Ignoring regular differential updates
afort at choqolat.org
Mon Sep 2 14:48:27 UTC 2002
On Mon, 2 Sep 2002 23:46, jnull wrote:
> I've the same issue, save it is with static route entries for
> secondary IPs. Also, I don't care about saved configs. I asked a similar
> question, but was basically told that the current release doesn't support
Yep, I remember your earlier post. Like I'd suspect most others, we want to
use the saved configs for long term problem tracking across the whole
network. I imagine you're interested in diffs of specific devices, minus one
or two regularly changing bits. We'd like to ignore all changes made at a
particular time in the day, as we run our major filter update only once
I'm guessing some NSPs that use RANCID deal with the matter operationally by
having some person review the diffs; expected ACL changes, warts and all, and
then bring/forward out-of-spec stuff to the architects. I'd like a
meat-free approach to this....
> > 2. run RANCID 'quietly', immediately before and after each router's
> > successful
> I think there is too much risk here, defeating a prime benefit of
I think this is only an issue because you don't care about saved
configurations. My thoughts go something along the lines of:
1. run a "regular" do-diffs immediately before you run your nightly routing
maintenance job (that builds router configs and spits em out).
2. run your maintenance, updating router configs.
3. run a "quiet" do-diffs, so that configs are still in CVS, but the usual
aliases aren't mailed with the diff output which will consist of the
maintenance changes (which we dont care to see, but we'd like a record of
incase they fail).
You may have rogue operatives attempting to sneak config changes under your
nose during this quiet diff, but 1. you still have the diffs in your CVS
tree, and 2. you've got bigger problems to deal with if this is happening :).
> > 3. hack up your own version of do-diffs/control_rancid to perform 2.
> > without
> I've got this on my tuit list. As soon as I'm done hacking on a DoS
> det. app.
OT: If you publish your work/findings, drop me a line, working with
netflow/etc data on attack analysis was an a challenging and enjoyable part
of my work in my previous life (running a colo/hosting farm similar to
rackspace) and I'm interested in all efforts and research in this area.
> for changing snmp strings or local passwords I'll use it across the board.
I've been using a combination of scripts to do this, including pancho, but
find rancid *login useful for its cross platform capabilty and scripting
> Let me know if you opt on number 3, possibly we could QA each others work or
> swap some ideas.
> My time schedule puts it a few weeks out yet.
Right now, I'm learning towards a silent diff after the routing update due to
my requirements (i.e., I'm looking filtering alot of stuff out of the diff,
rather than just a little). The difference between exclusive and inclusive
route filtering, I suppose, and likely just as religious an argument :-)
More information about the Rancid-discuss