<html style="direction: ltr;">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style id="bidiui-paragraph-margins" type="text/css">body p { margin-bottom: 0cm; margin-top: 0pt; } </style>
</head>
<body bidimailui-charset-is-forced="true" style="direction: ltr;">
<div class="moz-cite-prefix">On 14/06/2021 14:47, Herlitz, Johannes
wrote:</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Thanks for the clue!</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Would that code damage the config
backup of rancid whereby all ACLs would be ignored and not backed
up?</div>
<div class="moz-cite-prefix">How can we backup the full config once
a day all the while eliminating the annoying ACL updates every 5
minutes?<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Regards,</div>
<div class="moz-cite-prefix">Hank<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<blockquote type="cite"
cite="mid:AM9P193MB1876854426375B2C9F06B5718F319@AM9P193MB1876.EURP193.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">You could have RANCID ignore all ACL lines in a
config.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">Modify the source code: edit lib/rancid/ios.pm
and search for "sub WriteTerm". RANCID ignores a few config
lines already by default, e.g. the "Last configuration"
line at the beginning of a "sh run". You should see it in
the sub WriteTerm.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">Inside the WriteTerm sub, add your own regex
pattern && next command to ignore lines containing
patterns you don’t want backed up by RANCID, e.g.:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"> /^ (permit|deny) / && next;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US">Should ignore all ACL entries.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> Rancid-discuss
<a class="moz-txt-link-rfc2396E" href="mailto:rancid-discuss-bounces@www.shrubbery.net"><rancid-discuss-bounces@www.shrubbery.net></a>
<b>On Behalf Of </b>Hank Nussbacher<br>
<b>Sent:</b> Monday, June 14, 2021 12:35 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:rancid-discuss@www.shrubbery.net">rancid-discuss@www.shrubbery.net</a><br>
<b>Subject:</b> [rancid] Newbie question - ACL changes
causing too many diffs<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<table class="MsoNormalTable"
style="width:100.0%;background:#FFFFB3;border:outset black
1.5pt" width="100%" cellspacing="0" cellpadding="0"
border="1" align="left">
<tbody>
<tr>
<td style="border:inset black 1.0pt;padding:3.0pt 3.0pt
3.0pt 3.0pt">
<p class="MsoNormal"
style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly"><b><span
style="font-size:13.5pt;font-family:"Calibri
Light",sans-serif;color:red">CAUTION:</span></b><span
style="font-size:13.5pt;font-family:"Calibri
Light",sans-serif;color:black"> This message
originated from outside of the organization. Be
cautious opening any links or attachments.</span><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="color:white"> </span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">Using rancid to monitor router diffs, we
see that numerous routers generate diffs
<b>every </b>5 minutes because they have automated processes
to auto-update their ACLs against attacks. How can one config
rancid to ignore ACL changes?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Hank<o:p></o:p></p>
</div>
<br>
----------Legal Disclaimer---------- <br>
The information contained in this message may be privileged and
confidential, and is intended solely for the use of the named
addressee. No other person is authorized to access, copy or re-use
this message (or any information contained herein). If you are not
the intended recipient, please notify us immediately by replying
to this message and delete it from your computer.
</blockquote>
<p><br>
</p>
</body>
</html>