From gouldwp at auburn.edu Thu Jun 7 19:12:17 2007 From: gouldwp at auburn.edu (Walter Gould) Date: Thu, 07 Jun 2007 14:12:17 -0500 Subject: [rancid] Re: RANCID admin web front-end In-Reply-To: <20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe@email.secureserver.net> References: <20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe@email.secureserver.net> Message-ID: <46681241.267C.00C8.0@auburn.edu> Group, I have cobbled together a RANCID php/mysql based web front-end. It can be used to add to, delete from and search for cisco devices in a mysql db. There are also two perl scripts that export the needed data from the db into the router.db and .cloginrc files. The tar archive is attached to this e-mail. I hope this may be of use to some other folks. Walter >>> On Fri, May 25, 2007 at 2:59 PM, in message <20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe at email.secureserv r.net>, Lance wrote: > Walter, > > My script does not handle the .cloginrc as that is pretty much static if > you are running TACACS+/RADIUS. > > It could be handy, but you probably want to add support for mysql as > most people probably have that running instead of postgresql. > > None the less it sounds exciting. let me know when you are done. > > - Lance -------------- next part -------------- A non-text attachment was scrubbed... Name: rancid_web_mysql.tar Type: application/x-tar Size: 20480 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070607/ab4bd352/attachment.tar From yathrib.public at gmail.com Wed Jun 13 01:11:35 2007 From: yathrib.public at gmail.com (null yathrib) Date: Tue, 12 Jun 2007 21:11:35 -0400 Subject: [rancid] config repository tools? Message-ID: Not a Rancid question, but I was wondering if there were any good tools to use with the repository of offline configs. Yes, grep + awk are old staples, but was wondering if anyone had other suggestions. There was RAT (http://unix.freshmeat.net/projects/routeraudittool) to do some audits via a shell script. I've looked at Cisco::Reconfig (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the below. Anyone have recipes using it they're interested in sharing? --snip-- use Cisco::Reconfig; for (@ARGV) { my $config = Cisco::Reconfig::readconfig($_); # Get ip helper-addresses since we can't retrieve these all via SNMP for my $int ( $config->get( 'interface' )->all ) { my @helpers = $int->get('ip helper-address')->all; if ( $helpers[0] ) { print $int; for my $helper ( @helpers ) { print $helper; } } } } --snip-- Any other suggestions or pointers appreciated. -- yathrib From Michael.Skinner at virginmedia.co.uk Wed Jun 13 14:24:37 2007 From: Michael.Skinner at virginmedia.co.uk (Michael Skinner) Date: Wed, 13 Jun 2007 15:24:37 +0100 Subject: [rancid] Re: config repository tools? Message-ID: I currently use a homemade perl script to create a HTML representation of all my NetScreen configs giving a nice overview of the config running on each device. I run it against any updated files in my /configs after each rancid-run in crontab. Combining that with CVSweb gives you a killer front-end! http://www.freebsd.org/projects/cvsweb.html Nipper could be used to create your HTML reports: http://sourceforge.net/projects/nipper It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP, CatOS, NetScreen ScreenOS) into a HTML report with some light "audit/guidance" - I don't use it myself as I don't find its that great with Netscreen firewalls yet...but I understand its pretty mature on cisco and the like. Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib Sent: 13 June 2007 02:12 To: rancid-discuss at shrubbery.net Subject: [rancid] config repository tools? Not a Rancid question, but I was wondering if there were any good tools to use with the repository of offline configs. Yes, grep + awk are old staples, but was wondering if anyone had other suggestions. There was RAT (http://unix.freshmeat.net/projects/routeraudittool) to do some audits via a shell script. I've looked at Cisco::Reconfig (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the below. Anyone have recipes using it they're interested in sharing? --snip-- use Cisco::Reconfig; for (@ARGV) { my $config = Cisco::Reconfig::readconfig($_); # Get ip helper-addresses since we can't retrieve these all via SNMP for my $int ( $config->get( 'interface' )->all ) { my @helpers = $int->get('ip helper-address')->all; if ( $helpers[0] ) { print $int; for my $helper ( @helpers ) { print $helper; } } } } --snip-- Any other suggestions or pointers appreciated. -- yathrib _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------ Save Paper - Do you really need to print this e-mail? Visit www.virginmedia.com for more information, and more fun. This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237 ============================================================================== From rancid at gheek.net Wed Jun 13 17:05:35 2007 From: rancid at gheek.net (Lance) Date: Wed, 13 Jun 2007 10:05:35 -0700 Subject: [rancid] Re: config repository tools? Message-ID: <20070613100535.8e114e4890519e5179c192e02d6bca26.777bf98b79.wbe@email.secureserver.net> Nipper is pretty cool. I might need to go in and modify some of the stuff it thinks is a problem like CDP. hehe. That way I can use it as a true tool. Any other cool tools up your sleeves? -Lance > -------- Original Message -------- > Subject: [rancid] Re: config repository tools? > From: "Michael Skinner" > Date: Wed, June 13, 2007 7:24 am > To: "'rancid-discuss at shrubbery.net'" > > I currently use a homemade perl script to create a HTML representation of > all my NetScreen configs giving a nice overview of the config running on > each device. I run it against any updated files in my /configs after each > rancid-run in crontab. Combining that with CVSweb gives you a killer > front-end! http://www.freebsd.org/projects/cvsweb.html > > Nipper could be used to create your HTML reports: > http://sourceforge.net/projects/nipper > > It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP, > CatOS, > NetScreen ScreenOS) into a HTML report with some light > "audit/guidance" - I > don't use it myself as I don't find its that great with Netscreen > firewalls > yet...but I understand its pretty mature on cisco and the like. > > Mike > > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib > Sent: 13 June 2007 02:12 > To: rancid-discuss at shrubbery.net > Subject: [rancid] config repository tools? > > > Not a Rancid question, but I was wondering if there were any good > tools to use with the repository of offline configs. Yes, grep + awk > are old staples, but was wondering if anyone had other suggestions. > > There was RAT (http://unix.freshmeat.net/projects/routeraudittool) to > do some audits via a shell script. > > I've looked at Cisco::Reconfig > (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the > below. Anyone have recipes using it they're interested in sharing? > > --snip-- > use Cisco::Reconfig; > > for (@ARGV) { > my $config = Cisco::Reconfig::readconfig($_); > > # Get ip helper-addresses since we can't retrieve these all via SNMP > for my $int ( $config->get( 'interface' )->all ) { > my @helpers = $int->get('ip helper-address')->all; > if ( $helpers[0] ) { > print $int; > for my $helper ( @helpers ) { > print $helper; > } > } > } > } > --snip-- > > Any other suggestions or pointers appreciated. > > -- > yathrib > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------ > > Save Paper - Do you really need to print this e-mail? > > Visit www.virginmedia.com for more information, and more fun. > > This email and any attachments are or may be confidential and legally > privileged and are sent solely for the attention of the addressee(s). > If you have received this email in error, please delete it from your > system: its use, disclosure or copying is unauthorised. Statements and > opinions expressed in this email may not represent those of Virgin > Media. Any representations or commitments in this email are subject to > contract. Please note that we are migrating our email addresses to a > company wide address of "@virginmedia.co.uk". If you are sending to a > Telewest or ntl email address your email will be re-directed. > > Registered office: 160 Great Portland Street, London W1W 5QA. > Registered in England and Wales with number 2591237 > > > ============================================================================== > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Eliane.Tortelli at fornecedores.vivo.com.br Wed Jun 13 17:20:38 2007 From: Eliane.Tortelli at fornecedores.vivo.com.br (Eliane Tortelli) Date: Wed, 13 Jun 2007 14:20:38 -0300 Subject: [rancid] Rancid for Nortel In-Reply-To: <20070613100535.8e114e4890519e5179c192e02d6bca26.777bf98b79.wbe@email.secureserver.net> Message-ID: <5F53E7E24DDFBB4499FB79994E22A19D4FB11B@SP3EXCEVSK302.REDECORP.BR> Hi Maybe someone can help me... I need to use Rancid to do backup with Nortel equipament. Nortel 4k. But as I tested, I guess it not work properly with this model... I am not sure if is possible or not and what is necessary change on the script for it. Thank you for any help. Eliane -----Mensagem original----- De: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] Em nome de Lance Enviada em: quarta-feira, 13 de junho de 2007 14:06 Para: Michael Skinner Cc: 'rancid-discuss at shrubbery.net' Assunto: [rancid] Re: config repository tools? Nipper is pretty cool. I might need to go in and modify some of the stuff it thinks is a problem like CDP. hehe. That way I can use it as a true tool. Any other cool tools up your sleeves? -Lance > -------- Original Message -------- > Subject: [rancid] Re: config repository tools? > From: "Michael Skinner" > Date: Wed, June 13, 2007 7:24 am > To: "'rancid-discuss at shrubbery.net'" > > I currently use a homemade perl script to create a HTML representation of > all my NetScreen configs giving a nice overview of the config running on > each device. I run it against any updated files in my /configs after each > rancid-run in crontab. Combining that with CVSweb gives you a killer > front-end! http://www.freebsd.org/projects/cvsweb.html > > Nipper could be used to create your HTML reports: > http://sourceforge.net/projects/nipper > > It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP, > CatOS, > NetScreen ScreenOS) into a HTML report with some light > "audit/guidance" - I > don't use it myself as I don't find its that great with Netscreen > firewalls > yet...but I understand its pretty mature on cisco and the like. > > Mike > > > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib > Sent: 13 June 2007 02:12 > To: rancid-discuss at shrubbery.net > Subject: [rancid] config repository tools? > > > Not a Rancid question, but I was wondering if there were any good > tools to use with the repository of offline configs. Yes, grep + awk > are old staples, but was wondering if anyone had other suggestions. > > There was RAT (http://unix.freshmeat.net/projects/routeraudittool) to > do some audits via a shell script. > > I've looked at Cisco::Reconfig > (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the > below. Anyone have recipes using it they're interested in sharing? > > --snip-- > use Cisco::Reconfig; > > for (@ARGV) { > my $config = Cisco::Reconfig::readconfig($_); > > # Get ip helper-addresses since we can't retrieve these all via SNMP > for my $int ( $config->get( 'interface' )->all ) { > my @helpers = $int->get('ip helper-address')->all; > if ( $helpers[0] ) { > print $int; > for my $helper ( @helpers ) { > print $helper; > } > } > } > } > --snip-- > > Any other suggestions or pointers appreciated. > > -- > yathrib > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------ ------ > > Save Paper - Do you really need to print this e-mail? > > Visit www.virginmedia.com for more information, and more fun. > > This email and any attachments are or may be confidential and legally > privileged and are sent solely for the attention of the addressee(s). > If you have received this email in error, please delete it from your > system: its use, disclosure or copying is unauthorised. Statements and > opinions expressed in this email may not represent those of Virgin > Media. Any representations or commitments in this email are subject to > contract. Please note that we are migrating our email addresses to a > company wide address of "@virginmedia.co.uk". If you are sending to a > Telewest or ntl email address your email will be re-directed. > > Registered office: 160 Great Portland Street, London W1W 5QA. > Registered in England and Wales with number 2591237 > > > ======================================================================== ====== > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From dbstewart at dswrite.com Thu Jun 14 14:46:27 2007 From: dbstewart at dswrite.com (David B. Stewart) Date: Thu, 14 Jun 2007 09:46:27 -0500 Subject: [rancid] missed cmd issues - "wr term" Message-ID: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL> I've seen several reports by others having this same problem, but have yet to find a report of cause and resolution. RANCID was working fine for weeks, then started dropping "wr term" from the runs in an apparently random, though semi-permanent, fashion. Once this problem hits, it doesn't seem to go away. The nodes in question are Cisco IOS. My suspicion is that it is resource problem on the rancid server. Suspicions don't count for much, though. Can someone shed some light on the issue? Sample log is shown below. Notice that in this case, the 10.y.z.20 seems to run OK, but the first two fail. They fail consistently from the scheduled runs. Manual clogin runs to the specific nodes have no apparent problem. Unfortunately, I know of no way to get the manual run to do the full diff and CVS archive. ---begin included content Trying to get all of the configs. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term 10.y.z.20: missed cmd(s): write term ===================================== Getting missed routers: round 1. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term ===================================== Getting missed routers: round 2. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term ===================================== Getting missed routers: round 3. 10.x.y.249: missed cmd(s): write term 10.x.y.248: missed cmd(s): write term ===================================== Getting missed routers: round 4. 10.x.y.249: missed cmd(s): write term 10.x.y.248: missed cmd(s): write term ---end included content Thanks! Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070614/bfe4cf25/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 145 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070614/bfe4cf25/attachment.gif From tex at off.org Fri Jun 15 03:31:57 2007 From: tex at off.org (Austin Schutz) Date: Thu, 14 Jun 2007 20:31:57 -0700 Subject: [rancid] Re: missed cmd issues - "wr term" In-Reply-To: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL> References: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL> Message-ID: <20070615033157.GB3746@gblx.net> On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote: > I've seen several reports by others having this same problem, but have yet to find a report of cause and resolution. > RANCID was working fine for weeks, then started dropping "wr term" from the runs in an apparently random, though > semi-permanent, fashion. Once this problem hits, it doesn't seem to go away. The nodes in question are Cisco IOS. > > My suspicion is that it is resource problem on the rancid server. Suspicions don't count for much, though. Can someone > shed some light on the issue? > > Sample log is shown below. Notice that in this case, the 10.y.z.20 seems to run OK, but the first two fail. They fail > consistently from the scheduled runs. Manual clogin runs to the specific nodes have no apparent problem. > Unfortunately, I know of no way to get the manual run to do the full diff and CVS archive. When I have these problems I log into the offending device and run each command one by one. This almost always results in the device having some abnormal behavior during the command in question due to some router OS bug. Austin From dbstewart at dswrite.com Fri Jun 15 03:40:34 2007 From: dbstewart at dswrite.com (David B. Stewart) Date: Thu, 14 Jun 2007 22:40:34 -0500 Subject: [rancid] Re: missed cmd issues - "wr term" In-Reply-To: <20070615033157.GB3746@gblx.net> Message-ID: <000001c7aefe$eef57b60$4001a8c0@SUPERCECIL> Thanks, but that doesn't seem to be the case here. -----Original Message----- From: Austin Schutz [mailto:tex at off.org] Sent: Thursday, June 14, 2007 10:32 PM To: David B. Stewart Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] missed cmd issues - "wr term" On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote: > I've seen several reports by others having this same problem, but have > yet to find a report of cause and resolution. RANCID was working fine > for weeks, then started dropping "wr term" from the runs in an > apparently random, though semi-permanent, fashion. Once this problem > hits, it doesn't seem to go away. The nodes in question are Cisco > IOS. > > My suspicion is that it is resource problem on the rancid server. > Suspicions don't count for much, though. Can someone shed some light > on the issue? > > Sample log is shown below. Notice that in this case, the 10.y.z.20 > seems to run OK, but the first two fail. They fail consistently from > the scheduled runs. Manual clogin runs to the specific nodes have no > apparent problem. Unfortunately, I know of no way to get the manual > run to do the full diff and CVS archive. When I have these problems I log into the offending device and run each command one by one. This almost always results in the device having some abnormal behavior during the command in question due to some router OS bug. Austin From neilorley at gmail.com Fri Jun 15 14:11:13 2007 From: neilorley at gmail.com (Neil Orley) Date: Fri, 15 Jun 2007 16:11:13 +0200 Subject: [rancid] ERX bugs in Rancid? Message-ID: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com> Hello, I've just commmented in this line 266 in the clogin file, and now it seems to work fine with the ERX1440 : # This routine parses "dir" sub DirSlotN { print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); next if (/^Please wait/i); next if (/^system\.log/); # fail if the RP is amid the auto-sync process *#return(-1) if (/active\/standby/ && /not sync/);* ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); return(0); } Regards, Neil ORLEY -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/12e17885/attachment.html From scott at telesphere.com Fri Jun 15 16:17:26 2007 From: scott at telesphere.com (Scott Stoddard) Date: Fri, 15 Jun 2007 09:17:26 -0700 Subject: [rancid] Re: missed cmd issues - "wr term" In-Reply-To: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL> Message-ID: <20070615165622.E1F288655E@guelah.shrubbery.net> I had the exact same problem and just like you it started out of nowhere. I logged into each device as rancid manually and the commands would work just fine. I eventually just removed ?write term? from the list of commands and haven?t had a problem since. I believe the command is in there for certain legacy devices anyway. --Scott _____ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of David B. Stewart Sent: Thursday, June 14, 2007 7:46 AM To: rancid-discuss at shrubbery.net Subject: [rancid] missed cmd issues - "wr term" I've seen several reports by others having this same problem, but have yet to find a report of cause and resolution. RANCID was working fine for weeks, then started dropping "wr term" from the runs in an apparently random, though semi-permanent, fashion. Once this problem hits, it doesn't seem to go away. The nodes in question are Cisco IOS. My suspicion is that it is resource problem on the rancid server. Suspicions don't count for much, though. Can someone shed some light on the issue? Sample log is shown below. Notice that in this case, the 10.y.z.20 seems to run OK, but the first two fail. They fail consistently from the scheduled runs. Manual clogin runs to the specific nodes have no apparent problem. Unfortunately, I know of no way to get the manual run to do the full diff and CVS archive. ---begin included content Trying to get all of the configs. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term 10.y.z.20: missed cmd(s): write term ===================================== Getting missed routers: round 1. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term ===================================== Getting missed routers: round 2. 10.x.y.248: missed cmd(s): write term 10.x.y.249: missed cmd(s): write term ===================================== Getting missed routers: round 3. 10.x.y.249: missed cmd(s): write term 10.x.y.248: missed cmd(s): write term ===================================== Getting missed routers: round 4. 10.x.y.249: missed cmd(s): write term 10.x.y.248: missed cmd(s): write term ---end included content Thanks! Dave No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.16/849 - Release Date: 6/14/2007 12:44 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.8.17/850 - Release Date: 6/15/2007 11:31 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/0d62d3e8/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 145 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/0d62d3e8/attachment.gif From heas at shrubbery.net Sun Jun 17 19:07:43 2007 From: heas at shrubbery.net (john heasley) Date: Sun, 17 Jun 2007 19:07:43 +0000 Subject: [rancid] Re: missed cmd issues - "wr term" In-Reply-To: <000001c7aefe$eef57b60$4001a8c0@SUPERCECIL> References: <20070615033157.GB3746@gblx.net> <000001c7aefe$eef57b60$4001a8c0@SUPERCECIL> Message-ID: <20070617190743.GN3531@shrubbery.net> is this a solaris or linux box that does not have the expect patch (found on the rancid web page) applied? Thu, Jun 14, 2007 at 10:40:34PM -0500, David B. Stewart: > Thanks, but that doesn't seem to be the case here. > > -----Original Message----- > From: Austin Schutz [mailto:tex at off.org] > Sent: Thursday, June 14, 2007 10:32 PM > To: David B. Stewart > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] missed cmd issues - "wr term" > > > On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote: > > I've seen several reports by others having this same problem, but have > > yet to find a report of cause and resolution. RANCID was working fine > > for weeks, then started dropping "wr term" from the runs in an > > apparently random, though semi-permanent, fashion. Once this problem > > hits, it doesn't seem to go away. The nodes in question are Cisco > > IOS. > > > > My suspicion is that it is resource problem on the rancid server. > > Suspicions don't count for much, though. Can someone shed some light > > on the issue? > > > > Sample log is shown below. Notice that in this case, the 10.y.z.20 > > seems to run OK, but the first two fail. They fail consistently from > > the scheduled runs. Manual clogin runs to the specific nodes have no > > apparent problem. Unfortunately, I know of no way to get the manual > > run to do the full diff and CVS archive. > > When I have these problems I log into the offending device and run each command one by one. This almost always > results in the device having some abnormal behavior during the command in question due to some router OS bug. > > Austin > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Sun Jun 17 19:24:23 2007 From: heas at shrubbery.net (john heasley) Date: Sun, 17 Jun 2007 19:24:23 +0000 Subject: [rancid] Re: ERX bugs in Rancid? In-Reply-To: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com> References: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com> Message-ID: <20070617192423.GO3531@shrubbery.net> Fri, Jun 15, 2007 at 04:11:13PM +0200, Neil Orley: > Hello, > > I've just commmented in this line 266 in the clogin file, and now it seems > to work fine with the ERX1440 : Could you provide more information? What is the actually output of the dir command? > # This routine parses "dir" > > sub DirSlotN { > > print STDERR " In DirSlotN: $_" if ($debug); > > > my($dev) = (/\s([^\s]+):/); > > > > while () { > > tr/\015//d; > > last if (/^$prompt/); > > next if (/^(\s*|\s*$cmd\s*)$/); > > next if (/^Please wait/i); > > next if (/^system\.log/); > > # fail if the RP is amid the auto-sync process > > *#return(-1) if (/active\/standby/ && /not sync/);* > > > > ProcessHistory("FLASH","","","!Flash: $_"); > > } > > ProcessHistory("","","","!\n"); > > return(0); > > } > > > > Regards, > > Neil ORLEY > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at gheek.net Mon Jun 18 20:57:42 2007 From: rancid at gheek.net (Lance) Date: Mon, 18 Jun 2007 13:57:42 -0700 Subject: [rancid] Re: missed cmd issues - "wr term" Message-ID: <20070618135742.8e114e4890519e5179c192e02d6bca26.05849a21e2.wbe@email.secureserver.net> I have had this same problem and a while back had a rather lengthy email chain going. I had all the pathes and to no avail I was just out of luck. I finally concluded it had to do with the OS as I never had this issue with FreeBSD. I did however have different results with telnet vs SSH. I wish I had an answer to this other than to tell you to switch to FreeBSD and all your problems should go far far away. -lance > -------- Original Message -------- > Subject: [rancid] Re: missed cmd issues - "wr term" > From: "Scott Stoddard" > Date: Fri, June 15, 2007 9:17 am > To: , > > I had the exact same problem and just like you it started out of > nowhere. I > logged into each device as rancid manually and the commands would work > just > fine. I eventually just removed "write term" from the list of > commands and > haven't had a problem since. I believe the command is in there for > certain > legacy devices anyway. > > --Scott > > > > _____ > > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of David B. > Stewart > Sent: Thursday, June 14, 2007 7:46 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] missed cmd issues - "wr term" > > > > I've seen several reports by others having this same problem, but have > yet > to find a report of cause and resolution. RANCID was working fine for > weeks, then started dropping "wr term" from the runs in an apparently > random, though semi-permanent, fashion. Once this problem hits, it > doesn't > seem to go away. The nodes in question are Cisco IOS. > > My suspicion is that it is resource problem on the rancid server. > Suspicions don't count for much, though. Can someone shed some light > on the > issue? > > Sample log is shown below. Notice that in this case, the 10.y.z.20 > seems to > run OK, but the first two fail. They fail consistently from the > scheduled > runs. Manual clogin runs to the specific nodes have no apparent problem. > Unfortunately, I know of no way to get the manual run to do the full diff > and CVS archive. > > ---begin included content > > Trying to get all of the configs. > > 10.x.y.248: missed cmd(s): write term > > 10.x.y.249: missed cmd(s): write term > > 10.y.z.20: missed cmd(s): write term > > ===================================== > > Getting missed routers: round 1. > > 10.x.y.248: missed cmd(s): write term > > 10.x.y.249: missed cmd(s): write term > > ===================================== > > Getting missed routers: round 2. > > 10.x.y.248: missed cmd(s): write term > > 10.x.y.249: missed cmd(s): write term > > ===================================== > > Getting missed routers: round 3. > > 10.x.y.249: missed cmd(s): write term > > 10.x.y.248: missed cmd(s): write term > > ===================================== > > Getting missed routers: round 4. > > 10.x.y.249: missed cmd(s): write term > > 10.x.y.248: missed cmd(s): write term > > ---end included content > > Thanks! > > Dave > > > > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.472 / Virus Database: 269.8.16/849 - Release Date: 6/14/2007 > 12:44 PM > > > > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.472 / Virus Database: 269.8.17/850 - Release Date: 6/15/2007 > 11:31 AM
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From chiel at gmx.net Tue Jun 19 15:25:11 2007 From: chiel at gmx.net (chiel) Date: Tue, 19 Jun 2007 17:25:11 +0200 Subject: [rancid] Rancid Debian packages? Message-ID: <00f201c7b286$0742d250$4d0010ac@michiel> Hello, I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package. Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages. chiel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070619/ae80018c/attachment.html From d.bay at cablesurf.de Tue Jun 19 15:31:40 2007 From: d.bay at cablesurf.de (Dominik Bay) Date: Tue, 19 Jun 2007 17:31:40 +0200 Subject: [rancid] Re: Rancid Debian packages? In-Reply-To: <00f201c7b286$0742d250$4d0010ac@michiel> References: <00f201c7b286$0742d250$4d0010ac@michiel> Message-ID: <200706191731.45643.d.bay@cablesurf.de> On Tuesday 19 June 2007 17:25:11 chiel wrote: > Hello, > > I would like to try out Rancid (for cisco divices). But I only can find a > source install and the debian website says Rancid is a "non-free" package. > Is there any way to install it from a .deb file? I just want to do a quick > install without going to compile all the packages. Just install the non-free Package. Where is the Problem? Regards, Dominik -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070619/e8031a4d/attachment.bin From heas at shrubbery.net Tue Jun 19 17:42:25 2007 From: heas at shrubbery.net (john heasley) Date: Tue, 19 Jun 2007 10:42:25 -0700 Subject: [rancid] Re: Rancid Debian packages? In-Reply-To: <00f201c7b286$0742d250$4d0010ac@michiel> References: <00f201c7b286$0742d250$4d0010ac@michiel> Message-ID: <20070619174225.GE17142@shrubbery.net> Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel: > Hello, > > I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package. Who is charging for RANCID? That violates the license. > Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages. > > chiel > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From tex at off.org Tue Jun 19 17:50:09 2007 From: tex at off.org (Austin Schutz) Date: Tue, 19 Jun 2007 10:50:09 -0700 Subject: [rancid] Re: Rancid Debian packages? In-Reply-To: <20070619174225.GE17142@shrubbery.net> References: <00f201c7b286$0742d250$4d0010ac@michiel> <20070619174225.GE17142@shrubbery.net> Message-ID: <20070619175009.GK3746@gblx.net> On Tue, Jun 19, 2007 at 10:42:25AM -0700, john heasley wrote: > Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel: > > Hello, > > > > I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package. > > Who is charging for RANCID? That violates the license. > free like free vs. enslaved. They don't like the license for whatever reason. *shrug* 5 seconds of google searching for 'rancid binary debian package' returned locations for where to download x86 packages as the third item. Not sure what you tried. Austin From Todd at equivoice.com Tue Jun 19 18:19:22 2007 From: Todd at equivoice.com (Todd Heide) Date: Tue, 19 Jun 2007 13:19:22 -0500 Subject: [rancid] Re: Rancid Debian packages? In-Reply-To: <20070619174225.GE17142@shrubbery.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22070A7E9@exchange.Equivoice.local> I am wondering if it may have read non-fee, and was just misread. Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: Tuesday, June 19, 2007 12:42 PM To: chiel Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid Debian packages? Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel: > Hello, > > I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package. Who is charging for RANCID? That violates the license. > Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages. > > chiel > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From chiel at gmx.net Tue Jun 19 19:00:01 2007 From: chiel at gmx.net (chiel) Date: Tue, 19 Jun 2007 21:00:01 +0200 Subject: [rancid] Re: Rancid Debian packages? References: <082FEA82DC985B4F8A6B412D5AC4E22070A7E9@exchange.Equivoice.local> Message-ID: <000d01c7b2a4$172e9d20$0302a8c0@michiel> See, http://packages.debian.org/stable/net/rancid-core But I already installed it now by editing the source list. thanks all. ----- Original Message ----- From: "Todd Heide" To: "john heasley" ; "chiel" Cc: Sent: Tuesday, June 19, 2007 8:19 PM Subject: RE: [rancid] Re: Rancid Debian packages? I am wondering if it may have read non-fee, and was just misread. Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley Sent: Tuesday, June 19, 2007 12:42 PM To: chiel Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Rancid Debian packages? Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel: > Hello, > > I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package. Who is charging for RANCID? That violates the license. > Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages. > > chiel > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From david at infotrek.co.uk Tue Jun 19 21:21:45 2007 From: david at infotrek.co.uk (David Croft) Date: Tue, 19 Jun 2007 23:21:45 +0200 Subject: [rancid] Fwd: Request to make "enable" command configurable In-Reply-To: References: Message-ID: I made the change anyway as it turned out to be very easy. Please consider this for the next release of rancid. This is a patch against 2.3.1.p1 and adds "-d" command line option and "set enacmd" .cloginrc option to allow override of the default "enable" command. Regards, David ---------- Forwarded message ---------- From: David Croft Date: 19-Jun-2007 18:30 Subject: Request to make "enable" command configurable To: rancid-discuss at shrubbery.net Unlike most Cisco devices, the ASAs seem to launch you into privilege mode 0 when you login even if the user's privilege level is higher. There are then two ways to enable: - "enable" (requires the device's enable password and shoots you to priv 15) - "login" (requires the user's name & password and then uses their configured privilege level) As we don't want the device enable password to be stored or used anywhere the ideal method to enable is thus to "login". The only change required is to change send "enable\r" to send "login\r" Rancid already handles entering the username automatically so this works a treat. I have tested this by copying clogin to asalogin and making this change. So please consider this a request to make the enable command in clogin configurable per device (e.g. set enablecmd fw* {login} ). If it would be helpful for me to prepare a patch for this, let me know. Thanks David david at netman2:~$ asalogin fw01 fw01 spawn ssh -c 3des -x -l david fw01 david at fw01's password: Type help or '?' for a list of available commands. fw01> login Username: david Password: ******** fw01# -------------- next part -------------- --- /usr/local/bin/clogin 2007-06-19 13:20:41.000000000 +0100 +++ clogin 2007-06-19 17:48:06.000000000 +0100 @@ -33,8 +33,8 @@ # Usage line set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \ -\[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \ -\[-s script-file\] \[-t timeout\] \[-u username\] \ +\[-d enable-cmd\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \ +\[-p user-password\] \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" @@ -114,6 +114,13 @@ incr i set enausername [ lindex $argv $i ] } + # Enable Command + } -d* - + -D* { + if {! [ regexp .\[wW\](.+) $arg ignore enacmd]} { + incr i + set enacmdline [ lindex $argv $i ] + } # Environment variable to pass to -s scripts } -E* { @@ -454,12 +461,12 @@ } # Enable -proc do_enable { enauser enapasswd } { +proc do_enable { enacmd enauser enapasswd } { global prompt in_proc global u_prompt e_prompt set in_proc 1 - send "enable\r" + send "$enacmd\r" expect { -re "$u_prompt" { send "$enauser\r"; exp_continue} -re "$e_prompt" { send "$enapasswd\r"; exp_continue} @@ -685,6 +692,15 @@ if { "$enauser" == "" } { set enauser $ruser } } + # Figure out enable command + if {[info exists enacmdline]} { + # command line enacmd + set enacmd $enacmdline + } else { + set enacmd [join [find enacmd $router] ""] + if { "$enacmd" == "" } { set enacmd "enable" } + } + # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { @@ -727,7 +743,7 @@ continue } if { $enable } { - if {[do_enable $enauser $enapasswd]} { + if {[do_enable $enacmd $enauser $enapasswd]} { if { $do_command || $do_script } { close; wait continue From tex at off.org Tue Jun 19 21:41:57 2007 From: tex at off.org (Austin Schutz) Date: Tue, 19 Jun 2007 14:41:57 -0700 Subject: [rancid] Re: Fwd: Request to make "enable" command configurable In-Reply-To: References: Message-ID: <20070619214157.GN3746@gblx.net> On Tue, Jun 19, 2007 at 11:21:45PM +0200, David Croft wrote: > I made the change anyway as it turned out to be very easy. Please > consider this for the next release of rancid. This is a patch against > 2.3.1.p1 and adds "-d" command line option and "set enacmd" .cloginrc > option to allow override of the default "enable" command. > Seems fine in concept but I'd rather see -d used for debugging. Maybe -E? Austin From david.croft at infotrek.net Tue Jun 19 16:30:31 2007 From: david.croft at infotrek.net (David Croft) Date: Tue, 19 Jun 2007 18:30:31 +0200 Subject: [rancid] Request to make "enable" command configurable Message-ID: Unlike most Cisco devices, the ASAs seem to launch you into privilege mode 0 when you login even if the user's privilege level is higher. There are then two ways to enable: - "enable" (requires the device's enable password and shoots you to priv 15) - "login" (requires the user's name & password and then uses their configured privilege level) As we don't want the device enable password to be stored or used anywhere the ideal method to enable is thus to "login". The only change required is to change send "enable\r" to send "login\r" Rancid already handles entering the username automatically so this works a treat. I have tested this by copying clogin to asalogin and making this change. So please consider this a request to make the enable command in clogin configurable per device (e.g. set enablecmd fw* {login} ). If it would be helpful for me to prepare a patch for this, let me know. Thanks David david at netman2:~$ asalogin fw01 fw01 spawn ssh -c 3des -x -l david fw01 david at fw01's password: Type help or '?' for a list of available commands. fw01> login Username: david Password: ******** fw01# From stephens at ameslab.gov Wed Jun 20 14:17:56 2007 From: stephens at ameslab.gov (Douglas C. Stephens) Date: Wed, 20 Jun 2007 09:17:56 -0500 Subject: [rancid] Re: Request to make "enable" command configurable In-Reply-To: References: Message-ID: <7.0.1.0.2.20070620090734.04f64a80@ameslab.gov> David, We have our Cisco ASA devices configured to use an authentication backend which drops users into level-0 exec mode and then requires an enable secret to reach a higher privileged mode. This model works the same as for our other Cisco switch and router equipment. We did not need to patch RANCID to have it do this. We did, however, need to put the RANCID login username(s) into our backend authentication system. Once we did that, our RANCID user .cloginrc file looks something like this: add method rtr-*.domain.comf ssh add user rtr-*.ameslab.gov ranciduser1 add password rtr-*.ameslab.gov {loginpass1} {enablesecret1} add method sw-*.ameslab.gov ssh add user sw-*.ameslab.gov ranciduser2 add password sw-*.ameslab.gov {loginpass2} {enablesecret2} add method fw-*.ameslab.gov ssh add user fw-*.ameslab.gov ranciduser3 add password fw-*.ameslab.gov {loginpass3} {enablesecret3} At 11:30 AM 6/19/2007, David Croft wrote: >Unlike most Cisco devices, the ASAs seem to launch you into privilege >mode 0 when you login even if the user's privilege level is higher. > >There are then two ways to enable: >- "enable" (requires the device's enable password and shoots you to priv 15) >- "login" (requires the user's name & password and then uses their >configured privilege level) > >As we don't want the device enable password to be stored or used >anywhere the ideal method to enable is thus to "login". The only >change required is to change > send "enable\r" >to > send "login\r" > >Rancid already handles entering the username automatically so this >works a treat. > >I have tested this by copying clogin to asalogin and making this >change. So please consider this a request to make the enable command >in clogin configurable per device (e.g. set enablecmd fw* {login} ). >If it would be helpful for me to prepare a patch for this, let me >know. > >Thanks > >David > >david at netman2:~$ asalogin fw01 >fw01 >spawn ssh -c 3des -x -l david fw01 >david at fw01's password: >Type help or '?' for a list of available commands. >fw01> login >Username: david >Password: ******** >fw01# >_______________________________________________ >Rancid-discuss mailing list >Rancid-discuss at shrubbery.net >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Douglas C. Stephens | Network/DNS/Unix/Windows Administrator System Support Specialist | Postmaster / Webmaster Information Systems | Phone: (515) 294-6102 Ames Laboratory, US DOE | Email: stephens at ameslab.gov From david.croft at infotrek.net Wed Jun 20 17:52:22 2007 From: david.croft at infotrek.net (David Croft) Date: Wed, 20 Jun 2007 19:52:22 +0200 Subject: [rancid] Re: Request to make "enable" command configurable In-Reply-To: <7.0.1.0.2.20070620090734.04f64a80@ameslab.gov> References: <7.0.1.0.2.20070620090734.04f64a80@ameslab.gov> Message-ID: Hi Douglas, I know that you can tell rancid the enable password and have it enable automatically, however as the enable password is a shared one rather than per-user my client's policy is not for it to be in general use. Hence wishing rancid to use login rather than enable to escalate privileges. Regards, David On 20/06/07, Douglas C. Stephens wrote: > David, > > We have our Cisco ASA devices configured to use an authentication backend which drops > users into level-0 exec mode and then requires an enable secret to reach a higher > privileged mode. This model works the same as for our other Cisco switch and router > equipment. > > We did not need to patch RANCID to have it do this. We did, however, need to put the > RANCID login username(s) into our backend authentication system. Once we did that, our > RANCID user .cloginrc file looks something like this: > > add method rtr-*.domain.comf ssh > add user rtr-*.ameslab.gov ranciduser1 > add password rtr-*.ameslab.gov {loginpass1} {enablesecret1} > > add method sw-*.ameslab.gov ssh > add user sw-*.ameslab.gov ranciduser2 > add password sw-*.ameslab.gov {loginpass2} {enablesecret2} > > add method fw-*.ameslab.gov ssh > add user fw-*.ameslab.gov ranciduser3 > add password fw-*.ameslab.gov {loginpass3} {enablesecret3} > > > At 11:30 AM 6/19/2007, David Croft wrote: > >Unlike most Cisco devices, the ASAs seem to launch you into privilege > >mode 0 when you login even if the user's privilege level is higher. > > > >There are then two ways to enable: > >- "enable" (requires the device's enable password and shoots you to priv 15) > >- "login" (requires the user's name & password and then uses their > >configured privilege level) > > > >As we don't want the device enable password to be stored or used > >anywhere the ideal method to enable is thus to "login". The only > >change required is to change > > send "enable\r" > >to > > send "login\r" > > > >Rancid already handles entering the username automatically so this > >works a treat. > > > >I have tested this by copying clogin to asalogin and making this > >change. So please consider this a request to make the enable command > >in clogin configurable per device (e.g. set enablecmd fw* {login} ). > >If it would be helpful for me to prepare a patch for this, let me > >know. > > > >Thanks > > > >David > > > >david at netman2:~$ asalogin fw01 > >fw01 > >spawn ssh -c 3des -x -l david fw01 > >david at fw01's password: > >Type help or '?' for a list of available commands. > >fw01> login > >Username: david > >Password: ******** > >fw01# > >_______________________________________________ > >Rancid-discuss mailing list > >Rancid-discuss at shrubbery.net > >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -- > Douglas C. Stephens | Network/DNS/Unix/Windows Administrator > System Support Specialist | Postmaster / Webmaster > Information Systems | Phone: (515) 294-6102 > Ames Laboratory, US DOE | Email: stephens at ameslab.gov > > From Alexandra.Bakhto at MoneyMart.ca Wed Jun 20 20:00:03 2007 From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto) Date: Wed, 20 Jun 2007 13:00:03 -0700 Subject: [rancid] Install Rancid for Gentoo Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com> Hi all: Does anybody have step-by-step instructions on how to install and configure Rancid fro Gentoo Linux. Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not really work. Alexandra Bakhto, MA, CCNP, CCDP, CISSP, GIAC GISP Network Administrator (WAN), National Money Mart Office: 250-595-5211 x421 Fax: 250-412-3110 E-Mail: alexandra.bakhto at moneymart.ca This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/976f748a/attachment.html From heas at shrubbery.net Wed Jun 20 20:19:44 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 20 Jun 2007 13:19:44 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com> References: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com> Message-ID: <20070620201944.GY7043@shrubbery.net> Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto: > Hi all: > > Does anybody have step-by-step instructions on how to install and > configure Rancid fro Gentoo Linux. > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not really > work. it looks ok to me. i suggest you explain the problem you're having. From DylanV at semaphore.com Wed Jun 20 20:22:27 2007 From: DylanV at semaphore.com (Dylan Vanderhoof) Date: Wed, 20 Jun 2007 13:22:27 -0700 Subject: [rancid] Re: Install Rancid for Gentoo Message-ID: Looks fine to me. I didn't follow that (since I didn't know it existed), but it looks pretty similar to how I installed rancid on my gentoo servers. Its really not much different than installing it anywhere else. -D -----Original Message----- From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] Sent: Wednesday, June 20, 2007 1:00 PM To: rancid-discuss at shrubbery.net Subject: [rancid] Install Rancid for Gentoo Hi all: Does anybody have step-by-step instructions on how to install and configure Rancid fro Gentoo Linux. Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not really work. not the named recipient(s), please immediately notify the sender and destroy this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/3530b572/attachment.html From DylanV at semaphore.com Wed Jun 20 20:30:55 2007 From: DylanV at semaphore.com (Dylan Vanderhoof) Date: Wed, 20 Jun 2007 13:30:55 -0700 Subject: [rancid] Re: Install Rancid for Gentoo Message-ID: Ahhh, I don't use viewcvs or the apache portion, so I suppose that's why it seemed easier to me. I honestly don't know where that is concerned. I think most people are using external/custom applications to handle the CVS repository, or just monitoring the config change emails. What do you get in the apache error log when you try to access those links? (CC'ing the list again, since somebody might have experience with the web portion) -D -----Original Message----- From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] Sent: Wednesday, June 20, 2007 1:25 PM To: Dylan Vanderhoof Subject: RE: [rancid] Install Rancid for Gentoo Hi Dylan: Thank you very much for you response! I chose gentoo because supposedly applications are easier to integrate there using the emerge command. Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do not even include starting apache! Well I figured that out and I can now connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing wrong? I followed all the instructions step by step... Alexandra Bakhto. . -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/26836181/attachment.html From heas at shrubbery.net Wed Jun 20 20:35:06 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 20 Jun 2007 13:35:06 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0701@nmmexch01.dfg.com> References: <20070620201944.GY7043@shrubbery.net> <4A091346DA94344BBCCF7A79D7877BA0041E0701@nmmexch01.dfg.com> Message-ID: <20070620203506.GA7043@shrubbery.net> Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto: > John: > > Thank you very much for you response! > Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do > not even include starting apache! Well I figured that out and I can now it didn't tell you boot the machine either. demand a refund immediately. > connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or > HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing > wrong? i think cvs_roots is wrong in the viewcvs.conf example. inspect your apache logs. > Alexandra Bakhto. > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, June 20, 2007 1:20 PM > To: Alexandra Bakhto > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Install Rancid for Gentoo > > Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto: > > Hi all: > > > > Does anybody have step-by-step instructions on how to install and > > configure Rancid fro Gentoo Linux. > > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not > > really work. > > it looks ok to me. i suggest you explain the problem you're having. > > This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. From Alexandra.Bakhto at MoneyMart.ca Wed Jun 20 20:38:06 2007 From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto) Date: Wed, 20 Jun 2007 13:38:06 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <20070620203506.GA7043@shrubbery.net> Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0704@nmmexch01.dfg.com> Please forgive my ignorance... where do find the apache error log? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, June 20, 2007 1:35 PM To: Alexandra Bakhto Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Install Rancid for Gentoo Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto: > John: > > Thank you very much for you response! > Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do > not even include starting apache! Well I figured that out and I can > now it didn't tell you boot the machine either. demand a refund immediately. > connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or > HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing > wrong? i think cvs_roots is wrong in the viewcvs.conf example. inspect your apache logs. > Alexandra Bakhto. > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, June 20, 2007 1:20 PM > To: Alexandra Bakhto > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Install Rancid for Gentoo > > Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto: > > Hi all: > > > > Does anybody have step-by-step instructions on how to install and > > configure Rancid fro Gentoo Linux. > > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not > > really work. > > it looks ok to me. i suggest you explain the problem you're having. > > This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. From Alexandra.Bakhto at MoneyMart.ca Wed Jun 20 20:42:10 2007 From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto) Date: Wed, 20 Jun 2007 13:42:10 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com> Thanks, here are the errors; NMMRancid / # tail var/log/apache2/error_log [Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3 [Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not exist: /var/www/localhost/htdocs/var [Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not exist: /var/www/localhost/htdocs/var [Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not exist: /var/www/localhost/htdocs/var [Wed Jun 20 12:13:01 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec2) [Wed Jun 20 12:13:01 2007] [notice] Digest: generating secret for digest authentication ... [Wed Jun 20 12:13:01 2007] [notice] Digest: done [Wed Jun 20 12:13:01 2007] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads. [Wed Jun 20 12:13:01 2007] [notice] mod_python: using mutex_directory /tmp [Wed Jun 20 12:13:02 2007] [notice] Apache configured -- resuming normal operations ________________________________ From: Dylan Vanderhoof [mailto:DylanV at semaphore.com] Sent: Wednesday, June 20, 2007 1:39 PM To: Alexandra Bakhto Subject: RE: [rancid] Install Rancid for Gentoo /var/log/apache2/error_log most likely. Or somewhere in that general area. -D -----Original Message----- From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] Sent: Wednesday, June 20, 2007 1:36 PM To: Dylan Vanderhoof Subject: RE: [rancid] Install Rancid for Gentoo Please forgive my ignorance... where do find the apache error log? ________________________________ From: Dylan Vanderhoof [mailto:DylanV at semaphore.com] Sent: Wednesday, June 20, 2007 1:31 PM To: Alexandra Bakhto Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Install Rancid for Gentoo Ahhh, I don't use viewcvs or the apache portion, so I suppose that's why it seemed easier to me. I honestly don't know where that is concerned. I think most people are using external/custom applications to handle the CVS repository, or just monitoring the config change emails. What do you get in the apache error log when you try to access those links? (CC'ing the list again, since somebody might have experience with the web portion) -D -----Original Message----- From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] Sent: Wednesday, June 20, 2007 1:25 PM To: Dylan Vanderhoof Subject: RE: [rancid] Install Rancid for Gentoo Hi Dylan: Thank you very much for you response! I chose gentoo because supposedly applications are easier to integrate there using the emerge command. Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do not even include starting apache! Well I figured that out and I can now connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing wrong? I followed all the instructions step by step... Alexandra Bakhto. . This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/62768f67/attachment.html From heas at shrubbery.net Wed Jun 20 20:58:05 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 20 Jun 2007 13:58:05 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com> References: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com> Message-ID: <20070620205805.GC7043@shrubbery.net> Wed, Jun 20, 2007 at 01:42:10PM -0700, Alexandra Bakhto: > Thanks, here are the errors; > > NMMRancid / # tail var/log/apache2/error_log > [Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3 > [Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var > [Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var > [Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var presumably it is simply that you have not tailored the apache configuration for your environment, specifically where you've installed apache's document root and viewcvs. From Alexandra.Bakhto at MoneyMart.ca Wed Jun 20 20:58:03 2007 From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto) Date: Wed, 20 Jun 2007 13:58:03 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0704@nmmexch01.dfg.com> Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0706@nmmexch01.dfg.com> Please forgive my ignorance... Which directories should I specify as CVS roots in viewcvs.conf? -----Original Message----- From: Alexandra Bakhto Sent: Wednesday, June 20, 2007 1:38 PM To: 'john heasley' Cc: rancid-discuss at shrubbery.net Subject: RE: [rancid] Install Rancid for Gentoo Please forgive my ignorance... where do find the apache error log? -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Wednesday, June 20, 2007 1:35 PM To: Alexandra Bakhto Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Install Rancid for Gentoo Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto: > John: > > Thank you very much for you response! > Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do > not even include starting apache! Well I figured that out and I can > now it didn't tell you boot the machine either. demand a refund immediately. > connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or > HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing > wrong? i think cvs_roots is wrong in the viewcvs.conf example. inspect your apache logs. > Alexandra Bakhto. > > > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Wednesday, June 20, 2007 1:20 PM > To: Alexandra Bakhto > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Install Rancid for Gentoo > > Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto: > > Hi all: > > > > Does anybody have step-by-step instructions on how to install and > > configure Rancid fro Gentoo Linux. > > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not > > really work. > > it looks ok to me. i suggest you explain the problem you're having. > > This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message. From cmoody at qualcomm.com Wed Jun 20 21:02:57 2007 From: cmoody at qualcomm.com (Chris Moody) Date: Wed, 20 Jun 2007 14:02:57 -0700 Subject: [rancid] Re: Install Rancid for Gentoo In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com> References: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com> Message-ID: <46799601.5000205@qualcomm.com> You will also need to make sure you tell apache where the web-interface is. Here's my example, using name-based virtual hosts in Apache. ex> ########## VIRTUAL HOST CONFIG FOR ViewCVS ########## ##################################################### ##################################################### ################# cmoody 11.21.05 ################### ServerAdmin DocumentRoot /var/www/localhost/viewcvs/ ServerName UseCanonicalName Off ScriptAlias /config /var/www/localhost/cgi-bin/viewcvs/viewcvs.cgi AllowOverride AuthConfig Options ExecCGI FollowSymLinks Order allow,deny Allow from all AllowOverride AuthConfig Options Indexes MultiViews ExecCGI FollowSymLinks Options MultiViews ExecCGI FollowSymLinks Order allow,deny Allow from all Alexandra Bakhto wrote: > Thanks, here are the errors; > > NMMRancid / # tail var/log/apache2/error_log > [Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3 > [Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var > [Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var > [Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not > exist: /var/www/localhost/htdocs/var > [Wed Jun 20 12:13:01 2007] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec2) > [Wed Jun 20 12:13:01 2007] [notice] Digest: generating secret for digest > authentication ... > [Wed Jun 20 12:13:01 2007] [notice] Digest: done > [Wed Jun 20 12:13:01 2007] [notice] mod_python: Creating 8 session > mutexes based on 150 max processes and 0 max threads. > [Wed Jun 20 12:13:01 2007] [notice] mod_python: using mutex_directory /tmp > [Wed Jun 20 12:13:02 2007] [notice] Apache configured -- resuming normal > operations > > ------------------------------------------------------------------------ > *From:* Dylan Vanderhoof [mailto:DylanV at semaphore.com] > *Sent:* Wednesday, June 20, 2007 1:39 PM > *To:* Alexandra Bakhto > *Subject:* RE: [rancid] Install Rancid for Gentoo > > /var/log/apache2/error_log most likely. Or somewhere in that general area. > > -D > > -----Original Message----- > *From:* Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] > *Sent:* Wednesday, June 20, 2007 1:36 PM > *To:* Dylan Vanderhoof > *Subject:* RE: [rancid] Install Rancid for Gentoo > > Please forgive my ignorance... where do find the apache error log? > > ------------------------------------------------------------------------ > *From:* Dylan Vanderhoof [mailto:DylanV at semaphore.com] > *Sent:* Wednesday, June 20, 2007 1:31 PM > *To:* Alexandra Bakhto > *Cc:* rancid-discuss at shrubbery.net > *Subject:* RE: [rancid] Install Rancid for Gentoo > > Ahhh, I don't use viewcvs or the apache portion, so I suppose that's > why it seemed easier to me. I honestly don't know where that is > concerned. I think most people are using external/custom > applications to handle the CVS repository, or just monitoring the > config change emails. > > What do you get in the apache error log when you try to access those > links? > > (CC'ing the list again, since somebody might have experience with > the web portion) > > -D > > -----Original Message----- > *From:* Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] > *Sent:* Wednesday, June 20, 2007 1:25 PM > *To:* Dylan Vanderhoof > *Subject:* RE: [rancid] Install Rancid for Gentoo > > Hi Dylan: > > Thank you very much for you response! > > I chose gentoo because supposedly applications are easier to > integrate there using the emerge command. > > Installation instruction at per > _http://gentoo-wiki.com/HOWTO_Rancid_ do not even include > starting apache! Well I figured that out and I can now connect > to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or > HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I > doing wrong? I followed all the instructions step by step... > > Alexandra Bakhto. > > . > > > This message is intended only for the named recipient(s) above and > may contain information that is privileged, confidential and/or > exempt from disclosure under applicable law. If you have received > this message in error, or are not the named recipient(s), please > immediately notify the sender and destroy this message. > > > This message is intended only for the named recipient(s) above and may > contain information that is privileged, confidential and/or exempt from > disclosure under applicable law. If you have received this message in > error, or are not the named recipient(s), please immediately notify the > sender and destroy this message. > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From G.Ross at ccw.gov.uk Fri Jun 22 12:52:01 2007 From: G.Ross at ccw.gov.uk (Gordon Ross) Date: Fri, 22 Jun 2007 13:52:01 +0100 Subject: [rancid] RANCID & SVN Message-ID: <467BD3FF.AC0B.0006.3@ccw.gov.uk> Hi, I'm looking at using rancid, and I would like to use it with an SVN repository. The web page for rancid says it works with SVN, but I couldn't see anything on how to get rancid to use SVN. A quick google revealed http://www.shrubbery.net/pipermail/rancid-discuss/2006-February/001358.html which doesn't seem to apply to the current version of rancid. BTW - are there any docs for rancid other than the man pages ? Thanks, GTG From thecomputerking at gmail.com Fri Jun 22 14:37:09 2007 From: thecomputerking at gmail.com (Riley Tompkins) Date: Fri, 22 Jun 2007 10:37:09 -0400 Subject: [rancid] Re: RANCID & SVN In-Reply-To: <467BD3FF.AC0B.0006.3@ccw.gov.uk> References: <467BD3FF.AC0B.0006.3@ccw.gov.uk> Message-ID: <337a72540706220737m10e55000s1a657f6e7d3034e5@mail.gmail.com> ./configure --enable-svn I also found it beneficial to modify the source file "rancid-cvs.in" on line 80 as such: # Top level CVS stuff if [ ! -d $CVSROOT ]; then if [ $RCSSYS = cvs ]; then cvs -d $CVSROOT init else svnadmin create $CVSROOT --fs-type fsfs fi fi I chose the fsfs type because I kept having to recover the db due to umask issues in the Berkley type db. It has worked flawlessly since. Regards, -Riley On 6/22/07, Gordon Ross wrote: > Hi, > > I'm looking at using rancid, and I would like to use it with an SVN > repository. The web page for rancid says it works with SVN, but I > couldn't see anything on how to get rancid to use SVN. > > A quick google revealed > http://www.shrubbery.net/pipermail/rancid-discuss/2006-February/001358.html > which doesn't seem to apply to the current version of rancid. > > BTW - are there any docs for rancid other than the man pages ? > > Thanks, > > GTG > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From G.Ross at ccw.gov.uk Fri Jun 22 20:45:08 2007 From: G.Ross at ccw.gov.uk (Gordon Ross) Date: Fri, 22 Jun 2007 21:45:08 +0100 Subject: [rancid] Re: RANCID & SVN Message-ID: <467C447202000006000905FF@gwia3.ccw.gov.uk> There is no mention of svn in configure. I'm using rancid 2.3.1 Do I need to use the alpha release ? GTG >>> "Riley Tompkins" 06/22/07 3:37 PM >>> ./configure --enable-svn From Chandrasekaran.Jayaraj at in.standardchartered.com Mon Jun 25 06:53:55 2007 From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj, Chandrasekaran) Date: Mon, 25 Jun 2007 12:23:55 +0530 Subject: [rancid] Need to know if mutiple usernames can be set in the .clogin file Message-ID: Hi , I am a newcomer to RANCID and I find it an interesting tool . I want to know how to use rancid for checking configuration changes done by multiple users . Currently I have 3 users in my router who have privilege access to my routers and switches and rancid sends me the diff files of these 3 users . However I am not able to find out which user has done the change via the email sent by rancid . Any suggestions on how to find it out ? warm regards, ------------------------------------------------------------------------ ----- Chandrasekaran J Senior Technical Analyst, Network Center of Excellence, Network Services, Technology Production Services Standard Chartered Bank Direct Dial : + 91 44 422 14233 Mobile : + 91 98846 78777 Fonenet : x 390 14233 ------------------------------------------------------------------------ ----- This email is confidential. If you are not the addressee tell the sender immediately and destroy this email without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for damage caused by this email and may monitor email traffic. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/d983c292/attachment.html From shekhar at mos.com.np Mon Jun 25 07:04:41 2007 From: shekhar at mos.com.np (Shekhar Basnet) Date: Mon, 25 Jun 2007 12:49:41 +0545 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the .clogin file In-Reply-To: References: Message-ID: <1182755080.2250.16.camel@chulu.mos.com.np> Hi, You'd need to use TACACS+ to find out who is doing what in your routers/switches. You can download it from http://www.shrubbery.net/tools.html rgds, shekhar. On Mon, 2007-06-25 at 12:38, Jayaraj, Chandrasekaran wrote: > Hi , > > > > I am a newcomer to RANCID and I find it an interesting tool . > > > > I want to know how to use rancid for checking configuration changes > done by multiple users . > > Currently I have 3 users in my router who have privilege access to my > routers and switches and rancid sends me the diff files of these 3 > users . > > > > However I am not able to find out which user has done the change via > the email sent by rancid . Any suggestions on how to find it out ? > > > > warm regards, > ----------------------------------------------------------------------------- > Chandrasekaran J > > From Chandrasekaran.Jayaraj at in.standardchartered.com Mon Jun 25 07:46:17 2007 From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj, Chandrasekaran) Date: Mon, 25 Jun 2007 13:16:17 +0530 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file Message-ID: Hi , Thanks for the swift response . We do have cisco tacacs installed using ACS. Even when we have that there may be multiple users who will be a part of the authentication group who will actually have level 15 access . So say for eg we have a group called noc-users and there are 3 users namely user1 ,user2 ,user3 who will have privilege 15 access . But currently my cloginrc file has the entry in below format add user * user1 and add password * testpwd enabletestpwd So how can I check if I login as a user2 and do some change ? Currently all I get from rancid is that a diff output mail with the difference and no mention of the username doing the change . So let me know if there is a way for this . warm regards, ------------------------------------------------------------------------ ----- Chandrasekaran J Senior Technical Analyst, Network Center of Excellence, Network Services, Technology Production Services ------------------------------------------------------------------------ ----- -----Original Message----- From: Shekhar Basnet [mailto:shekhar at mos.com.np] Sent: Monday, June 25, 2007 12:35 PM To: Jayaraj, Chandrasekaran Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Need to know if mutiple usernames can be set in the.clogin file Hi, You'd need to use TACACS+ to find out who is doing what in your routers/switches. You can download it from http://www.shrubbery.net/tools.html rgds, shekhar. On Mon, 2007-06-25 at 12:38, Jayaraj, Chandrasekaran wrote: > Hi , > > > > I am a newcomer to RANCID and I find it an interesting tool . > > > > I want to know how to use rancid for checking configuration changes > done by multiple users . > > Currently I have 3 users in my router who have privilege access to my > routers and switches and rancid sends me the diff files of these 3 > users . > > > > However I am not able to find out which user has done the change via > the email sent by rancid . Any suggestions on how to find it out ? > > > > warm regards, > ------------------------------------------------------------------------ ----- > Chandrasekaran J > > This email is confidential. If you are not the addressee tell the sender immediately and destroy this email without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for damage caused by this email and may monitor email traffic. From jeff at ocjtech.us Mon Jun 25 13:02:03 2007 From: jeff at ocjtech.us (Jeffrey C. Ollie) Date: Mon, 25 Jun 2007 08:02:03 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file In-Reply-To: References: Message-ID: <1182776523.3821.6.camel@lt21223.campus.dmacc.edu> On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote: > > Thanks for the swift response . We do have cisco tacacs installed using > ACS. > > Even when we have that there may be multiple users who will be a part of > the authentication group who will actually have level 15 access . > > So say for eg we have a group called noc-users and there are 3 users > namely user1 ,user2 ,user3 who will have privilege 15 access . > > So how can I check if I login as a user2 and do some change ? > > Currently all I get from rancid is that a diff output mail with the > difference and no mention of the username doing the change . RANCID cannot do what you ask. All that RANCID can do is give you a summary of the changes made between two points in time, it cannot show you who made those changes. It also cannot show you changes that were made then unmade in between the times that RANCID scans your routers. You need to enable command accounting on your router to get the kind of information that you want: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca5f1.html#xtocid183737 Jeff -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/9f659cc2/attachment.bin From Todd at equivoice.com Mon Jun 25 13:18:34 2007 From: Todd at equivoice.com (Todd Heide) Date: Mon, 25 Jun 2007 08:18:34 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file In-Reply-To: <1182776523.3821.6.camel@lt21223.campus.dmacc.edu> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F017@exchange.Equivoice.local> Setup a Tacacs+ server on the Rancid box. The one I use which has a nice front end is found here, http://www.networkforums.net Once installed and working it is easy to check the logs to see what has been done and by whom. Thanks Todd Heide Equivoice Inc. CCNA CWLSS CS-CISecS 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C. Ollie Sent: Monday, June 25, 2007 8:02 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote: > > Thanks for the swift response . We do have cisco tacacs installed using > ACS. > > Even when we have that there may be multiple users who will be a part of > the authentication group who will actually have level 15 access . > > So say for eg we have a group called noc-users and there are 3 users > namely user1 ,user2 ,user3 who will have privilege 15 access . > > So how can I check if I login as a user2 and do some change ? > > Currently all I get from rancid is that a diff output mail with the > difference and no mention of the username doing the change . RANCID cannot do what you ask. All that RANCID can do is give you a summary of the changes made between two points in time, it cannot show you who made those changes. It also cannot show you changes that were made then unmade in between the times that RANCID scans your routers. You need to enable command accounting on your router to get the kind of information that you want: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products _configuration_guide_chapter09186a00800ca5f1.html#xtocid183737 Jeff From rancid at gheek.net Mon Jun 25 15:43:05 2007 From: rancid at gheek.net (Lance) Date: Mon, 25 Jun 2007 08:43:05 -0700 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file Message-ID: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net> Todd, Nice URL. :-D bad URL or a hacked site. Miss Cindy's Neighborhood Nursery School Hehehe. Happy Mondays. -Lance > -------- Original Message -------- > Subject: [rancid] Re: Need to know if mutiple usernames can be setin > the.clogin file > From: "Todd Heide" > Date: Mon, June 25, 2007 6:18 am > To: "Jeffrey C. Ollie" , > > > Setup a Tacacs+ server on the Rancid box. The one I use which has a nice > front end is found here, http://www.networkforums.net Once installed and > working it is easy to check the logs to see what has been done and by > whom. > > Thanks > Todd Heide > Equivoice Inc. > > CCNA CWLSS CS-CISecS > 847-235-3308 > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C. > Ollie > Sent: Monday, June 25, 2007 8:02 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Need to know if mutiple usernames can be setin > the.clogin file > > On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote: > > > > Thanks for the swift response . We do have cisco tacacs installed > using > > ACS. > > > > Even when we have that there may be multiple users who will be a part > of > > the authentication group who will actually have level 15 access . > > > > So say for eg we have a group called noc-users and there are 3 users > > namely user1 ,user2 ,user3 who will have privilege 15 access . > > > > So how can I check if I login as a user2 and do some change ? > > > > Currently all I get from rancid is that a diff output mail with the > > difference and no mention of the username doing the change . > > RANCID cannot do what you ask. All that RANCID can do is give you a > summary of the changes made between two points in time, it cannot show > you who made those changes. It also cannot show you changes that were > made then unmade in between the times that RANCID scans your routers. > > You need to enable command accounting on your router to get the kind of > information that you want: > > http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products > _configuration_guide_chapter09186a00800ca5f1.html#xtocid183737 > > Jeff > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Todd at equivoice.com Mon Jun 25 15:47:16 2007 From: Todd at equivoice.com (Todd Heide) Date: Mon, 25 Jun 2007 10:47:16 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file In-Reply-To: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local> Oh great! Yep, been hacked, again it appears. I have the files for the install if interested. Thanks Todd Heide Equivoice Inc. CCNA CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: Lance [mailto:rancid at gheek.net] Sent: Monday, June 25, 2007 10:43 AM To: Todd Heide Cc: Jeffrey C. Ollie; rancid-discuss at shrubbery.net Subject: RE: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file Todd, Nice URL. :-D bad URL or a hacked site. Miss Cindy's Neighborhood Nursery School Hehehe. Happy Mondays. -Lance > -------- Original Message -------- > Subject: [rancid] Re: Need to know if mutiple usernames can be setin > the.clogin file > From: "Todd Heide" > Date: Mon, June 25, 2007 6:18 am > To: "Jeffrey C. Ollie" , > > > Setup a Tacacs+ server on the Rancid box. The one I use which has a nice > front end is found here, http://www.networkforums.net Once installed and > working it is easy to check the logs to see what has been done and by > whom. > > Thanks > Todd Heide > Equivoice Inc. > > CCNA CWLSS CS-CISecS > 847-235-3308 > > Nothing ever goes as planned, Its a hell of a notion, > Even pharaohs turn to sand, Like a drop in the ocean > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C. > Ollie > Sent: Monday, June 25, 2007 8:02 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Need to know if mutiple usernames can be setin > the.clogin file > > On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote: > > > > Thanks for the swift response . We do have cisco tacacs installed > using > > ACS. > > > > Even when we have that there may be multiple users who will be a part > of > > the authentication group who will actually have level 15 access . > > > > So say for eg we have a group called noc-users and there are 3 users > > namely user1 ,user2 ,user3 who will have privilege 15 access . > > > > So how can I check if I login as a user2 and do some change ? > > > > Currently all I get from rancid is that a diff output mail with the > > difference and no mention of the username doing the change . > > RANCID cannot do what you ask. All that RANCID can do is give you a > summary of the changes made between two points in time, it cannot show > you who made those changes. It also cannot show you changes that were > made then unmade in between the times that RANCID scans your routers. > > You need to enable command accounting on your router to get the kind of > information that you want: > > http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products > _configuration_guide_chapter09186a00800ca5f1.html#xtocid183737 > > Jeff > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From saku+rancid at ytti.fi Mon Jun 25 16:05:17 2007 From: saku+rancid at ytti.fi (Saku Ytti) Date: Mon, 25 Jun 2007 19:05:17 +0300 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local> References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net> <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local> Message-ID: <20070625160517.GA15783@mx.ytti.net> On (2007-06-25 10:47 -0500), Todd Heide wrote: > Oh great! Yep, been hacked, again it appears. I have the files for the > install if interested. Off-topic, but why does it appear 'hacked'? To me it seems like web hoster didn't setup sane default page for unknown 'Host: x', e.g. networkforums.net has been removed from that site and it falls back to some config it found. -- ++ytti From Todd at equivoice.com Mon Jun 25 16:07:30 2007 From: Todd at equivoice.com (Todd Heide) Date: Mon, 25 Jun 2007 11:07:30 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be setinthe.clogin file In-Reply-To: <20070625160517.GA15783@mx.ytti.net> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F04A@exchange.Equivoice.local> It has happened before with this site, someone gets in there and replaced the content with something else. Worked last week. Thanks Todd Heide Equivoice Inc. CCNA CWLSS CS-CISecS 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Saku Ytti Sent: Monday, June 25, 2007 11:05 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Re: Need to know if mutiple usernames can be setinthe.clogin file On (2007-06-25 10:47 -0500), Todd Heide wrote: > Oh great! Yep, been hacked, again it appears. I have the files for the > install if interested. Off-topic, but why does it appear 'hacked'? To me it seems like web hoster didn't setup sane default page for unknown 'Host: x', e.g. networkforums.net has been removed from that site and it falls back to some config it found. -- ++ytti _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From justin at justinshore.com Mon Jun 25 16:43:51 2007 From: justin at justinshore.com (Justin Shore) Date: Mon, 25 Jun 2007 11:43:51 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file In-Reply-To: <20070625160517.GA15783@mx.ytti.net> References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net> <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local> <20070625160517.GA15783@mx.ytti.net> Message-ID: <467FF0C7.4070003@justinshore.com> Saku Ytti wrote: > On (2007-06-25 10:47 -0500), Todd Heide wrote: > >> Oh great! Yep, been hacked, again it appears. I have the files for the >> install if interested. > > Off-topic, but why does it appear 'hacked'? To me it seems like web hoster > didn't setup sane default page for unknown 'Host: x', e.g. > networkforums.net has been removed from that site and it falls back to > some config it found. Saku, I think you're right. Name: www.networkforums.net Address: 71.169.3.3 Name: www.misscindysschool.com Address: 71.169.3.3 All these URLs give you the same site. http://www.misscindysschool.com http://www.networkforums.net http://71.169.3.3 The web hoster is apparently having problems... Justin From eravin at panix.com Mon Jun 25 17:08:43 2007 From: eravin at panix.com (Ed Ravin) Date: Mon, 25 Jun 2007 13:08:43 -0400 Subject: [rancid] Re: Need to know if mutiple usernames can be setin the.clogin file In-Reply-To: <467FF0C7.4070003@justinshore.com> References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net> <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local> <20070625160517.GA15783@mx.ytti.net> <467FF0C7.4070003@justinshore.com> Message-ID: <20070625170843.GB4838@panix.com> On Mon, Jun 25, 2007 at 11:43:51AM -0500, Justin Shore wrote: > Saku Ytti wrote: > > Off-topic, but why does it appear 'hacked'? To me it seems like web hoster > > didn't setup sane default page for unknown 'Host: x', e.g. > > networkforums.net has been removed from that site and it falls back to > > some config it found. > > Saku, > > I think you're right. > > Name: www.networkforums.net > Address: 71.169.3.3 > > Name: www.misscindysschool.com > Address: 71.169.3.3 > > All these URLs give you the same site. Awww, shucks, I was hoping that this was a case of Pre-K "script kiddies", who were going to follow up on this hack by writing the Playskool UI for RANCID. From heas at shrubbery.net Mon Jun 25 17:28:50 2007 From: heas at shrubbery.net (john heasley) Date: Mon, 25 Jun 2007 17:28:50 +0000 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file In-Reply-To: References: Message-ID: <20070625172850.GF10063@shrubbery.net> Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran: > > > Hi , > > Thanks for the swift response . We do have cisco tacacs installed using > ACS. > > Even when we have that there may be multiple users who will be a part of > the authentication group who will actually have level 15 access . > > So say for eg we have a group called noc-users and there are 3 users > namely user1 ,user2 ,user3 who will have privilege 15 access . > > But currently my cloginrc file has the entry in below format > > add user * user1 and > > add password * testpwd enabletestpwd > > > > So how can I check if I login as a user2 and do some change ? each user has their own HOME and $HOME/.cloginrc. > Currently all I get from rancid is that a diff output mail with the > difference and no mention of the username doing the change . The others are correct, there is no attribution and no way to be certain of it without tacacs (or radius?) login and command accounting. You can further associate specific changes with rancid by using SEC; see the rancid FAQ, section 3 question 5. With the time from the accounting logs, you can approximately determine the user; approximate because multiple change could occur in the time taken for the collection. From jeff at ocjtech.us Mon Jun 25 18:22:11 2007 From: jeff at ocjtech.us (Jeffrey C. Ollie) Date: Mon, 25 Jun 2007 13:22:11 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file In-Reply-To: <20070625172850.GF10063@shrubbery.net> References: <20070625172850.GF10063@shrubbery.net> Message-ID: <1182795731.3821.44.camel@lt21223.campus.dmacc.edu> On Mon, 2007-06-25 at 17:28 +0000, john heasley wrote: > > The others are correct, there is no attribution and no way to be certain of > it without tacacs (or radius?) login and command accounting. Command accounting is not available with RADIUS (on Cisco at least). Jeff -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/98f3984e/attachment.bin From Chandrasekaran.Jayaraj at in.standardchartered.com Tue Jun 26 05:01:20 2007 From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj, Chandrasekaran) Date: Tue, 26 Jun 2007 10:31:20 +0530 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file Message-ID: Hi All , Thanks for all your inputs .It was an eye opener for me . I will have to make this work with my current cisco tacacs configuration that I have . But still I see a good amount of information using the GUI on what has changed. By the way can anyone say what are these lines (sample of my diff output) Index: configs/10.132.17.66 =================================================================== retrieving revision 1.7 diff -U4 -r1.7 10.132.17.66 @@ -498,9 +498,9 @@ - I don't understand what this line means no ip address - Also it always shows these 3 lines. no ip route-cache shutdown ! - ip http server + no ip http server ! ip access-list extended Core_marking_AF12_Admin permit tcp any any eq smtp permit tcp any eq smtp any While actually what I changed on the switch was the lines after the + sign . Anyone have a document on how to understand this output ? ( I am aware of the cvs-web and its cool but I would to like this to explain this thing to my managers who will see this email stuff only ) warm regards, ------------------------------------------------------------------------ ----- Chandrasekaran J ------------------------------------------------------------------------ ----- -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Monday, June 25, 2007 10:59 PM To: Jayaraj, Chandrasekaran Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran: > > > Hi , > > Thanks for the swift response . We do have cisco tacacs installed using > ACS. > > Even when we have that there may be multiple users who will be a part of > the authentication group who will actually have level 15 access . > > So say for eg we have a group called noc-users and there are 3 users > namely user1 ,user2 ,user3 who will have privilege 15 access . > > But currently my cloginrc file has the entry in below format > > add user * user1 and > > add password * testpwd enabletestpwd > > > > So how can I check if I login as a user2 and do some change ? each user has their own HOME and $HOME/.cloginrc. > Currently all I get from rancid is that a diff output mail with the > difference and no mention of the username doing the change . The others are correct, there is no attribution and no way to be certain of it without tacacs (or radius?) login and command accounting. You can further associate specific changes with rancid by using SEC; see the rancid FAQ, section 3 question 5. With the time from the accounting logs, you can approximately determine the user; approximate because multiple change could occur in the time taken for the collection. This email is confidential. If you are not the addressee tell the sender immediately and destroy this email without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for damage caused by this email and may monitor email traffic. From justin at justinshore.com Tue Jun 26 11:59:27 2007 From: justin at justinshore.com (Justin Shore) Date: Tue, 26 Jun 2007 06:59:27 -0500 Subject: [rancid] Re: Need to know if mutiple usernames can be set in the.clogin file In-Reply-To: References: Message-ID: <4680FF9F.908@justinshore.com> The output is pretty basic. The first couple of lines are CVS output lines that pertain to the filename in the repository and what revisions are being diffed to generate the overall output. I'm not exactly sure what the next line is (I'm not a CVS buff) but it's essentially telling you what line in the file the snippet of diff output came from or something along those lines. You can just ignore those lines. The real meat of the diff is the +/- lines. As you can tell "ip http server" was removed from the file (note the "-") and "no ip http server" was added to the config (note the "+"). Everything else around the +/- lines are there for context essentially, so you can see in the file where the changes have been made. Try adding a 20 line ACL and rerun rancid-run. Then make a few changes in the middle of the ACL. You'll see how it works pretty quickly. It will be evident once you start using it. Justin Jayaraj, Chandrasekaran wrote: > Hi All , > > Thanks for all your inputs .It was an eye opener for me . I will have to > make this work with my current cisco tacacs configuration that I have . > > But still I see a good amount of information using the GUI on what has > changed. > > By the way can anyone say what are these lines (sample of my diff > output) > > Index: configs/10.132.17.66 > =================================================================== > retrieving revision 1.7 > diff -U4 -r1.7 10.132.17.66 > @@ -498,9 +498,9 @@ - I don't understand what this line means > no ip address - Also it always shows these 3 lines. > no ip route-cache > shutdown > ! > - ip http server > + no ip http server > ! > ip access-list extended Core_marking_AF12_Admin > permit tcp any any eq smtp > permit tcp any eq smtp any > > While actually what I changed on the switch was the lines after the + > sign . > > Anyone have a document on how to understand this output ? ( I am aware > of the cvs-web and its cool but I would to like this to explain this > thing to my managers who will see this email stuff only ) > > warm regards, > ------------------------------------------------------------------------ > ----- > Chandrasekaran J > > ------------------------------------------------------------------------ > ----- > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Monday, June 25, 2007 10:59 PM > To: Jayaraj, Chandrasekaran > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set > in the.clogin file > > Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran: >> >> Hi , >> >> Thanks for the swift response . We do have cisco tacacs installed > using >> ACS. >> >> Even when we have that there may be multiple users who will be a part > of >> the authentication group who will actually have level 15 access . >> >> So say for eg we have a group called noc-users and there are 3 users >> namely user1 ,user2 ,user3 who will have privilege 15 access . >> >> But currently my cloginrc file has the entry in below format >> >> add user * user1 and >> >> add password * testpwd enabletestpwd >> >> >> >> So how can I check if I login as a user2 and do some change ? > > each user has their own HOME and $HOME/.cloginrc. > >> Currently all I get from rancid is that a diff output mail with the >> difference and no mention of the username doing the change . > > The others are correct, there is no attribution and no way to be certain > of > it without tacacs (or radius?) login and command accounting. You can > further > associate specific changes with rancid by using SEC; see the rancid FAQ, > section 3 question 5. With the time from the accounting logs, you can > approximately determine the user; approximate because multiple change > could > occur in the time taken for the collection. > This email is confidential. If you are not the addressee tell the sender immediately and destroy this email > without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, > interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for > damage caused by this email and may monitor email traffic. > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From AElliott at xo.com Tue Jun 26 19:51:39 2007 From: AElliott at xo.com (Elliott, Andrew) Date: Tue, 26 Jun 2007 15:51:39 -0400 Subject: [rancid] GSR 12k - sho diag / missing subslot spa info Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net> Hello, I have been recently asked that my router backups include the SUBSLOT line from 'sho diag' on the 12k's. Here is an example (trimmed for brevity) of the output I want rancid to parse: SLOT 1 (RP/LC 1 ): Modular SPA Interface Card (10G) -snip- SPA Information: subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok subslot 1/1: Empty subslot 1/2: Empty subslot 1/3: Empty SUBSLOT 1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port Adapter Product Identifier (PID) : SPA-10X1GE-V2 -snip- This is a new card type that we have recently begun deploying, and currently all that is backed up is the main SPA IC information, not the info on the "SUBSLOT" or "SPA -> subslot" lines. It is possible I am using a version of rancid that needs to be upgraded and/or patched. ## $Id: rancid.in,v 1.172 2004/03/14 16:57:05 heas Exp $ Any advice would be greatly appreciated. -andrew From Chandrasekaran.Jayaraj at in.standardchartered.com Wed Jun 27 10:40:31 2007 From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj, Chandrasekaran) Date: Wed, 27 Jun 2007 16:10:31 +0530 Subject: [rancid] Rancid -question Message-ID: Hi All , Rancid does the comparison with the running config on the router . Is there a way to make it compare only using the startup configs ? warm regards, ------------------------------------------------------------------------ ----- Chandrasekaran J Senior Technical Analyst, Network Center of Excellence, This email is confidential. If you are not the addressee tell the sender immediately and destroy this email without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for damage caused by this email and may monitor email traffic. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070627/85e545b0/attachment.html From rancid at gheek.net Wed Jun 27 17:36:13 2007 From: rancid at gheek.net (Lance) Date: Wed, 27 Jun 2007 10:36:13 -0700 Subject: [rancid] Re: Rancid -question Message-ID: <20070627103612.8e114e4890519e5179c192e02d6bca26.1ce12dbe42.wbe@email.secureserver.net> Chandrasekaran, Maybe I am crazy, but I would think you would just need to make a small adjustment to the code so it will run a show start. If I am right it would be a simple piece of code. Maybe even make a copy of RANCIDs script but alter it and change the show run/write term, to show start. But remember want to remove any of the old command reference to show run/write term. otherwise you will get both. -Lance > -------- Original Message -------- > Subject: [rancid] Rancid -question > From: "Jayaraj, Chandrasekaran" > > Date: Wed, June 27, 2007 3:40 am > To: > > Hi All , > > > > Rancid does the comparison with the running config on the router . Is > there a way to make it compare only using the startup configs ? > > > > warm regards, > ------------------------------------------------------------------------ > ----- > Chandrasekaran J > > > > Senior Technical Analyst, Network Center of Excellence, > > > > > > This email is confidential. If you are not the addressee tell the > sender immediately and destroy this email > without using, sending or storing it. Emails are not secure and may > suffer errors, viruses, delay, > interception and amendment. Standard Chartered PLC and subsidiaries > ("SCGroup") do not accept liability for > damage caused by this email and may monitor email traffic.
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From testure at ntlworld.com Tue Jun 26 14:07:53 2007 From: testure at ntlworld.com (Coffey Winston) Date: Tue, 26 Jun 2007 22:07:53 +0800 Subject: [rancid] The life has worsened? Depression has attacked you? STOP! Message-ID: <01c7b83e$71546d30$1d6d1748@testure> Hi, Depression? Life is bad? You do not wish to live? Depression? STOP! You have dropped from work? Depression? STOP! Problems in family? Depression? STOP! The life has worsened? Depression has attacked? SAY STOP! We know how to kill Depression! Try Prozac!Only 1.99$ per pillOUR SITE: RideSuch .hk -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070626/4d0956fd/attachment.html From tex at off.org Wed Jun 27 17:40:50 2007 From: tex at off.org (Austin Schutz) Date: Wed, 27 Jun 2007 10:40:50 -0700 Subject: [rancid] Re: Rancid -question In-Reply-To: References: Message-ID: <20070627174050.GQ3746@gblx.net> On Wed, Jun 27, 2007 at 04:10:31PM +0530, Jayaraj, Chandrasekaran wrote: > Hi All , > > > > Rancid does the comparison with the running config on the router . Is > there a way to make it compare only using the startup configs ? > > Where the code says {'show running-config' => 'WriteTerm'}, in rancid.in change it to startup-config. There is no rancid configuration to support this without modifying the code. Austin From lance at gheek.net Wed Jun 27 17:35:35 2007 From: lance at gheek.net (Lance Vermilion) Date: Wed, 27 Jun 2007 10:35:35 -0700 Subject: [rancid] Re: Rancid -question Message-ID: <20070627103535.8e114e4890519e5179c192e02d6bca26.5c29552c02.wbe@email.secureserver.net> Chandrasekaran, Maybe I am crazy, but I would think you would just need to make a small adjustment to the code so it will run a show start. If I am right it would be a simple piece of code. Maybe even make a copy of RANCIDs script but alter it and change the show run/write term, to show start. But remember want to remove any of the old command reference to show run/write term. otherwise you will get both. -Lance > -------- Original Message -------- > Subject: [rancid] Rancid -question > From: "Jayaraj, Chandrasekaran" > > Date: Wed, June 27, 2007 3:40 am > To: > > Hi All , > > > > Rancid does the comparison with the running config on the router . Is > there a way to make it compare only using the startup configs ? > > > > warm regards, > ------------------------------------------------------------------------ > ----- > Chandrasekaran J > > > > Senior Technical Analyst, Network Center of Excellence, > > > > > > This email is confidential. If you are not the addressee tell the > sender immediately and destroy this email > without using, sending or storing it. Emails are not secure and may > suffer errors, viruses, delay, > interception and amendment. Standard Chartered PLC and subsidiaries > ("SCGroup") do not accept liability for > damage caused by this email and may monitor email traffic.
_______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed Jun 27 18:41:42 2007 From: heas at shrubbery.net (john heasley) Date: Wed, 27 Jun 2007 11:41:42 -0700 Subject: [rancid] Re: GSR 12k - sho diag / missing subslot spa info In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net> Message-ID: <20070627184142.GV22136@shrubbery.net> Tue, Jun 26, 2007 at 03:51:39PM -0400, Elliott, Andrew: > Hello, > > I have been recently asked that my router backups include the SUBSLOT > line from 'sho diag' on the 12k's. > > Here is an example (trimmed for brevity) of the output I want rancid to > parse: > > SLOT 1 (RP/LC 1 ): Modular SPA Interface Card (10G) > -snip- > > SPA Information: > subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok > subslot 1/1: Empty > subslot 1/2: Empty > subslot 1/3: Empty > > SUBSLOT 1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port > Adapter > Product Identifier (PID) : SPA-10X1GE-V2 > -snip- > > This is a new card type that we have recently begun deploying, and > currently all that is backed up is the main SPA IC information, not the > info on the "SUBSLOT" or "SPA -> subslot" lines. I'd need to have the complete output; I don't have GSRs anymore. > It is possible I am using a version of rancid that needs to be upgraded > and/or patched. possibly. 'show inventory' has been added and that ought to include this information...if cisco has gotten around to adding it to this platform yet. From AElliott at xo.com Wed Jun 27 20:50:58 2007 From: AElliott at xo.com (Elliott, Andrew) Date: Wed, 27 Jun 2007 16:50:58 -0400 Subject: [rancid] Re: GSR 12k - sho diag / missing subslot spa info In-Reply-To: <20070627184142.GV22136@shrubbery.net> References: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net> <20070627184142.GV22136@shrubbery.net> Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14633@VARESTMAIL03.mail.inthosts.net> > > Hello, > > > > I have been recently asked that my router backups include > the SUBSLOT > > line from 'sho diag' on the 12k's. > > > > Here is an example (trimmed for brevity) of the output I > want rancid to > > parse: > > > > SLOT 1 (RP/LC 1 ): Modular SPA Interface Card (10G) > > -snip- > > > > SPA Information: > > subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok > > subslot 1/1: Empty > > subslot 1/2: Empty > > subslot 1/3: Empty > > > > SUBSLOT 1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port > > Adapter > > Product Identifier (PID) : SPA-10X1GE-V2 > > -snip- > > > > This is a new card type that we have recently begun deploying, and > > currently all that is backed up is the main SPA IC > information, not the > > info on the "SUBSLOT" or "SPA -> subslot" lines. > > I'd need to have the complete output; I don't have GSRs anymore. > CHR1.NYC-NY#sho diag 1 SLOT 1 (RP/LC 1 ): Modular SPA Interface Card (10G) MAIN: type 149, 00-0000-00 rev A0 Deviation: D090170 HW config: 0x20 SW key: 00-00-00 PCA: 00-00000-00 rev A0 ver 4 Design Release 1.0 S/N SAD000000M0 MBUS: Embedded Agent Test hist: 0x00 RMA#: 00-00-00 RMA hist: 0x00 DIAG: Test count: 0x00000000 Test results: 0x00000000 FRU: Linecard/Module: 12000-SIP-601= Processor Memory: MEM-LC5-2048=(Non-Replaceable) Packet Memory: MEM-LC5-PKT-256=(Non-Replaceable) L3 Engine: 5 - ISE 10 Gbps MBUS Agent Software version 2.51 (RAM) (ROM version is 3.50) ROM Monitor version 17.1 Fabric Downloader version used 4.1 (ROM version is 4.1) Primary clock is CSC 1 Board is analyzed Board State is Line Card Enabled (IOS RUN ) Insertion time: 00:22:52 (2w4d ago) Processor Memory size: 2147483648 bytes TX Packet Memory size: 268435456 bytes, Packet Memory pagesize: 32768 bytes RX Packet Memory size: 268435456 bytes, Packet Memory pagesize: 32768 bytes 0 crashes since restart SPA Information: subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok subslot 1/1: Empty subslot 1/2: Empty subslot 1/3: Empty CHR1.NYC-NY# > > > It is possible I am using a version of rancid that needs to > be upgraded > > and/or patched. > > possibly. 'show inventory' has been added and that ought to > include this > information...if cisco has gotten around to adding it to this platform > yet. > Looks like this might be the best way to go. From the show inventory: NAME: "slot 1", DESCR: "ISE 10G Modular Services Card v2" PID: 12000-SIP-601 , VID: V02, SN: SAD111403M0 NAME: "SPA subslot 1/0", DESCR: "10-port Gigabit Ethernet Shared Port Adapter" PID: SPA-10X1GE-V2 , VID: V01, SN: JAB111701NG From Chandrasekaran.Jayaraj at IN.STANDARDCHARTERED.COM Thu Jun 28 13:13:18 2007 From: Chandrasekaran.Jayaraj at IN.STANDARDCHARTERED.COM (Jayaraj, Chandrasekaran) Date: Thu, 28 Jun 2007 18:43:18 +0530 Subject: [rancid] telnet to a different port Message-ID: Hi Friends , My environment demands that I need to telnet to a port other than 23 for logging into a device . How do I change it in the clogin file in the /usr/local/rancid home directory . warm regards, ------------------------------------------------------------------------ ----- Chandrasekaran J ------------------------------------------------------------------------ ----- This email is confidential. If you are not the addressee tell the sender immediately and destroy this email without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay, interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for damage caused by this email and may monitor email traffic. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/6208ca96/attachment.html From AElliott at xo.com Thu Jun 28 14:43:41 2007 From: AElliott at xo.com (Elliott, Andrew) Date: Thu, 28 Jun 2007 10:43:41 -0400 Subject: [rancid] Cvsweb question Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14637@VARESTMAIL03.mail.inthosts.net> Hello, I recently moved my cvs repository to a new box, and although all the backups are working and I am having no problems with the diffs, I can not seem to get cvsweb to display correctly. In each level of the heirarchy, I get the following error: NOTE: There are X files, but none matches the current tag () Googling has not been fruitful. If anyone has run into this before, please let me know what I should be looking at. So far, I have confirmed the permissions are set correctly and the paths are correct. As stated above, the repository is working as expected and being updated with each run. Thanks in advance, -andrew From Todd at equivoice.com Thu Jun 28 16:14:05 2007 From: Todd at equivoice.com (Todd Heide) Date: Thu, 28 Jun 2007 11:14:05 -0500 Subject: [rancid] Current stable version? Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local> What is the current stable version of Rancid? I am building a new box due to the current one having hardware issues, and the OS is FC6, the current is FC4. Thanks CCNA CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image001.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3203 bytes Desc: image002.gif Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.gif From mstefani at redhat.com Thu Jun 28 16:27:26 2007 From: mstefani at redhat.com (Michael Stefaniuc) Date: Thu, 28 Jun 2007 18:27:26 +0200 Subject: [rancid] Re: Current stable version? In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local> Message-ID: <4683E16E.4060308@redhat.com> Todd Heide wrote: > What is the current stable version of Rancid? I am building a new box > due to the current one having hardware issues, and the OS is FC6, the > current is FC4. Afaik 2.3.1 is still counted as the last stable version but i doubt you will be happy with that one. Especially if you need/want one of the extra features/patches that float on the mailing list. Backporting that is just too much work. 2.3.2aX worked/works fine for me. bye michael -- Michael Stefaniuc Tel.: +49-711-96437-199 Sr. Network Engineer Fax.: +49-711-96437-111 Red Hat GmbH Email: mstefani at redhat.com Hauptstaetterstr. 58 http://www.redhat.de/ D-70178 Stuttgart From Todd at equivoice.com Thu Jun 28 17:18:24 2007 From: Todd at equivoice.com (Todd Heide) Date: Thu, 28 Jun 2007 12:18:24 -0500 Subject: [rancid] Re: Current stable version? In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local> Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F2DD@exchange.Equivoice.local> Also, is it possible to move the current repository of backups to the new server? I use CVS for this. Thanks Todd Heide Equivoice Inc. CCNA CWLSS CS-CISecS 847-235-3308 Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean ________________________________ From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide Sent: Thursday, June 28, 2007 11:14 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Current stable version? What is the current stable version of Rancid? I am building a new box due to the current one having hardware issues, and the OS is FC6, the current is FC4. Thanks CCNA CWLSS CS-CISecS Nothing ever goes as planned, Its a hell of a notion, Even pharaohs turn to sand, Like a drop in the ocean -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image002.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.jpe -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/gif Size: 3203 bytes Desc: image003.gif Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.gif -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 1450 bytes Desc: image004.jpg Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment-0001.jpe From heas at shrubbery.net Thu Jun 28 17:28:59 2007 From: heas at shrubbery.net (john heasley) Date: Thu, 28 Jun 2007 10:28:59 -0700 Subject: [rancid] Re: telnet to a different port In-Reply-To: References: Message-ID: <20070628172859.GU22136@shrubbery.net> Thu, Jun 28, 2007 at 06:43:18PM +0530, Jayaraj, Chandrasekaran: > Hi Friends , > > > > My environment demands that I need to telnet to a port other than 23 for > logging into a device . How do I change it in the clogin file in the > /usr/local/rancid home directory . > cloginrc(5) From david+rancid at luyer.net Thu Jun 28 18:20:54 2007 From: david+rancid at luyer.net (David Luyer - RANCID) Date: Thu, 28 Jun 2007 11:20:54 -0700 (PDT) Subject: [rancid] RANCID fails if a 'write term' fails after a 'show run' succeeds Message-ID: <61937.65.57.245.11.1183054854.squirrel@www.luyer.net> G'day, I noticed recently that RANCID fails when it attempts to back up the configuration for a Cisco where it is permitted to do a "show run" but not permitted to do a "write term". Since in this case it wouldn't actually use the output of the "write term" so it should ignore this and succeed. The fix is trivial, move the 'return(0)' up a few lines. Here's a patch (fixing other related cases too): --- rancid.in.orig 2007-06-28 10:42:15.000000000 -0700 +++ rancid.in 2007-06-28 10:43:19.000000000 -0700 @@ -155,8 +155,8 @@ next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; - return(-1) if (/command authorization failed/i); return(0) if ($found_version); # Only do this routine once + return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); @@ -480,8 +480,8 @@ #return(1) if ($type !~ /^7/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; - return(-1) if (/command authorization failed/i); return(0) if ($found_env); # Only do this routine once + return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { my($len) = length($1); @@ -939,8 +939,8 @@ # return(1) if ($type !~ /^(12[40]|720|36|26)/); return(1) if /Line has invalid autocommand /; return(1) if /(Invalid input detected|Type help or )/; - return(-1) if (/command authorization failed/i); return(0) if ($found_diag); # Only do this routine once + return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { @@ -1411,6 +1411,7 @@ last if (/^$prompt/); return(1) if /Line has invalid autocommand /; return(1) if (/(Invalid input detected|Type help or )/i); + return(0) if ($found_end); # Only do this routine once return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX if (/^(<-+ More -+>)/) { @@ -1419,7 +1420,6 @@ } /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked - return(0) if ($found_end); # Only do this routine once $linecnt++; $lineauto = 0 if (/^[^ ]/); # skip the crap David. From tfpedroso at gmail.com Thu Jun 28 13:52:31 2007 From: tfpedroso at gmail.com (Tiago Faro Pedroso) Date: Thu, 28 Jun 2007 14:52:31 +0100 Subject: [rancid] Re: telnet to a different port Message-ID: <3CDFE5E1-D1F5-4C82-9404-060FDF21DD37@gmail.com> Hi, add method {ssh} [{...}] Defines, in order, the connection methods to use for a device from the set {ssh, telnet, rsh}. Method telnet may have a suffix, indicating an alternate TCP port, of the form ":port". so, I think add method telnet: should do it... Regards Tiago Faro Pedroso tfpedroso at gmail.com On Jun 28, 2007, at 2:13 PM, Jayaraj, Chandrasekaran wrote: > Hi Friends , > > > > My environment demands that I need to telnet to a port other than > 23 for logging into a device . How do I change it in the clogin > file in the /usr/local/rancid home directory . > > > > warm regards, > ---------------------------------------------------------------------- > ------- > Chandrasekaran J > > > > ---------------------------------------------------------------------- > ------- > > > > This email is confidential. If you are not the addressee tell the > sender immediately and destroy this email > without using, sending or storing it. Emails are not secure and may > suffer errors, viruses, delay, > interception and amendment. Standard Chartered PLC and subsidiaries > ("SCGroup") do not accept liability for > damage caused by this email and may monitor email traffic. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/96c4b4a2/attachment.html