<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The problem is that paloalto buffers all the commands and displays them twice, once while buffering them (as you
type them rapidly to the prompt, as panlogin does), and a second time while executing them in series. This throws poor panrancid for a loop. In theory this is as easy as changing the command table, but in practice it means I likely have to modify both panlogin
and panrancid to account for the double commands, otherwise the loop deletes after the first sight of a command, which has no output! Ick.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><a name="_MailEndCompose"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></a></p>
<p class="MsoNormal" style="margin-left:.5in"><b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";font-weight:bold">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Peter Jackson [mailto:peterjackson1610@gmail.com] <br>
<b><span style="font-weight:bold">Sent:</span></b> Monday, October 29, 2012 9:43 PM<br>
<b><span style="font-weight:bold">To:</span></b> Hughes, Doug<br>
<b><span style="font-weight:bold">Cc:</span></b> rancid-discuss@shrubbery.net<br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [rancid] rancid login etc. for palo alto and silver peak<o:p></o:p></span></font></p>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">Doug, I have setup your panrancid and panlogin and they are working fine.<br>
<br>
However, I just found that you can show the PA config in 'set' format (set cli config-output-format set) and I like that better than the defaul xml format. I would like to back up the configs this way but you have to go into configure mode in order to show
the config in set format.<br>
<br>
I have tried to modify panlogin but I don't know expect well enough. I was actually trying to borrow the enable section from clogin because panlogin doesn't have a provision for enable mode and while it's not really enable mode that we're getting into, the
prompts are the same, > and #.<br>
<br>
Any ideas?<br>
<br>
<o:p></o:p></span></font></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Sep 12, 2012 at 11:53 AM, Hughes, Doug <<a href="mailto:Douglas.Hughes@deshawresearch.com" target="_blank">Douglas.Hughes@deshawresearch.com</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes, it’s for the anti-virus and botnet stuff. If you don’t want those diffs, you can comment that part out in the palorancid file.</span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I thought it might be useful. I might disable it myself.</span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<a name="139bb2f838a63dd3__MailEndCompose"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></font></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";font-weight:bold">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Peter Jackson [mailto:<a href="mailto:peterjackson1610@gmail.com" target="_blank">peterjackson1610@gmail.com</a>]
<br>
<b><span style="font-weight:bold">Sent:</span></b> Wednesday, September 12, 2012 6:02 AM<br>
<b><span style="font-weight:bold">To:</span></b> Hughes, Doug<br>
<b><span style="font-weight:bold">Cc:</span></b> <a href="mailto:rancid-discuss@shrubbery.net" target="_blank">
rancid-discuss@shrubbery.net</a><br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [rancid] rancid login etc. for palo alto and silver peak</span></font><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"> <o:p></o:p></span></font></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">Doug, thanks for posting this. I have set this up for one of our PAs but we get the following diffs every so often - not every other RANCID run, but at least a few times a week.<br>
<br>
Have you seen anything like this?<br>
<br>
#RANCID-CONTENT-TYPE: paloalto<br>
#<br>
+ exit<br>
+ admin@pa101> show <br>
+ admin@pa101> show config <br>
+ admin@pa101> show config running<br>
<br>
config { <br>
shared { <br>
ssl-decrypt { <br>
<br>
<br>
#RANCID-CONTENT-TYPE: paloalto<br>
#<br>
- exit<br>
- admin@pa101> show <br>
- admin@pa101> show config <br>
- admin@pa101> show config running<br>
<br>
config { <br>
shared { <br>
ssl-decrypt { <o:p></o:p></span></font></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Tue, Aug 14, 2012 at 10:23 AM, Hughes, Doug <<a href="mailto:Douglas.Hughes@deshawresearch.com" target="_blank">Douglas.Hughes@deshawresearch.com</a>> wrote:<o:p></o:p></span></font></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A few people have requested this, so I’m attaching the few hours of work I put into making the rancid login/auth/archive for SilverPeak and for PaloAlto devices.
Both of these use ssh for authentication, but I didn’t setup or test RSA key auth in either case. The SilverPeak has been tested with ‘enable’ mode. By default they ship with no enable password. (Apologies for the Windows style attachments.) Both have been
copied from another script and modified, so there’s probably quite a bit of cruft in there that doesn’t need to be, but I cleaned up the worst of it. I’m sure there are a lot of gratuitous regular expressions that could still be eliminated.</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Here’s what you need in rancid-fe:</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">%vendortable = (</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">…</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> 'silverpeak' => 'silverrancid',</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> 'paloalto' => 'panrancid',</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">…</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">You can figure our .cloginrc yourself, just don’t forget the enable password for the silverpeak, if you have any. ;)</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>
_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><o:p></o:p></span></font></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"> <o:p></o:p></span></font></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
</div>
</body>
</html>