com  Thu Aug 23 11:32:38 2018
From: howie at thingy.com (Howard Jones)
Date: Thu, 23 Aug 2018 12:32:38 +0100
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <20180508152047.GC15492@shrubbery.net>
References: <CAHmZQtXFm1VUeJ_pGSMm9PQYcju_r8LkKr2n_WTWHQ9OgpaaZQ@mail.gmail.com>
 <20180503163826.GA80287@shrubbery.net>
 <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
Message-ID: <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>

Reaping a thread, but I think I finally got this fixed now. The
bigip.pm overrides TERM with "vt100", always. The prompt is so long
(70 chars on my test box!) that the command scrolls within its line
(although without ^H), so the cmds_regexp never matches. Changing the
TERM line to "screen-w" in bigip.pm resolves it.




On 8 May 2018 at 16:20, heasley <heas at shrubbery.net> wrote:
> Tue, May 08, 2018 at 02:39:06PM +0100, Howard Jones:
>> Definitely something funky going on. The .raw file left behind from
>> cron is different from the one if I run the same in a subshell.
>>
>> The front 9 or so characters of commands are chopped off, which would
>> explain why I get "missed all commands".
>> Also, it's trying to send Cisco terminal commands, although those are
>> just ignored, so probably not the immediate issue.
>>
>> I checked with hexdump, and there don't seem to be lots of ^H or
>> anything like that redrawing the prompt. Although, for those terminal
>> commands, there's:
>>
>>    terminal  ^Hwidth 132^M
>>
>> but not in the non-cron version. Nothing else like that further on.
>>
>> In the output below, ssh-no-pubkey is a one-liner shellscript to avoid
>> Cisco Nexus complaining about too many authentication fails, when
>> pubkeys are loaded:
>>
>>    ssh -o PubkeyAuthentication=no $*
>
> exec ssh -o PubkeyAuthentication=no $*
>>
>> I just checked and from a normal command line, the F5 doesn't scroll
>> the command horizontally or anything strange.
>>
>> Any ideas where I can look next? If it was telnet, I'd capture the
>> traffic, but it doesn't look like wireshark will do much with the
>> encrypted part of SSH captures.
>>
>> Howard
>
> probably the most likely cause is that its assuming the client will
> have a terminal (TERM) type and it makes further assumptions when it
> doesnt.  But, it looks like bigip IS setting the term to vt100.  Can
> you trying setting your interactive TERM to vt100 to see if that
> reproduces it?
>
> Else, it might need other tty intrinsics; so, perhaps try hlogin with
> it, but it will need that 'quit' patch.
>
> is f5 supporting NETCONF?
>
>> executing clogin -t 90 -c"modify cli preference pager disabled
>> display-threshold 0;show sys version;show sys hardware;show sys
>> license;show /net route static;list all-properties recursive" lb01
>>
>> lb01
>> spawn /opt/rancid/local/ssh-no-pubkey -c aes192-ctr -x -l rancidconfbackup lb01
>> Password:
>> Last login: Tue May  8 12:40:30 2018 from 192.168.0.27^M
>> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
>> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
>> terminal length 0
>> Syntax Error: unexpected argument "terminal"
>> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
>> terminal width 132
>> Syntax Error: unexpected argument "terminal"
>> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# i
>> preference pager disabled display-threshold 0
>> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#version


From rmelville at otes.com  Thu Aug 23 11:38:22 2018
From: rmelville at otes.com (Ryan Melville)
Date: Thu, 23 Aug 2018 11:38:22 +0000
Subject: [rancid] Help Using git with RANCID
In-Reply-To: <3d7201d43aae$1ec710f0$5c5532d0$@skno.by>
References: <DM5PR1901MB2200F4B347BDF2ED3DDBEB60D43F0@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <20180816075257.GA64290@shrubbery.net>
 <4c911a0c-f0c7-42c3-bb86-bd9b21ee2d2e@otes.com>
 <DM5PR1901MB220048B3CEDF397B0B907584D4300@DM5PR1901MB2200.namprd19.prod.outlook.com>,
 <3d7201d43aae$1ec710f0$5c5532d0$@skno.by>
Message-ID: <0f303dc9-2ebb-4c10-9648-9ff2c57a84d1@otes.com>

> Was or is? Big difference!

"is", from my perspective.

"was", from your perspective, due to email transit time. :)


Regards,



Ryan Melville

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180823/3df932a8/attachment.html>

From heas at shrubbery.net  Sat Aug 25 22:42:59 2018
From: heas at shrubbery.net (heasley)
Date: Sat, 25 Aug 2018 22:42:59 +0000
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
References: <CAHmZQtXFm1VUeJ_pGSMm9PQYcju_r8LkKr2n_WTWHQ9OgpaaZQ@mail.gmail.com>
 <20180503163826.GA80287@shrubbery.net>
 <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
Message-ID: <20180825224259.GA39557@shrubbery.net>

Thu, Aug 23, 2018 at 12:32:38PM +0100, Howard Jones:
> Reaping a thread, but I think I finally got this fixed now. The
> bigip.pm overrides TERM with "vt100", always. The prompt is so long
> (70 chars on my test box!) that the command scrolls within its line
> (although without ^H), so the cmds_regexp never matches. Changing the
> TERM line to "screen-w" in bigip.pm resolves it.
> 

what version are you running?  the TERM was changed to vt100-w in rancid
3.3.

> 
> 
> On 8 May 2018 at 16:20, heasley <heas at shrubbery.net> wrote:
> > Tue, May 08, 2018 at 02:39:06PM +0100, Howard Jones:
> >> Definitely something funky going on. The .raw file left behind from
> >> cron is different from the one if I run the same in a subshell.
> >>
> >> The front 9 or so characters of commands are chopped off, which would
> >> explain why I get "missed all commands".
> >> Also, it's trying to send Cisco terminal commands, although those are
> >> just ignored, so probably not the immediate issue.
> >>
> >> I checked with hexdump, and there don't seem to be lots of ^H or
> >> anything like that redrawing the prompt. Although, for those terminal
> >> commands, there's:
> >>
> >>    terminal  ^Hwidth 132^M
> >>
> >> but not in the non-cron version. Nothing else like that further on.
> >>
> >> In the output below, ssh-no-pubkey is a one-liner shellscript to avoid
> >> Cisco Nexus complaining about too many authentication fails, when
> >> pubkeys are loaded:
> >>
> >>    ssh -o PubkeyAuthentication=no $*
> >
> > exec ssh -o PubkeyAuthentication=no $*
> >>
> >> I just checked and from a normal command line, the F5 doesn't scroll
> >> the command horizontally or anything strange.
> >>
> >> Any ideas where I can look next? If it was telnet, I'd capture the
> >> traffic, but it doesn't look like wireshark will do much with the
> >> encrypted part of SSH captures.
> >>
> >> Howard
> >
> > probably the most likely cause is that its assuming the client will
> > have a terminal (TERM) type and it makes further assumptions when it
> > doesnt.  But, it looks like bigip IS setting the term to vt100.  Can
> > you trying setting your interactive TERM to vt100 to see if that
> > reproduces it?
> >
> > Else, it might need other tty intrinsics; so, perhaps try hlogin with
> > it, but it will need that 'quit' patch.
> >
> > is f5 supporting NETCONF?
> >
> >> executing clogin -t 90 -c"modify cli preference pager disabled
> >> display-threshold 0;show sys version;show sys hardware;show sys
> >> license;show /net route static;list all-properties recursive" lb01
> >>
> >> lb01
> >> spawn /opt/rancid/local/ssh-no-pubkey -c aes192-ctr -x -l rancidconfbackup lb01
> >> Password:
> >> Last login: Tue May  8 12:40:30 2018 from 192.168.0.27^M
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> terminal length 0
> >> Syntax Error: unexpected argument "terminal"
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#
> >> terminal width 132
> >> Syntax Error: unexpected argument "terminal"
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)# i
> >> preference pager disabled display-threshold 0
> >> rancidconfbackup@(lb01)(cfg-sync In Sync)(Active)(/Common)(tmos)#version


From howie at thingy.com  Sun Aug 26 08:36:54 2018
From: howie at thingy.com (Howard Jones)
Date: Sun, 26 Aug 2018 09:36:54 +0100
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <20180825224259.GA39557@shrubbery.net>
References: <CAHmZQtXFm1VUeJ_pGSMm9PQYcju_r8LkKr2n_WTWHQ9OgpaaZQ@mail.gmail.com>
 <20180503163826.GA80287@shrubbery.net>
 <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
Message-ID: <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>

On Sat, 25 Aug 2018 at 23:43, heasley <heas at shrubbery.net> wrote:

> Thu, Aug 23, 2018 at 12:32:38PM +0100, Howard Jones:
> > Reaping a thread, but I think I finally got this fixed now. The
> > bigip.pm overrides TERM with "vt100", always. The prompt is so long
> > (70 chars on my test box!) that the command scrolls within its line
> > (although without ^H), so the cmds_regexp never matches. Changing the
> > TERM line to "screen-w" in bigip.pm resolves it.
> >
>
> what version are you running?  the TERM was changed to vt100-w in rancid
> 3.3.


Huh, that?s odd. I?m running 3.6.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180826/367d4226/attachment.html>

From weylin at bu.edu  Sun Aug 26 03:14:37 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Sun, 26 Aug 2018 03:14:37 +0000
Subject: [rancid] Rancid vs tac_plus for IOS XR
Message-ID: <6A379DFC-E42B-4D23-B909-BAB409D67C11@bu.edu>

Hello,

Can anyone describe what I doing wrong to get rancid to generate an IOS XR directory listing?

I recently tacacs-enabled an IOS XR router (ASR 9001).  I?m using rancid 3.4.1, and tac_plus F4.0.4.14-k6.  This is the authorization settings applied:

.
.
.

aaa authorization exec default group TACACS_GROUP local

aaa authorization commands default group TACACS_GROUP
.
.
.

I have this configured in tacacs_plus (among a bunch of other things, but zero deny statements):

.
.
.

service = exec {



    # IOS XR and NX-OS both need an exec block, but they need different mutually-exclusive parameters

    # task and shell:roles marked as optional to allow them to work together



    # IOS XR

    # https://community.cisco.com/t5/xr-os-and-platforms/creating-username-passwd-on-ios-xr/m-p/2895304/highlight/true#M7066

    # there's also this: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuj97480

    optional task = "#read-only-tg"



    # NX-OS

    # need it this way to do both N7k and N5k

    optional shell:roles="\"network-operator vdc-admin aaa admin\""

}



cmd = dir {

    permit .*

}
.
.
.

but I?m getting this result in rancid:

.
.
.

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all nvram:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all bootflash:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all compactflash:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all compactflasha:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all slot0:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all disk0:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all disk0a:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all slot1:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all disk1:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all disk1a:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all slot2:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all disk2:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all harddisk:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all harddiska:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all harddiskb:

% This command is not authorized

RP/0/RSP0/CPU0:cumm111-bdr-gw01#
.
.
.

If I check, this is what I see for authorization parameters.  Clearly it?s not a tacacs authentication issue on the router, it?s just authorization:


[rancid at nsgv-prod-59 ~]$ plogin -c "show user all" cumm111-bdr-gw01.bu.edu

cumm111-bdr-gw01.bu.edu

spawn telnet cumm111-bdr-gw01.bu.edu

Trying 128.197.254.49...

telnet: connect to address 128.197.254.49: Connection refused

spawn ssh -2 -c aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc -x -l rancid cumm111-bdr-gw01.bu.edu

rancid at cumm111-bdr-gw01.bu.edu's password:





RP/0/RSP0/CPU0:cumm111-bdr-gw01#

RP/0/RSP0/CPU0:cumm111-bdr-gw01#terminal length 0

Sat Aug 25 23:03:17.740 EDT

RP/0/RSP0/CPU0:cumm111-bdr-gw01#terminal width 132

Sat Aug 25 23:03:18.085 EDT

RP/0/RSP0/CPU0:cumm111-bdr-gw01#show user all

Sat Aug 25 23:03:18.417 EDT

Username: rancid

Groups: read-only-tg

Authenticated using method TACACS_GROUP

User rancid has the following Task ID(s):



Task:                  aaa  : READ

Task:                  acl  : READ

Task:                admin  : READ

Task:                 ancp  : READ

Task:                  atm  : READ

Task:       basic-services  : READ

Task:                 bcdl  : READ

Task:                  bfd  : READ

Task:                  bgp  : READ

Task:                 boot  : READ

Task:               bundle  : READ

Task:            call-home  : READ

Task:                  cdp  : READ

Task:                  cef  : READ

Task:                  cgn  : READ

Task:        cisco-support  : READ                              (reserved)

Task:          config-mgmt  : READ

Task:      config-services  : READ

Task:               crypto  : READ

Task:                 diag  : READ

Task:           disallowed  : READ                              (reserved)

Task:              drivers  : READ

Task:                 dwdm  : READ

Task:                  eem  : READ

Task:                eigrp  : READ

Task:    ethernet-services  : READ

Task:           ext-access  : READ

Task:               fabric  : READ

Task:            fault-mgr  : READ

Task:           filesystem  : READ

Task:             firewall  : READ

Task:                   fr  : READ

Task:                 hdlc  : READ

Task:        host-services  : READ

Task:                 hsrp  : READ

Task:            interface  : READ

Task:            inventory  : READ

Task:          ip-services  : READ

Task:                 ipv4  : READ

Task:                 ipv6  : READ

Task:                 isis  : READ

Task:                l2vpn  : READ

Task:                   li  : READ

Task:                 lisp  : READ

Task:              logging  : READ

Task:                 lpts  : READ

Task:              monitor  : READ

Task:             mpls-ldp  : READ

Task:          mpls-static  : READ

Task:              mpls-te  : READ

Task:            multicast  : READ

Task:              netflow  : READ

Task:              network  : READ

Task:                  nps  : READ

Task:                 ospf  : READ

Task:                  otn  : READ

Task:                 ouni  : READ

Task:                  pbr  : READ

Task:             pkg-mgmt  : READ

Task:              pos-dpt  : READ

Task:                  ppp  : READ

Task:                  qos  : READ

Task:                 rcmd  : READ

Task:                  rib  : READ

Task:                  rip  : READ

Task:              root-lr  : READ                              (reserved)

Task:          root-system  : READ                              (reserved)

Task:            route-map  : READ

Task:         route-policy  : READ

Task:                  sbc  : READ

Task:                 snmp  : READ

Task:            sonet-sdh  : READ

Task:               static  : READ

Task:               sysmgr  : READ

Task:               system  : READ

Task:            transport  : READ

Task:           tty-access  : READ

Task:               tunnel  : READ

Task:            universal  : READ                              (reserved)

Task:                 vlan  : READ

Task:                 vpdn  : READ

Task:                 vrrp  : READ

RP/0/RSP0/CPU0:cumm111-bdr-gw01#exit

Connection to cumm111-bdr-gw01.bu.edu closed.

[rancid at nsgv-prod-59 ~]$

weylin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180826/83f0a2cd/attachment.html>

From heas at shrubbery.net  Sun Aug 26 19:09:16 2018
From: heas at shrubbery.net (heasley)
Date: Sun, 26 Aug 2018 19:09:16 +0000
Subject: [rancid] Rancid vs tac_plus for IOS XR
In-Reply-To: <6A379DFC-E42B-4D23-B909-BAB409D67C11@bu.edu>
References: <6A379DFC-E42B-4D23-B909-BAB409D67C11@bu.edu>
Message-ID: <20180826190916.GD63248@shrubbery.net>

Sun, Aug 26, 2018 at 03:14:37AM +0000, Piegorsch, Weylin William:
> aaa authorization exec default group TACACS_GROUP local
> aaa authorization commands default group TACACS_GROUP
> 
> I have this configured in tacacs_plus (among a bunch of other things, but zero deny statements):
> 

> but I?m getting this result in rancid:
> 
> RP/0/RSP0/CPU0:cumm111-bdr-gw01#dir /all nvram:
> 
> % This command is not authorized

that is not the same error that tacacs authorization failure creates,
afaik.  maybe remove the task thing and try only the tacacs author.  if
that works, then you know to complain to cisco.  sth like this from/for
ios-classic:

group = RO {
        service = exec {
                priv-lvl=15
        }
        cmd = show {
                permit run
                permit version
                permit install
                permit env
                permit gsr
                permit boot
                permit bootvar
                permit flash
                permit controllers
                permit controllers
                permit diagbus
                permit diag
                permit c7200
                deny .*
        }
        cmd = write {
                permit term
                deny .*
        }
        cmd = dir {
                permit /all
                deny .*
        }
}


From heas at shrubbery.net  Sun Aug 26 19:47:15 2018
From: heas at shrubbery.net (heasley)
Date: Sun, 26 Aug 2018 19:47:15 +0000
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
References: <CAHmZQtXFm1VUeJ_pGSMm9PQYcju_r8LkKr2n_WTWHQ9OgpaaZQ@mail.gmail.com>
 <20180503163826.GA80287@shrubbery.net>
 <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
Message-ID: <20180826194715.GF63248@shrubbery.net>

Sun, Aug 26, 2018 at 09:36:54AM +0100, Howard Jones:
> On Sat, 25 Aug 2018 at 23:43, heasley <heas at shrubbery.net> wrote:
> 
> > Thu, Aug 23, 2018 at 12:32:38PM +0100, Howard Jones:
> > > Reaping a thread, but I think I finally got this fixed now. The
> > > bigip.pm overrides TERM with "vt100", always. The prompt is so long
> > > (70 chars on my test box!) that the command scrolls within its line
> > > (although without ^H), so the cmds_regexp never matches. Changing the
> > > TERM line to "screen-w" in bigip.pm resolves it.
> > >
> >
> > what version are you running?  the TERM was changed to vt100-w in rancid
> > 3.3.
> 
> 
> Huh, that?s odd. I?m running 3.6.

Not sure what to tell you; might be a bug between the keyboard and chair.
Can you try a fresh 3.8?


From m_zouhairy at skno.by  Tue Aug 28 05:47:06 2018
From: m_zouhairy at skno.by (Vacheslav)
Date: Tue, 28 Aug 2018 08:47:06 +0300
Subject: [rancid] rancid 3.8
Message-ID: <e00101d43e92$8da93150$a8fb93f0$@skno.by>

Health be upon you,
So I upgraded to the latest version, and in it nexus 9k is fixed, however in the 5k:
- !        Temperature           :  39.70 C    
+ !        Temperature           :  39.92 C    
  !        Voltage               :   3.24 V       
- !        Current               :   7.20 mA       + 
- !        Optical Tx Power      :  -3.33 dBm      - 
- !        Optical Rx Power      :  -2.25 dBm      + 
+ !        Current               :   7.26 mA       + 
+ !        Optical Tx Power      :  -3.29 dBm      - 
+ !        Optical Rx Power      :  -2.26 dBm      + 
  

- !        Temperature           :  33.08 C    
+ !        Temperature           :  33.34 C    
  !        Voltage               :   3.24 V       
- !        Current               :   7.42 mA       + 
- !        Optical Tx Power      :  -3.24 dBm      - 
+ !        Current               :   7.49 mA       + 
+ !        Optical Tx Power      :  -3.23 dBm      -

So how to get rid of that?



From howie at thingy.com  Tue Aug 28 10:21:04 2018
From: howie at thingy.com (Howard Jones)
Date: Tue, 28 Aug 2018 11:21:04 +0100
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <20180826194715.GF63248@shrubbery.net>
References: <CAHmZQtXFm1VUeJ_pGSMm9PQYcju_r8LkKr2n_WTWHQ9OgpaaZQ@mail.gmail.com>
 <20180503163826.GA80287@shrubbery.net>
 <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
Message-ID: <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>

On 26 August 2018 at 20:47, heasley <heas at shrubbery.net> wrote:
> Sun, Aug 26, 2018 at 09:36:54AM +0100, Howard Jones:
>> On Sat, 25 Aug 2018 at 23:43, heasley <heas at shrubbery.net> wrote:
>>
>> > what version are you running?  the TERM was changed to vt100-w in rancid
>> > 3.3.
>>
>>
>> Huh, that?s odd. I?m running 3.6.
>
> Not sure what to tell you; might be a bug between the keyboard and chair.
> Can you try a fresh 3.8?

But which keyboard and chair? ;-)

I just downloaded a fresh 3.8 and this is what bigip.pm says:

    # load-time initialization
    sub import {
        # force a terminal type so as not to confuse the POS
        $ENV{'TERM'} = "vt100";

        0;
    }

f5rancid has vt100-w, but as far as I can see, neither the bigip or
bigip13 device type actually uses that anymore. (script is set to
"rancid -t bigip"). It looks like it's used the module since 3.5 - I
guess that change didn't make the transition?


From heas at shrubbery.net  Tue Aug 28 13:48:24 2018
From: heas at shrubbery.net (heasley)
Date: Tue, 28 Aug 2018 13:48:24 +0000
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
References: <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
 <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
Message-ID: <20180828134824.GB2588@shrubbery.net>

Tue, Aug 28, 2018 at 11:21:04AM +0100, Howard Jones:
> On 26 August 2018 at 20:47, heasley <heas at shrubbery.net> wrote:
> > Sun, Aug 26, 2018 at 09:36:54AM +0100, Howard Jones:
> >> On Sat, 25 Aug 2018 at 23:43, heasley <heas at shrubbery.net> wrote:
> >>
> >> > what version are you running?  the TERM was changed to vt100-w in rancid
> >> > 3.3.
> >>
> >>
> >> Huh, that?s odd. I?m running 3.6.
> >
> > Not sure what to tell you; might be a bug between the keyboard and chair.
> > Can you try a fresh 3.8?
> 
> But which keyboard and chair? ;-)

right!

> I just downloaded a fresh 3.8 and this is what bigip.pm says:
> 
>     # load-time initialization
>     sub import {
>         # force a terminal type so as not to confuse the POS
>         $ENV{'TERM'} = "vt100";
> 
>         0;
>     }
> 
> f5rancid has vt100-w, but as far as I can see, neither the bigip or
> bigip13 device type actually uses that anymore. (script is set to
> "rancid -t bigip"). It looks like it's used the module since 3.5 - I
> guess that change didn't make the transition?

ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
Would you test changing this to vt100-w?


From Mikko.Peltokangas at alavus.fi  Tue Aug 28 14:55:43 2018
From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko)
Date: Tue, 28 Aug 2018 14:55:43 +0000
Subject: [rancid] Backup Extreme switches
Message-ID: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>

Hey, I have Extreme switches from x200 and x460-series. Cant get any backup from those.
Is there anyone who fights with same problem?

Rancid version is 3.7


-mikko

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180828/cb90699d/attachment.html>

From howie at thingy.com  Tue Aug 28 15:58:54 2018
From: howie at thingy.com (Howard Jones)
Date: Tue, 28 Aug 2018 16:58:54 +0100
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <20180828134824.GB2588@shrubbery.net>
References: <CAHmZQtV3s6i9V9dE5_FVLGCB2ZT8FebGcN4doS9PgiTV43FMdQ@mail.gmail.com>
 <CAHmZQtXk3Wpo_UXHq_rA8FmXubPXDDpwPzj9JsV3JL9yqQ_huw@mail.gmail.com>
 <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
 <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
 <20180828134824.GB2588@shrubbery.net>
Message-ID: <CAHmZQtW1mNteNbt2JyA09MDj1bNw8Vy8mBZW08ybjJrig=cdSg@mail.gmail.com>

On 28 August 2018 at 14:48, heasley <heas at shrubbery.net> wrote:
>
> ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
> Would you test changing this to vt100-w?

No, vt100-w doesn't work with bigip13:

    Warning, can't fully initialize terminal, TERM is set to
"vt100-w", status (0)
    No entry for terminal type "vt100-w";


From heas at shrubbery.net  Tue Aug 28 17:37:50 2018
From: heas at shrubbery.net (heasley)
Date: Tue, 28 Aug 2018 17:37:50 +0000
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <CAHmZQtW1mNteNbt2JyA09MDj1bNw8Vy8mBZW08ybjJrig=cdSg@mail.gmail.com>
References: <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
 <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
 <20180828134824.GB2588@shrubbery.net>
 <CAHmZQtW1mNteNbt2JyA09MDj1bNw8Vy8mBZW08ybjJrig=cdSg@mail.gmail.com>
Message-ID: <20180828173749.GH2588@shrubbery.net>

Tue, Aug 28, 2018 at 04:58:54PM +0100, Howard Jones:
> On 28 August 2018 at 14:48, heasley <heas at shrubbery.net> wrote:
> >
> > ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
> > Would you test changing this to vt100-w?
> 
> No, vt100-w doesn't work with bigip13:
> 
>     Warning, can't fully initialize terminal, TERM is set to
> "vt100-w", status (0)
>     No entry for terminal type "vt100-w";

grumble.  One last bit; could you test clogin from ranicd 3.8 without altering
TERM?


From nick at foobar.org  Tue Aug 28 18:07:46 2018
From: nick at foobar.org (Nick Hilliard)
Date: Tue, 28 Aug 2018 19:07:46 +0100
Subject: [rancid] Backup Extreme switches
In-Reply-To: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
References: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
Message-ID: <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>

Peltokangas Mikko wrote on 28/08/2018 15:55:
> Hey, I have Extreme switches from x200 and x460-series. Cant get any 
> backup from those.
> Is there anyone who fights with same problem?

make sure the configuration has been saved on the switches first.  If 
the config hasn't been saved, the collection process will hang.

Nick


From heas at shrubbery.net  Tue Aug 28 18:54:30 2018
From: heas at shrubbery.net (heasley)
Date: Tue, 28 Aug 2018 18:54:30 +0000
Subject: [rancid] Backup Extreme switches
In-Reply-To: <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>
References: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
 <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>
Message-ID: <20180828185430.GK2588@shrubbery.net>

Tue, Aug 28, 2018 at 07:07:46PM +0100, Nick Hilliard:
> Peltokangas Mikko wrote on 28/08/2018 15:55:
> > Hey, I have Extreme switches from x200 and x460-series. Cant get any 
> > backup from those.
> > Is there anyone who fights with same problem?
> 
> make sure the configuration has been saved on the switches first.  If 
> the config hasn't been saved, the collection process will hang.

it shouldnt.  please should me xlogin -d -c 'somecommand' output.


From nick at foobar.org  Tue Aug 28 19:58:11 2018
From: nick at foobar.org (Nick Hilliard)
Date: Tue, 28 Aug 2018 20:58:11 +0100
Subject: [rancid] Backup Extreme switches
In-Reply-To: <20180828185430.GK2588@shrubbery.net>
References: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
 <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>
 <20180828185430.GK2588@shrubbery.net>
Message-ID: <3cf27241-bd3d-6a5a-0d91-a9090824d6f0@foobar.org>

heasley wrote on 28/08/2018 19:54:
> it shouldnt.  please should me xlogin -d -c 'somecommand' output.

fake news.  This was a bug affecting older versions, but it seems to be 
fixed now.

Mikko, make sure you can log in to the switches using ssh from the 
rancid account, because the versions of XOS that are supported on these 
devices only allows deprecated crypto parameters.  You may need this in 
your ~rancid/.ssh/config file:

--
Host *
	KexAlgorithms +diffie-hellman-group1-sha1
	HostkeyAlgorithms +ssh-dss
--

Nick


From howie at thingy.com  Tue Aug 28 20:43:08 2018
From: howie at thingy.com (Howard Jones)
Date: Tue, 28 Aug 2018 21:43:08 +0100
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <20180828173749.GH2588@shrubbery.net>
References: <20180504220124.GD79943@shrubbery.net>
 <CAHmZQtXJZzX0m5owf87rSj+YsBRbkNH5BHwAcjpp8Nzf6fS3YA@mail.gmail.com>
 <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
 <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
 <20180828134824.GB2588@shrubbery.net>
 <CAHmZQtW1mNteNbt2JyA09MDj1bNw8Vy8mBZW08ybjJrig=cdSg@mail.gmail.com>
 <20180828173749.GH2588@shrubbery.net>
Message-ID: <CAHmZQtWLFXC8_7=XeOjFBqG5gsQa+gRwOZMHNb-i5CJRCBN3fw@mail.gmail.com>

My 3.6 installation has a bunch of local tweaks (to control_rancid),
so I can't upgrade without a bit of planning.
However, I just installed 3.8 alongside 3.6 (different user, different
dir) and with no changes, I get:

    lb02.dc1: missed cmd(s): modify cli preference pager disabled
display-threshold 0

but the quit detection part seems to work OK.

However, changing the TERM to screen-w in bigip.pm *doesn't* resolve
that missed cmd.
So the plot thickens.

I'll investigate a bit more tomorrow.

On 28 August 2018 at 18:37, heasley <heas at shrubbery.net> wrote:
> Tue, Aug 28, 2018 at 04:58:54PM +0100, Howard Jones:
>> On 28 August 2018 at 14:48, heasley <heas at shrubbery.net> wrote:
>> >
>> > ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
>> > Would you test changing this to vt100-w?
>>
>> No, vt100-w doesn't work with bigip13:
>>
>>     Warning, can't fully initialize terminal, TERM is set to
>> "vt100-w", status (0)
>>     No entry for terminal type "vt100-w";
>
> grumble.  One last bit; could you test clogin from ranicd 3.8 without altering
> TERM?


From heas at shrubbery.net  Tue Aug 28 22:21:41 2018
From: heas at shrubbery.net (heasley)
Date: Tue, 28 Aug 2018 22:21:41 +0000
Subject: [rancid] clogin adding 'exit' command?
In-Reply-To: <CAHmZQtWLFXC8_7=XeOjFBqG5gsQa+gRwOZMHNb-i5CJRCBN3fw@mail.gmail.com>
References: <20180508152047.GC15492@shrubbery.net>
 <CAHmZQtUCh8XOFS85so3uSs+z3F28sgxRPPJWJA-PDahBF5iW8A@mail.gmail.com>
 <20180825224259.GA39557@shrubbery.net>
 <CAHmZQtUtMCiTQXocCjcbtC3f6VzFTJWEqHiiW=Ynq-66zuQ4Gw@mail.gmail.com>
 <20180826194715.GF63248@shrubbery.net>
 <CAHmZQtVFo4qVEoZ1emqCifyJUXB-Hju60bR+8fCRE3vKey9k1g@mail.gmail.com>
 <20180828134824.GB2588@shrubbery.net>
 <CAHmZQtW1mNteNbt2JyA09MDj1bNw8Vy8mBZW08ybjJrig=cdSg@mail.gmail.com>
 <20180828173749.GH2588@shrubbery.net>
 <CAHmZQtWLFXC8_7=XeOjFBqG5gsQa+gRwOZMHNb-i5CJRCBN3fw@mail.gmail.com>
Message-ID: <20180828222141.GT2588@shrubbery.net>

Tue, Aug 28, 2018 at 09:43:08PM +0100, Howard Jones:
> My 3.6 installation has a bunch of local tweaks (to control_rancid),
> so I can't upgrade without a bit of planning.
> However, I just installed 3.8 alongside 3.6 (different user, different
> dir) and with no changes, I get:
> 
>     lb02.dc1: missed cmd(s): modify cli preference pager disabled
> display-threshold 0
> 
> but the quit detection part seems to work OK.
> 
> However, changing the TERM to screen-w in bigip.pm *doesn't* resolve
> that missed cmd.

clogin in 3.8 has code to set tty parameters; width.  i was hoping that
would fix the problem.  if you're sure you're using the 3.8 clogin, then
apparently it doesnt fix it.

> So the plot thickens.
> 
> I'll investigate a bit more tomorrow.
> 
> On 28 August 2018 at 18:37, heasley <heas at shrubbery.net> wrote:
> > Tue, Aug 28, 2018 at 04:58:54PM +0100, Howard Jones:
> >> On 28 August 2018 at 14:48, heasley <heas at shrubbery.net> wrote:
> >> >
> >> > ah, its been changed in the big-ip <= v10.x script, not the >=11.x script.
> >> > Would you test changing this to vt100-w?
> >>
> >> No, vt100-w doesn't work with bigip13:
> >>
> >>     Warning, can't fully initialize terminal, TERM is set to
> >> "vt100-w", status (0)
> >>     No entry for terminal type "vt100-w";
> >
> > grumble.  One last bit; could you test clogin from ranicd 3.8 without altering
> > TERM?


From devssinghh at gmail.com  Thu Aug 30 11:24:52 2018
From: devssinghh at gmail.com (Devesh Singh)
Date: Thu, 30 Aug 2018 16:54:52 +0530
Subject: [rancid] Need to Add "Show Version" CMD
Message-ID: <CAGSLyi=Yz6jCeqdTLNj43ELsA6sRBM6E=9uSsS1gNQNejxqXYw@mail.gmail.com>

Hello team,
          Can you please help/guide me to add "Show Version" CMD in rancid
for Cisco ASA Firewall, while taking the backup.

Thanks
Dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180830/d40344bc/attachment.html>

From heas at shrubbery.net  Thu Aug 30 14:48:26 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 30 Aug 2018 14:48:26 +0000
Subject: [rancid] Need to Add "Show Version" CMD
In-Reply-To: <CAGSLyi=Yz6jCeqdTLNj43ELsA6sRBM6E=9uSsS1gNQNejxqXYw@mail.gmail.com>
References: <CAGSLyi=Yz6jCeqdTLNj43ELsA6sRBM6E=9uSsS1gNQNejxqXYw@mail.gmail.com>
Message-ID: <20180830144825.GA98871@shrubbery.net>

Thu, Aug 30, 2018 at 04:54:52PM +0530, Devesh Singh:
> Hello team,
>           Can you please help/guide me to add "Show Version" CMD in rancid
> for Cisco ASA Firewall, while taking the backup.

show version is collected by default.


From m_zouhairy at skno.by  Thu Aug 30 14:52:06 2018
From: m_zouhairy at skno.by (Vacheslav)
Date: Thu, 30 Aug 2018 17:52:06 +0300
Subject: [rancid] rancid 3.8
In-Reply-To: <e00101d43e92$8da93150$a8fb93f0$@skno.by>
References: <e00101d43e92$8da93150$a8fb93f0$@skno.by>
Message-ID: <75cf01d44071$0574a680$105df380$@skno.by>

So I removed: cisco-nx-5k;command;nxos::ShowIntTransceiver;show interface
transceiver
And no more stupid emails :)

-----Original Message-----
From: Rancid-discuss <rancid-discuss-bounces at shrubbery.net> On Behalf Of
Vacheslav
Sent: Tuesday, August 28, 2018 8:47 AM
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] rancid 3.8

Health be upon you,
So I upgraded to the latest version, and in it nexus 9k is fixed, however in
the 5k:
- !        Temperature           :  39.70 C    
+ !        Temperature           :  39.92 C    
  !        Voltage               :   3.24 V       
- !        Current               :   7.20 mA       + 
- !        Optical Tx Power      :  -3.33 dBm      - 
- !        Optical Rx Power      :  -2.25 dBm      + 
+ !        Current               :   7.26 mA       + 
+ !        Optical Tx Power      :  -3.29 dBm      - 
+ !        Optical Rx Power      :  -2.26 dBm      + 
  

- !        Temperature           :  33.08 C    
+ !        Temperature           :  33.34 C    
  !        Voltage               :   3.24 V       
- !        Current               :   7.42 mA       + 
- !        Optical Tx Power      :  -3.24 dBm      - 
+ !        Current               :   7.49 mA       + 
+ !        Optical Tx Power      :  -3.23 dBm      -

So how to get rid of that?


_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss



From devssinghh at gmail.com  Thu Aug 30 14:59:57 2018
From: devssinghh at gmail.com (Devesh Singh)
Date: Thu, 30 Aug 2018 20:29:57 +0530
Subject: [rancid] Need to Add "Show Version" CMD
In-Reply-To: <20180830144825.GA98871@shrubbery.net>
References: <CAGSLyi=Yz6jCeqdTLNj43ELsA6sRBM6E=9uSsS1gNQNejxqXYw@mail.gmail.com>
 <20180830144825.GA98871@shrubbery.net>
Message-ID: <CAGSLyinavxrOgpmOO2D7STgVC1RM7RLHZj9TW25rAaT7TdFq9g@mail.gmail.com>

Hello Heasley,
     Thanks for your response!! .

To be more specific i want to see the "Configuration last modified by " in
the backup taken by rancid.
But this is not been captured by show version. I think it is filtering the
output command that rancid take by show version CMD.
Can you please suggest/ advice.
I am using ASA 9.9 version.

On firewall i can see the "Configuration last modified by XXX" when i run
show version, but not in RAncid backup.

Thanks
Dev

On Thu, Aug 30, 2018 at 8:18 PM heasley <heas at shrubbery.net> wrote:

> Thu, Aug 30, 2018 at 04:54:52PM +0530, Devesh Singh:
> > Hello team,
> >           Can you please help/guide me to add "Show Version" CMD in
> rancid
> > for Cisco ASA Firewall, while taking the backup.
>
> show version is collected by default.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180830/6c07be7d/attachment.html>

From mvoity at uvm.edu  Thu Aug 30 20:14:35 2018
From: mvoity at uvm.edu (Michael T. Voity)
Date: Thu, 30 Aug 2018 20:14:35 +0000
Subject: [rancid] Weird commands on Cisco ASA
Message-ID: <3c878322228148cebd11b7adf03c9542@uvm.edu>

Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this -

Looks like it is adding the command 'rancid' after it logs in.

This is my only device that does it,   among the 50+ that rancid is polling.

[rancid at netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800.  Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0.  Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed>  closed.
[rancid at netwatch bin]$


--
Michael T. Voity
Network Engineer
The University of Vermont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180830/a129f126/attachment.html>

From heas at shrubbery.net  Thu Aug 30 20:20:51 2018
From: heas at shrubbery.net (heasley)
Date: Thu, 30 Aug 2018 20:20:51 +0000
Subject: [rancid] Weird commands on Cisco ASA
In-Reply-To: <3c878322228148cebd11b7adf03c9542@uvm.edu>
References: <3c878322228148cebd11b7adf03c9542@uvm.edu>
Message-ID: <20180830202051.GD85232@shrubbery.net>

Thu, Aug 30, 2018 at 08:14:35PM +0000, Michael T. Voity:
> Hello,
> 
> I have a firewall that has not been updated by rancid for a few days.
> 
> Upon investigation I did some testing from the server found this -
> 
> Looks like it is adding the command 'rancid' after it logs in.
> 
> This is my only device that does it,   among the 50+ that rancid is polling.
> 
> [rancid at netwatch bin]$ ./clogin <hostname removed>
> <hostname removed>
> spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
> rancid@<hostname removed>'s password:
> User rancid logged in to <hostname removed>
> Logins over the last 78 days: 6800.  Last login: 16:04:41 EDT Aug 30 2018 from <removed>

please upgrade to rancid 3.8


From Mikko.Peltokangas at alavus.fi  Fri Aug 31 10:52:03 2018
From: Mikko.Peltokangas at alavus.fi (Peltokangas Mikko)
Date: Fri, 31 Aug 2018 10:52:03 +0000
Subject: [rancid] Backup Extreme switches
In-Reply-To: <3cf27241-bd3d-6a5a-0d91-a9090824d6f0@foobar.org>
References: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
 <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>
 <20180828185430.GK2588@shrubbery.net>,
 <3cf27241-bd3d-6a5a-0d91-a9090824d6f0@foobar.org>
Message-ID: <1535712723684.87348@alavus.fi>

Well, I'm trying to log in via telnet.

I found this package, what gives some guidance for that:
https://www.dropbox.com/s/tsqclfxg8c8p9n1/rancid-extreme-changes.tgz?dl=0&file_subpath=%2F.
There's only one problem, it tells that I need to add that vendor-to-script -translation to rancid-fe but when I'm looking my 
rancid-fe, it look like this: https://pastebin.com/ptb5LZQ8

Do I have some wrong version or something else odd?

Should I add new type to /etc/rancid/rancid.types.base dispite the threat of voodoo doll? ;)

--
-m
________________________________________
L?hett?j?: Nick Hilliard <nick at foobar.org>
L?hetetty: 28. elokuuta 2018 22:58
Vastaanottaja: heasley
Kopio: Peltokangas Mikko; rancid-discuss at shrubbery.net
Aihe: Re: [rancid] Backup Extreme switches

heasley wrote on 28/08/2018 19:54:
> it shouldnt.  please should me xlogin -d -c 'somecommand' output.

fake news.  This was a bug affecting older versions, but it seems to be
fixed now.

Mikko, make sure you can log in to the switches using ssh from the
rancid account, because the versions of XOS that are supported on these
devices only allows deprecated crypto parameters.  You may need this in
your ~rancid/.ssh/config file:

--
Host *
        KexAlgorithms +diffie-hellman-group1-sha1
        HostkeyAlgorithms +ssh-dss
--

Nick


From heas at shrubbery.net  Fri Aug 31 14:23:13 2018
From: heas at shrubbery.net (heasley)
Date: Fri, 31 Aug 2018 14:23:13 +0000
Subject: [rancid] Backup Extreme switches
In-Reply-To: <1535712723684.87348@alavus.fi>
References: <FC8C80188D916EF3.e4149583-fffb-45ed-9496-a2fcab13a4da@mail.outlook.com>
 <626e2034-6a1a-1901-48a4-2c608c912166@foobar.org>
 <20180828185430.GK2588@shrubbery.net>
 <3cf27241-bd3d-6a5a-0d91-a9090824d6f0@foobar.org>
 <1535712723684.87348@alavus.fi>
Message-ID: <20180831142313.GA34296@shrubbery.net>

Fri, Aug 31, 2018 at 10:52:03AM +0000, Peltokangas Mikko:
> Well, I'm trying to log in via telnet.
> 
> I found this package, what gives some guidance for that:
> https://www.dropbox.com/s/tsqclfxg8c8p9n1/rancid-extreme-changes.tgz?dl=0&file_subpath=%2F.
> There's only one problem, it tells that I need to add that vendor-to-script -translation to rancid-fe but when I'm looking my 
> rancid-fe, it look like this: https://pastebin.com/ptb5LZQ8
> 
> Do I have some wrong version or something else odd?

that is unsupported in 3.x.

> Should I add new type to /etc/rancid/rancid.types.base dispite the threat of voodoo doll? ;)

you could add one to rancid.types.conf, but it should not be necessary.
please follow the debugging sets in the FAQ S3 Q2 to debug the reason
xlogin is failing or to help us help you by sharing that output.

> --
> -m
> ________________________________________
> L?hett?j?: Nick Hilliard <nick at foobar.org>
> L?hetetty: 28. elokuuta 2018 22:58
> Vastaanottaja: heasley
> Kopio: Peltokangas Mikko; rancid-discuss at shrubbery.net
> Aihe: Re: [rancid] Backup Extreme switches
> 
> heasley wrote on 28/08/2018 19:54:
> > it shouldnt.  please should me xlogin -d -c 'somecommand' output.
> 
> fake news.  This was a bug affecting older versions, but it seems to be
> fixed now.
> 
> Mikko, make sure you can log in to the switches using ssh from the
> rancid account, because the versions of XOS that are supported on these
> devices only allows deprecated crypto parameters.  You may need this in
> your ~rancid/.ssh/config file:
> 
> --
> Host *
>         KexAlgorithms +diffie-hellman-group1-sha1
>         HostkeyAlgorithms +ssh-dss
> --
> 
> Nick


From weylin at bu.edu  Fri Aug 31 20:21:55 2018
From: weylin at bu.edu (Piegorsch, Weylin William)
Date: Fri, 31 Aug 2018 20:21:55 +0000
Subject: [rancid] Weird commands on Cisco ASA
In-Reply-To: <3c878322228148cebd11b7adf03c9542@uvm.edu>
References: <3c878322228148cebd11b7adf03c9542@uvm.edu>
Message-ID: <78005FCB-352A-4EDB-A885-1677B50977BD@bu.edu>

Might this be an issue for you?
http://www.shrubbery.net/pipermail/rancid-discuss/2018-January/010021.html
weylin

From: "Michael T. Voity" <mvoity at uvm.edu>
Date: Thursday, August 30, 2018 at 4:14 PM
To: "rancid-discuss at shrubbery.net" <rancid-discuss at shrubbery.net>
Subject: [rancid] Weird commands on Cisco ASA

Hello,

I have a firewall that has not been updated by rancid for a few days.

Upon investigation I did some testing from the server found this ?

Looks like it is adding the command ?rancid? after it logs in.

This is my only device that does it,   among the 50+ that rancid is polling.

[rancid at netwatch bin]$ ./clogin <hostname removed>
<hostname removed>
spawn ssh -c aes256-ctr -x -l rancid <hostname removed>
rancid@<hostname removed>'s password:
User rancid logged in to <hostname removed>
Logins over the last 78 days: 6800.  Last login: 16:04:41 EDT Aug 30 2018 from <removed>
Failed logins since the last login: 0.  Last failed login: 15:20:29 EDT Aug 30 2018 from <removed>
Type help or '?' for a list of available commands.
<hostname removed>> rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>>
Error: Unrecognized command, check your enable command
rancid
              ^
ERROR: % Invalid input detected at '^' marker.
<hostname removed>> enable
Password:
Invalid password
Password:
Invalid password
Password:
Invalid password
Access denied.
<hostname removed>> exit

Logoff

Connection to <hostname removed>  closed.
[rancid at netwatch bin]$


--
Michael T. Voity
Network Engineer
The University of Vermont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20180831/df05d577/attachment.html>