<html dir="ltr"><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaTempEditStyle"></style><style title="owaParaStyle"><!--P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
--></style>
</head>
<body ocsi="x">
<div style="FONT-FAMILY: Tahoma; DIRECTION: ltr; COLOR: #000000; FONT-SIZE: 13px">
<div></div>
<div dir="ltr"><font color="#000000" size="2" face="Tahoma">Good Day All,</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">We have rancid running on a server that is also running TACACS+</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">We have rancid running every 4 hours using crontab.</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">I have been asked to get it running in response to a user making a change to the configuration.</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">I found some help in the FAQ about this, but I am not exactally sure where to get started.</font></div>
<div dir="ltr"><font size="2" face="tahoma">I suppose the first thing I need to do is to see if I have syslog on the TACACS server.</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">I was wondering if anyone could expand on the FAQ a bit and give me a little more idea of how to get this going please?</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">thanks in advance for any assistance</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">regards</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr"><font size="2" face="tahoma">Amanda</font></div>
<div dir="ltr"><font size="2" face="tahoma"></font> </div>
<div dir="ltr">Q. I'd like to have RANCID automatically begin collection when someone<br>
finishes configuring a router. How can I do this?<br>
A. Using a syslog watcher script, one can trigger RANCID from the syslog<br>
line emitted by, for example, an IOS router after configuration mode is<br>
ended.</div>
<div dir="ltr"> Here's a simple example using the Simple Event Correlator:<br>
(<a href="http://simple-evcorr.sourceforge.net/">http://simple-evcorr.sourceforge.net/</a>)</div>
<div dir="ltr"> If the syslog line in your logs looks like this (wrapped for readability):</div>
<div dir="ltr"> Apr 5 09:56:52 acc1.geo269.example.com 72: 000069: *Mar 6 21:40:13.466 \<br>
AEDT: %SYS-5-CONFIG_I: Configured from console by gwbush on vty0 (10.1.1.1)</div>
<div dir="ltr"> You would use a SEC configuration stanza like this:</div>
<div dir="ltr"> # example rancid trigger<br>
#<br>
type=SingleWithSuppress<br>
ptype=RegExp<br>
pattern=\s\S+:\S+\S+\s(\S+)\.example\.com.*SYS-5-CONFIG_I<br>
action=shellcmd /opt/rancid/bin/do-diffs -r $1<br>
window=1800</div>
<div dir="ltr"> This will execute the command '/opt/rancid/bin/do-diffs -r acc1.geo269'<br>
when it is fed a line like that syslog line. The command will be run at<br>
most once every 1800 seconds. If you do not get hostnames in your<br>
log lines that match your router.db entries, either fix your reverse<br>
DNS or remove the '-r $1' part.</div>
</div>
</body>
</html>