<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">We went a different route, we don’t e-mail from RANCID. In fact, I don’t think that server is setup to send e-mail. Instead, we syslog the log files from RANCID, and send them to our SIEM (Splunk). People can create their own alerts, we
don’t have to maintain distribution lists. This does not get us the diffs, it just notes that a device was updated. If someone want to see the diff, they use our web front end to the version control system.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We do this by wrapping RANCID with a shell script that runs RANCID, then parses the log files. The script is below, if anyone is interested.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Skye Hagen<o:p></o:p></p>
<p class="MsoNormal">Network Engineer<o:p></o:p></p>
<p class="MsoNormal">University of Idaho<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#!/usr/bin/sh<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># This shell script is the main script for running RANCID. This puts<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># the whole package together.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">#<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># It runs RANCID for all groups, and sends the RANCID logs to syslog.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Function to send a RANCID log to syslog<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">LogIt() {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # This routine will take a single RANCID log file, condense it, and<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # send it to syslog.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> #<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Parameters<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # $1 - The name of the RANCID log file to process<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Build temp files<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ERR=$(mktemp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ADD=$(mktemp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> UPD=$(mktemp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> LOG=$(mktemp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Get the name of the rancid group<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> GRP=$(expr match $1 '.*\/\([a-z]*\)\.')<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Get new devices<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> grep "Added " $1 > $ADD<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Get updated devices<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> grep "Checking in " $1 > $UPD<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Get and reduce errors to a single line per device<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> grep "clogin error" $1 | sort | uniq -c > $ERR<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Compute some statistics on added, updated and errors<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ADDCNT=$(wc -l < $ADD)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> UPDCNT=$(wc -l < $UPD)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ERRCNT=$(wc -l < $ERR)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Create a file of the lines to send to syslog<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> grep "starting:" $1 > $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> cat $ADD >> $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> cat $UPD >> $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> cat $ERR >> $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> echo "Added=$ADDCNT Updated=$UPDCNT Errors=$ERRCNT" >> $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> grep "ending:" $1 >> $LOG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Send the file to syslog<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> logger -s -f $LOG -p local0.info -t "rancid-run Group=$GRP "<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # Clean up temp files<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rm $LOG $UPD $ADD $ERR<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># ===== Main routine<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Run default ENVFILE to get the LOGDIR.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">ENVFILE="/rancid/etc/rancid.conf"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">. $ENVFILE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Test user and test/set a lock file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">LOCKFILE="/rancid/locks/processing"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">USER="rancid"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">WHOAMI=$(whoami)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">if [ $WHOAMI != $USER ]
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">then<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> echo "This routine must be run as user $USER."<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> exit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">fi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">if [ -e $LOCKFILE ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">then<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> echo "Lock file $LOCKFILE exists."<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> exit<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">fi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">touch $LOCKFILE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Run RANCID<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">echo "Running rancid-run"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">/rancid/bin/rancid-run<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Because RANCID does not syslog directly, we will need to convert<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># the RANCID logs to syslog events. And, we don't know the name of<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># the log files. But, we do know the directory that the log files are<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># stored in. We also know that they will be newer than the date/time<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># on our lock file. So, we use 'find' to find all log files in the<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># LOGDIR newer than the lock file, and process them one at a time.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">LOGS=$(find $LOGDIR -type f -newer $LOCKFILE)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">for FILE in $LOGS<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">do<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> LogIt $FILE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">done<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># Now, remove the lock file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">rm $LOCKFILE<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Rancid-discuss <rancid-discuss-bounces@www.shrubbery.net>
<b>On Behalf Of </b>Daniel Kerse<br>
<b>Sent:</b> Thursday, April 8, 2021 10:08 PM<br>
<b>To:</b> Dan Anderson <dan.w.anderson@gmail.com><br>
<b>Cc:</b> rancid-discuss@www.shrubbery.net<br>
<b>Subject:</b> Re: [rancid] Reporting subsets of Rancid data.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">This is totally supported. It’s simply a matter of arranging your device groups and email aliases in a way that meets your teams requirements.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Speaking of which, how are people maintaining their mailing lists for Rancid these days? Is majordomo still best of breed here? I looked at it a while ago but my rancid servers can’t receive email, only send. So I don’t think that’s going
to work.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Part of me still wants to me email subscriptions more of a self-service thing and it’s nice to be able to do that without editing the aliases file.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">On Fri, 9 Apr 2021 at 4:34 AM, Dan Anderson <<a href="mailto:dan.w.anderson@gmail.com">dan.w.anderson@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div name="messageBodySection">
<div>
<p class="MsoNormal">If you created an additional set of groups, you could do a group per campus and send the reports/diffs for each group or groups to different e-mail addresses based on the entries in your /etc/aliases file. That's 100% supported and wouldn't
change during upgrades. People who wanted to see all of the reports/diffs would be in all of the group aliases and those who didn't would only be in a subset.<br>
<br>
<br>
Something along the lines of<br>
<br>
campus1_switches: boss_person, campus1_people<br>
campus2_switches: boss_person, campus2_people, campus1_people<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div name="messageSignatureSection">
<p class="MsoNormal"><br>
-- Dan<o:p></o:p></p>
</div>
<div name="messageReplySection">
<p class="MsoNormal">On Apr 8, 2021, 12:11 PM -0400, Chris Davis <<a href="mailto:Chris.Davis@principia.edu" target="_blank">Chris.Davis@principia.edu</a>>, wrote:<br>
<br>
<o:p></o:p></p>
<blockquote style="border:none;border-left:solid windowtext 1.0pt;padding:0in 0in 0in 8.0pt;margin-left:3.75pt;margin-top:3.75pt;margin-right:3.75pt;margin-bottom:3.75pt">
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">We have 2 major campuses, and we've always reported our config diffs and pretty much everything else to all members of our small network team. All the switch configs are co-located in the same
directory, etc. But now, one campus is complaining that they don't want to see all the config diffs from the other because it's difficult to know if they have data in the config diff report. I was asked if it was possible to split the report into 2, one
for each campus. The IP addresses are such that it would be possible to identify them easily. But rancid just seems to be focused on reporting what is in the directory. I'm not sure I'd want to go to great effort to make this kind of thing happen, just
to have it break every time I update Rancid. Our boss is keen on network knowing everything on either campus (we back one another up to a high level of degree). Is it easy to carve up the reporting based on IP ranges and provide different email addresses
for each set of reports without impacting the future upgrading process? I just want to be able to say I investigated it, but I think the boss would be against it anyway. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Thanks. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black">Chris <o:p></o:p></span></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@www.shrubbery.net" target="_blank">Rancid-discuss@www.shrubbery.net</a><br>
<a href="https://urldefense.com/v3/__https:/www.shrubbery.net/mailman/listinfo/rancid-discuss__;!!JYXjzlvb!2xbLRtS5UnSohUmB64cMNdUA6sgfou3pTaRRAgSg4uzPL8Hmq-FH8Iiq6rWifqc$" target="_blank">https://www.shrubbery.net/mailman/listinfo/rancid-discuss</a><o:p></o:p></p>
</blockquote>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@www.shrubbery.net" target="_blank">Rancid-discuss@www.shrubbery.net</a><br>
<a href="https://urldefense.com/v3/__https:/www.shrubbery.net/mailman/listinfo/rancid-discuss__;!!JYXjzlvb!2xbLRtS5UnSohUmB64cMNdUA6sgfou3pTaRRAgSg4uzPL8Hmq-FH8Iiq6rWifqc$" target="_blank">https://www.shrubbery.net/mailman/listinfo/rancid-discuss</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
</body>
</html>