<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’ve unified this with the main so that the only real difference is in the commandtable to easily switch back
and forth. It meant having to change the prompt regex to include # in configure mode, and some structural changes to panlogin and panrancid that should fix another person who had a problem recently. By default PaloAlto will do special word-based command interpretation,
which means that the panlogin output, by default, looks like something strange for this command: “set cli pager off”<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">$prompt> set^M$prompt> set cli^M$prompt> set cli pager^M$prompt> set cli pager off^M<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">So, I needed to add in the command “set cli scripting-mode on” very early. Also for the configure mode transition,
I had to modify prompt after collecting from both panlogin and panrancid. The > became [>#]. Also, it meant I had to modify ShowConfig to recognize the 2 very different syntaxes.
<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Panrancid.set is the ‘set’ format variation. Panrancid is the xml format one. The only difference is in the command
table, but you do need the new panlogin to be able to handle the command stepping, and the new panrancid to recognize the prompt correctly.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><a name="_MailEndCompose"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></font></a></p>
<p class="MsoNormal" style="margin-left:.5in"><b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";font-weight:bold">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Peter Jackson [<a href="mailto:peterjackson1610@gmail.com">mailto:peterjackson1610@gmail.com</a>]
<br>
<b><span style="font-weight:bold">Sent:</span></b> Monday, October 29, 2012 9:43 PM<br>
<b><span style="font-weight:bold">To:</span></b> Hughes, Doug<br>
<b><span style="font-weight:bold">Cc:</span></b> <a href="mailto:rancid-discuss@shrubbery.net">
rancid-discuss@shrubbery.net</a><br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [rancid] rancid login etc. for palo alto and silver peak<o:p></o:p></span></font></p>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:.5in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">Doug, I have setup your panrancid and panlogin and they are working fine.<br>
<br>
However, I just found that you can show the PA config in 'set' format (set cli config-output-format set) and I like that better than the defaul xml format. I would like to back up the configs this way but you have to go into configure mode in order to show
the config in set format.<br>
<br>
I have tried to modify panlogin but I don't know expect well enough. I was actually trying to borrow the enable section from clogin because panlogin doesn't have a provision for enable mode and while it's not really enable mode that we're getting into, the
prompts are the same, > and #.<br>
<br>
Any ideas?<br>
<br>
<o:p></o:p></span></font></p>
<div>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Wed, Sep 12, 2012 at 11:53 AM, Hughes, Doug <<a href="mailto:Douglas.Hughes@deshawresearch.com" target="_blank">Douglas.Hughes@deshawresearch.com</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Yes, it’s for the anti-virus and botnet stuff. If you don’t want those diffs, you can comment that part out in the palorancid file.</span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I thought it might be useful. I might disable it myself.</span></font><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<a name="139bb2f838a63dd3__MailEndCompose"><font size="2" color="#1f497d" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span></font></a><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";font-weight:bold">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Peter Jackson [mailto:</span></font><a href="mailto:peterjackson1610@gmail.com" target="_blank"><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">peterjackson1610@gmail.com</span></font></a><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">]
<br>
<b><span style="font-weight:bold">Sent:</span></b> Wednesday, September 12, 2012 6:02 AM<br>
<b><span style="font-weight:bold">To:</span></b> Hughes, Doug<br>
<b><span style="font-weight:bold">Cc:</span></b> </span></font><a href="mailto:rancid-discuss@shrubbery.net" target="_blank"><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">rancid-discuss@shrubbery.net</span></font></a><font size="2" face="Tahoma"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""><br>
<b><span style="font-weight:bold">Subject:</span></b> Re: [rancid] rancid login etc. for palo alto and silver peak</span></font><o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"> <o:p></o:p></span></font></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">Doug, thanks for posting this. I have set this up for one of our PAs but we get the following diffs every so often - not every other RANCID run, but at least a few times a week.<br>
<br>
Have you seen anything like this?<br>
<br>
#RANCID-CONTENT-TYPE: paloalto<br>
#<br>
+ exit<br>
+ admin@pa101> show <br>
+ admin@pa101> show config <br>
+ admin@pa101> show config running<br>
<br>
config { <br>
shared { <br>
ssl-decrypt { <br>
<br>
<br>
#RANCID-CONTENT-TYPE: paloalto<br>
#<br>
- exit<br>
- admin@pa101> show <br>
- admin@pa101> show config <br>
- admin@pa101> show config running<br>
<br>
config { <br>
shared { <br>
ssl-decrypt { <o:p></o:p></span></font></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt">On Tue, Aug 14, 2012 at 10:23 AM, Hughes, Doug <<a href="mailto:Douglas.Hughes@deshawresearch.com" target="_blank">Douglas.Hughes@deshawresearch.com</a>> wrote:<o:p></o:p></span></font></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">A few people have requested this, so I’m attaching the few hours of work I put into making the rancid login/auth/archive for SilverPeak and for PaloAlto devices.
Both of these use ssh for authentication, but I didn’t setup or test RSA key auth in either case. The SilverPeak has been tested with ‘enable’ mode. By default they ship with no enable password. (Apologies for the Windows style attachments.) Both have been
copied from another script and modified, so there’s probably quite a bit of cruft in there that doesn’t need to be, but I cleaned up the worst of it. I’m sure there are a lot of gratuitous regular expressions that could still be eliminated.</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Here’s what you need in rancid-fe:</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">%vendortable = (</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">…</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> 'silverpeak' => 'silverrancid',</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> 'paloalto' => 'panrancid',</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">…</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">You can figure our .cloginrc yourself, just don’t forget the enable password for the silverpeak, if you have any. ;)</span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="2" face="Calibri"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></font><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"><br>
_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><o:p></o:p></span></font></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:1.0in">
<font size="3" face="Times New Roman"><span style="font-size:12.0pt"> <o:p></o:p></span></font></p>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><font size="3" face="Times New Roman"><span style="font-size:12.0pt"><o:p> </o:p></span></font></p>
</div>
</body>
</html>