how to make rancid ignore password string changes

georg.naggies at georg.naggies at
Mon Jun 2 13:46:44 UTC 2003


Thanks for the suggestions.

As a quick fix in the meantime, I have mucked with the code of "rancid", in
a very crude manner. As an excuse I might cite that I don't know any perl.
Don't look if you are of sensitive dispostion, might make you cringe:

(Have commented out the " /^ clockrate /  && next;" statement, and set the
filter_pwds condition to 0, in "if (/^(ntp authentication-key \d+ md5) / &&
filter_pwds >= 1)" just for the moment. )

Will now look into the cleaner options you suggested.


Mag. Georg Naggies
Raiffeisen Informatik Zentrum GmbH
A-1020 Wien, Lilienbrunngasse 7-9, Zimmer 06F
Tel:  +43-(1)-99398 - 9354
Fax:  +43-(1)-99398 - 5501
georg.naggies at

            heas at                                                                                                                
            Gesendet von:                             An:  georg.naggies at                                                             
            owner-rancid-discuss at shrubbery.n          Kopie:     rancid-discuss at                                                 
            et                                        Blindkopie:                                                                             
                                                      Thema:     Re: how to make rancid ignore password string changes                        
            30.05.2003 18:01                                                                                                                  

Fri, May 30, 2003 at 08:34:41AM +0200, georg.naggies at
> Hello!
> I'm quite new to Rancid and love it of course, because for example
> CiscoWorks just can't compare in speed and reliability.
> Now I would like to tweak it to its best.
> Therefore one question, ... how to make rancid ignore password string
> changes?
> For example the "ntp authentication-key" changes all the time, and this
> makes cvs create a new version all the time. I would still like to have
> passwords in the archive. (FILTER_PWDS=NO; export FILTER_PWDS)

well, this would require post-cvs diff filtering.  one could

1) run a second instance of rancid or the particular group

2) use a filter as the destination of the diff email which filtered things
   in which you were not interested

3) let users filter what they want via procmail (preferred).

eg: someone balked about nvram diffs.  ....

# /dev/null rancid msgs with no diffs other than nvram:
:0 HWi b
* Subject: router config diffs$
| awk 'BEGIN{n=0;}{if(/...Flash: nvram:/)next;
if(/^[-+]/){n++;}next;}END{exit n;}'

More information about the Rancid-discuss mailing list