From gouldwp at auburn.edu  Thu Jun  7 19:12:17 2007
From: gouldwp at auburn.edu (Walter Gould)
Date: Thu, 07 Jun 2007 14:12:17 -0500
Subject: [rancid] Re: RANCID admin web front-end
In-Reply-To: <20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe@email.secureserver.net>
References: <20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe@email.secureserver.net>
Message-ID: <46681241.267C.00C8.0@auburn.edu>

Group,

I have cobbled together a RANCID php/mysql based web front-end.  It can
be used to add to, delete from and search for cisco devices in a mysql
db.  There are also two perl scripts that export the needed data from
the db into the router.db and .cloginrc files.   The tar archive is
attached to this e-mail.  I hope this may be of use to some other
folks.

Walter 


>>> On Fri, May 25, 2007 at  2:59 PM, in message
<20070525125933.8e114e4890519e5179c192e02d6bca26.c28b097890.wbe at email.secureserv
r.net>, Lance <rancid at gheek.net> wrote: 
> Walter,
> 
> My script does not handle the .cloginrc as that is pretty much static
if
> you are running TACACS+/RADIUS.
> 
> It could be handy, but you probably want to add support for mysql as
> most people probably have that running instead of postgresql.
> 
> None the less it sounds exciting. let me know when you are done.
> 
> - Lance
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: rancid_web_mysql.tar
Type: application/x-tar
Size: 20480 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070607/ab4bd352/attachment.tar 

From yathrib.public at gmail.com  Wed Jun 13 01:11:35 2007
From: yathrib.public at gmail.com (null yathrib)
Date: Tue, 12 Jun 2007 21:11:35 -0400
Subject: [rancid]  config repository tools?
Message-ID: <d86119190706121811g47cd7b2bydedbd07e2f6ec659@mail.gmail.com>

Not a Rancid question, but I was wondering if there were any good
tools to use with the repository of offline configs.  Yes, grep + awk
are old staples, but  was wondering if anyone had other suggestions.

There was RAT  (http://unix.freshmeat.net/projects/routeraudittool) to
do some audits via a shell script.

I've looked at Cisco::Reconfig
(http://search.cpan.org/dist/Cisco-Reconfig) to do things like the
below.  Anyone have recipes using it they're interested in sharing?

--snip--
use Cisco::Reconfig;

for (@ARGV) {
    my $config = Cisco::Reconfig::readconfig($_);

    # Get ip helper-addresses since we can't retrieve these all via SNMP
    for my $int ( $config->get( 'interface' )->all ) {
        my @helpers = $int->get('ip helper-address')->all;
        if ( $helpers[0] ) {
            print $int;
            for my $helper ( @helpers ) {
                print $helper;
            }
        }
    }
}
--snip--

Any other suggestions or pointers appreciated.

-- 
yathrib

From Michael.Skinner at virginmedia.co.uk  Wed Jun 13 14:24:37 2007
From: Michael.Skinner at virginmedia.co.uk (Michael Skinner)
Date: Wed, 13 Jun 2007 15:24:37 +0100
Subject: [rancid] Re: config repository tools?
Message-ID: <D35EFB885F0CD8118EB1000D9D4E1BBB07EE4976@PB-EM-XCHG-1>

I currently use a homemade perl script to create a HTML representation of
all my NetScreen configs giving a nice overview of the config running on
each device. I run it against any updated files in my /configs after each
rancid-run in crontab.  Combining that with CVSweb gives you a killer
front-end!  http://www.freebsd.org/projects/cvsweb.html

Nipper could be used to create your HTML reports:
http://sourceforge.net/projects/nipper

It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP, CatOS,
NetScreen ScreenOS) into a HTML report with some light "audit/guidance" - I
don't use it myself as I don't find its that great with Netscreen firewalls
yet...but I understand its pretty mature on cisco and the like.

Mike




-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib
Sent: 13 June 2007 02:12
To: rancid-discuss at shrubbery.net
Subject: [rancid] config repository tools?


Not a Rancid question, but I was wondering if there were any good
tools to use with the repository of offline configs.  Yes, grep + awk
are old staples, but  was wondering if anyone had other suggestions.

There was RAT  (http://unix.freshmeat.net/projects/routeraudittool) to
do some audits via a shell script.

I've looked at Cisco::Reconfig
(http://search.cpan.org/dist/Cisco-Reconfig) to do things like the
below.  Anyone have recipes using it they're interested in sharing?

--snip--
use Cisco::Reconfig;

for (@ARGV) {
    my $config = Cisco::Reconfig::readconfig($_);

    # Get ip helper-addresses since we can't retrieve these all via SNMP
    for my $int ( $config->get( 'interface' )->all ) {
        my @helpers = $int->get('ip helper-address')->all;
        if ( $helpers[0] ) {
            print $int;
            for my $helper ( @helpers ) {
                print $helper;
            }
        }
    }
}
--snip--

Any other suggestions or pointers appreciated.

-- 
yathrib
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------

Save Paper - Do you really need to print this e-mail?

Visit www.virginmedia.com for more information, and more fun.

This email and any attachments are or may be confidential and legally privileged and are sent solely for the attention of the addressee(s). If you have received this email in error, please delete it from your system: its use, disclosure or copying is unauthorised. Statements and opinions expressed in this email may not represent those of Virgin Media. Any representations or commitments in this email are subject to contract. Please note that we are migrating our email addresses to a company wide address of "@virginmedia.co.uk". If you are sending to a Telewest or ntl email address your email will be re-directed. 

Registered office: 160 Great Portland Street, London W1W 5QA. Registered in England and Wales with number 2591237


==============================================================================


From rancid at gheek.net  Wed Jun 13 17:05:35 2007
From: rancid at gheek.net (Lance)
Date: Wed, 13 Jun 2007 10:05:35 -0700
Subject: [rancid] Re: config repository tools?
Message-ID: <20070613100535.8e114e4890519e5179c192e02d6bca26.777bf98b79.wbe@email.secureserver.net>

Nipper is pretty cool. I might need to go in and modify some of the
stuff it thinks is a problem like CDP. hehe. That way I can use it as a
true tool. Any other cool tools up your sleeves?

-Lance


> -------- Original Message --------
> Subject: [rancid] Re: config repository tools?
> From: "Michael Skinner" <Michael.Skinner at virginmedia.co.uk>
> Date: Wed, June 13, 2007 7:24 am
> To: "'rancid-discuss at shrubbery.net'" <rancid-discuss at shrubbery.net>
> 
> I currently use a homemade perl script to create a HTML representation of
> all my NetScreen configs giving a nice overview of the config running on
> each device. I run it against any updated files in my /configs after each
> rancid-run in crontab.  Combining that with CVSweb gives you a killer
> front-end!  http://www.freebsd.org/projects/cvsweb.html
> 
> Nipper could be used to create your HTML reports:
> http://sourceforge.net/projects/nipper
> 
> It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP,
> CatOS,
> NetScreen ScreenOS) into a HTML report with some light
> "audit/guidance" - I
> don't use it myself as I don't find its that great with Netscreen
> firewalls
> yet...but I understand its pretty mature on cisco and the like.
> 
> Mike
> 
> 
> 
> 
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib
> Sent: 13 June 2007 02:12
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] config repository tools?
> 
> 
> Not a Rancid question, but I was wondering if there were any good
> tools to use with the repository of offline configs.  Yes, grep + awk
> are old staples, but  was wondering if anyone had other suggestions.
> 
> There was RAT  (http://unix.freshmeat.net/projects/routeraudittool) to
> do some audits via a shell script.
> 
> I've looked at Cisco::Reconfig
> (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the
> below.  Anyone have recipes using it they're interested in sharing?
> 
> --snip--
> use Cisco::Reconfig;
> 
> for (@ARGV) {
>     my $config = Cisco::Reconfig::readconfig($_);
> 
>     # Get ip helper-addresses since we can't retrieve these all via SNMP
>     for my $int ( $config->get( 'interface' )->all ) {
>         my @helpers = $int->get('ip helper-address')->all;
>         if ( $helpers[0] ) {
>             print $int;
>             for my $helper ( @helpers ) {
>                 print $helper;
>             }
>         }
>     }
> }
> --snip--
> 
> Any other suggestions or pointers appreciated.
> 
> -- 
> yathrib
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> ------------------------------------------------------------------------------
> 
> Save Paper - Do you really need to print this e-mail?
> 
> Visit www.virginmedia.com for more information, and more fun.
> 
> This email and any attachments are or may be confidential and legally
> privileged and are sent solely for the attention of the addressee(s).
> If you have received this email in error, please delete it from your
> system: its use, disclosure or copying is unauthorised. Statements and
> opinions expressed in this email may not represent those of Virgin
> Media. Any representations or commitments in this email are subject to
> contract. Please note that we are migrating our email addresses to a
> company wide address of "@virginmedia.co.uk". If you are sending to a
> Telewest or ntl email address your email will be re-directed. 
> 
> Registered office: 160 Great Portland Street, London W1W 5QA.
> Registered in England and Wales with number 2591237
> 
> 
> ==============================================================================
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From Eliane.Tortelli at fornecedores.vivo.com.br  Wed Jun 13 17:20:38 2007
From: Eliane.Tortelli at fornecedores.vivo.com.br (Eliane Tortelli)
Date: Wed, 13 Jun 2007 14:20:38 -0300
Subject: [rancid]   Rancid for Nortel
In-Reply-To: <20070613100535.8e114e4890519e5179c192e02d6bca26.777bf98b79.wbe@email.secureserver.net>
Message-ID: <5F53E7E24DDFBB4499FB79994E22A19D4FB11B@SP3EXCEVSK302.REDECORP.BR>

Hi

Maybe someone can help me... I need to use Rancid to do backup with
Nortel equipament. Nortel 4k.

But as I tested, I guess it not work properly with this model... I am
not sure if is possible or not and what is necessary change on the
script for it.

Thank you for any help.


Eliane 


-----Mensagem original-----
De: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] Em nome de Lance
Enviada em: quarta-feira, 13 de junho de 2007 14:06
Para: Michael Skinner
Cc: 'rancid-discuss at shrubbery.net'
Assunto: [rancid] Re: config repository tools?

Nipper is pretty cool. I might need to go in and modify some of the
stuff it thinks is a problem like CDP. hehe. That way I can use it as a
true tool. Any other cool tools up your sleeves?

-Lance


> -------- Original Message --------
> Subject: [rancid] Re: config repository tools?
> From: "Michael Skinner" <Michael.Skinner at virginmedia.co.uk>
> Date: Wed, June 13, 2007 7:24 am
> To: "'rancid-discuss at shrubbery.net'" <rancid-discuss at shrubbery.net>
> 
> I currently use a homemade perl script to create a HTML representation
of
> all my NetScreen configs giving a nice overview of the config running
on
> each device. I run it against any updated files in my /configs after
each
> rancid-run in crontab.  Combining that with CVSweb gives you a killer
> front-end!  http://www.freebsd.org/projects/cvsweb.html
> 
> Nipper could be used to create your HTML reports:
> http://sourceforge.net/projects/nipper
> 
> It passes various types of configs (Cisco IOS, PIX, ASA, FWSM, NMP,
> CatOS,
> NetScreen ScreenOS) into a HTML report with some light
> "audit/guidance" - I
> don't use it myself as I don't find its that great with Netscreen
> firewalls
> yet...but I understand its pretty mature on cisco and the like.
> 
> Mike
> 
> 
> 
> 
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net]On Behalf Of null yathrib
> Sent: 13 June 2007 02:12
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] config repository tools?
> 
> 
> Not a Rancid question, but I was wondering if there were any good
> tools to use with the repository of offline configs.  Yes, grep + awk
> are old staples, but  was wondering if anyone had other suggestions.
> 
> There was RAT  (http://unix.freshmeat.net/projects/routeraudittool) to
> do some audits via a shell script.
> 
> I've looked at Cisco::Reconfig
> (http://search.cpan.org/dist/Cisco-Reconfig) to do things like the
> below.  Anyone have recipes using it they're interested in sharing?
> 
> --snip--
> use Cisco::Reconfig;
> 
> for (@ARGV) {
>     my $config = Cisco::Reconfig::readconfig($_);
> 
>     # Get ip helper-addresses since we can't retrieve these all via
SNMP
>     for my $int ( $config->get( 'interface' )->all ) {
>         my @helpers = $int->get('ip helper-address')->all;
>         if ( $helpers[0] ) {
>             print $int;
>             for my $helper ( @helpers ) {
>                 print $helper;
>             }
>         }
>     }
> }
> --snip--
> 
> Any other suggestions or pointers appreciated.
> 
> -- 
> yathrib
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
>
------------------------------------------------------------------------
------
> 
> Save Paper - Do you really need to print this e-mail?
> 
> Visit www.virginmedia.com for more information, and more fun.
> 
> This email and any attachments are or may be confidential and legally
> privileged and are sent solely for the attention of the addressee(s).
> If you have received this email in error, please delete it from your
> system: its use, disclosure or copying is unauthorised. Statements and
> opinions expressed in this email may not represent those of Virgin
> Media. Any representations or commitments in this email are subject to
> contract. Please note that we are migrating our email addresses to a
> company wide address of "@virginmedia.co.uk". If you are sending to a
> Telewest or ntl email address your email will be re-directed. 
> 
> Registered office: 160 Great Portland Street, London W1W 5QA.
> Registered in England and Wales with number 2591237
> 
> 
>
========================================================================
======
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From dbstewart at dswrite.com  Thu Jun 14 14:46:27 2007
From: dbstewart at dswrite.com (David B. Stewart)
Date: Thu, 14 Jun 2007 09:46:27 -0500
Subject: [rancid]  missed cmd issues - "wr term"
Message-ID: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL>

I've seen several reports by others having this same problem, but have yet to find a report of cause and resolution.
RANCID was working fine for weeks, then started dropping "wr term" from the runs in an apparently random, though
semi-permanent, fashion.  Once this problem hits, it doesn't seem to go away.  The nodes in question are Cisco IOS.

My suspicion is that it is resource problem on the rancid server.  Suspicions don't count for much, though.  Can someone
shed some light on the issue?

Sample log is shown below.  Notice that in this case, the 10.y.z.20 seems to run OK, but the first two fail.  They fail
consistently from the scheduled runs.  Manual clogin runs to the specific nodes have no apparent problem.
Unfortunately, I know of no way to get the manual run to do the full diff and CVS archive.

---begin included content

Trying to get all of the configs.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

10.y.z.20: missed cmd(s): write term

=====================================

Getting missed routers: round 1.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

=====================================

Getting missed routers: round 2.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

=====================================

Getting missed routers: round 3.

10.x.y.249: missed cmd(s): write term

10.x.y.248: missed cmd(s): write term

=====================================

Getting missed routers: round 4.

10.x.y.249: missed cmd(s): write term

10.x.y.248: missed cmd(s): write term

---end included content

Thanks!

Dave

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070614/bfe4cf25/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 145 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070614/bfe4cf25/attachment.gif 

From tex at off.org  Fri Jun 15 03:31:57 2007
From: tex at off.org (Austin Schutz)
Date: Thu, 14 Jun 2007 20:31:57 -0700
Subject: [rancid] Re: missed cmd issues - "wr term"
In-Reply-To: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL>
References: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL>
Message-ID: <20070615033157.GB3746@gblx.net>

On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote:
> I've seen several reports by others having this same problem, but have yet to find a report of cause and resolution.
> RANCID was working fine for weeks, then started dropping "wr term" from the runs in an apparently random, though
> semi-permanent, fashion.  Once this problem hits, it doesn't seem to go away.  The nodes in question are Cisco IOS.
> 
> My suspicion is that it is resource problem on the rancid server.  Suspicions don't count for much, though.  Can someone
> shed some light on the issue?
> 
> Sample log is shown below.  Notice that in this case, the 10.y.z.20 seems to run OK, but the first two fail.  They fail
> consistently from the scheduled runs.  Manual clogin runs to the specific nodes have no apparent problem.
> Unfortunately, I know of no way to get the manual run to do the full diff and CVS archive.

	When I have these problems I log into the offending device and
run each command one by one. This almost always results in the device having
some abnormal behavior during the command in question due to some router
OS bug.

	Austin

From dbstewart at dswrite.com  Fri Jun 15 03:40:34 2007
From: dbstewart at dswrite.com (David B. Stewart)
Date: Thu, 14 Jun 2007 22:40:34 -0500
Subject: [rancid] Re: missed cmd issues - "wr term"
In-Reply-To: <20070615033157.GB3746@gblx.net>
Message-ID: <000001c7aefe$eef57b60$4001a8c0@SUPERCECIL>

Thanks, but that doesn't seem to be the case here.

-----Original Message-----
From: Austin Schutz [mailto:tex at off.org] 
Sent: Thursday, June 14, 2007 10:32 PM
To: David B. Stewart
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] missed cmd issues - "wr term"


On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote:
> I've seen several reports by others having this same problem, but have 
> yet to find a report of cause and resolution. RANCID was working fine 
> for weeks, then started dropping "wr term" from the runs in an 
> apparently random, though semi-permanent, fashion.  Once this problem 
> hits, it doesn't seem to go away.  The nodes in question are Cisco 
> IOS.
> 
> My suspicion is that it is resource problem on the rancid server.  
> Suspicions don't count for much, though.  Can someone shed some light 
> on the issue?
> 
> Sample log is shown below.  Notice that in this case, the 10.y.z.20 
> seems to run OK, but the first two fail.  They fail consistently from 
> the scheduled runs.  Manual clogin runs to the specific nodes have no 
> apparent problem. Unfortunately, I know of no way to get the manual 
> run to do the full diff and CVS archive.

	When I have these problems I log into the offending device and run each command one by one. This almost always
results in the device having some abnormal behavior during the command in question due to some router OS bug.

	Austin


From neilorley at gmail.com  Fri Jun 15 14:11:13 2007
From: neilorley at gmail.com (Neil Orley)
Date: Fri, 15 Jun 2007 16:11:13 +0200
Subject: [rancid]  ERX bugs in Rancid?
Message-ID: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com>

Hello,

I've just commmented in this line 266 in the clogin file, and now it seems
to work fine with the ERX1440 :

# This routine parses "dir"

sub DirSlotN {

    print STDERR "    In DirSlotN: $_" if ($debug);


    my($dev) = (/\s([^\s]+):/);



    while (<INPUT>) {

        tr/\015//d;

        last if (/^$prompt/);

        next if (/^(\s*|\s*$cmd\s*)$/);

        next if (/^Please wait/i);

        next if (/^system\.log/);

        # fail if the RP is amid the auto-sync process

        *#return(-1) if (/active\/standby/ && /not sync/);*



        ProcessHistory("FLASH","","","!Flash: $_");

    }

    ProcessHistory("","","","!\n");

    return(0);

}



Regards,

Neil ORLEY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/12e17885/attachment.html 

From scott at telesphere.com  Fri Jun 15 16:17:26 2007
From: scott at telesphere.com (Scott Stoddard)
Date: Fri, 15 Jun 2007 09:17:26 -0700
Subject: [rancid] Re: missed cmd issues - "wr term"
In-Reply-To: <000101c7ae92$ca38d950$4001a8c0@SUPERCECIL>
Message-ID: <20070615165622.E1F288655E@guelah.shrubbery.net>

 

I had the exact same problem and just like you it started out of nowhere. I
logged into each device as rancid manually and the commands would work just
fine. I eventually just removed ?write term? from the list of commands and
haven?t had a problem since. I believe the command is in there for certain
legacy devices anyway.

--Scott

 

   _____  

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of David B. Stewart
Sent: Thursday, June 14, 2007 7:46 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] missed cmd issues - "wr term"

 

I've seen several reports by others having this same problem, but have yet
to find a report of cause and resolution.  RANCID was working fine for
weeks, then started dropping "wr term" from the runs in an apparently
random, though semi-permanent, fashion.  Once this problem hits, it doesn't
seem to go away.  The nodes in question are Cisco IOS.

My suspicion is that it is resource problem on the rancid server.
Suspicions don't count for much, though.  Can someone shed some light on the
issue?

Sample log is shown below.  Notice that in this case, the 10.y.z.20 seems to
run OK, but the first two fail.  They fail consistently from the scheduled
runs.  Manual clogin runs to the specific nodes have no apparent problem.
Unfortunately, I know of no way to get the manual run to do the full diff
and CVS archive.

---begin included content

Trying to get all of the configs.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

10.y.z.20: missed cmd(s): write term

=====================================

Getting missed routers: round 1.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

=====================================

Getting missed routers: round 2.

10.x.y.248: missed cmd(s): write term

10.x.y.249: missed cmd(s): write term

=====================================

Getting missed routers: round 3.

10.x.y.249: missed cmd(s): write term

10.x.y.248: missed cmd(s): write term

=====================================

Getting missed routers: round 4.

10.x.y.249: missed cmd(s): write term

10.x.y.248: missed cmd(s): write term

---end included content

Thanks!

Dave

 


No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.16/849 - Release Date: 6/14/2007
12:44 PM



No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.472 / Virus Database: 269.8.17/850 - Release Date: 6/15/2007
11:31 AM
 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/0d62d3e8/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 145 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070615/0d62d3e8/attachment.gif 

From heas at shrubbery.net  Sun Jun 17 19:07:43 2007
From: heas at shrubbery.net (john heasley)
Date: Sun, 17 Jun 2007 19:07:43 +0000
Subject: [rancid] Re: missed cmd issues - "wr term"
In-Reply-To: <000001c7aefe$eef57b60$4001a8c0@SUPERCECIL>
References: <20070615033157.GB3746@gblx.net>
	<000001c7aefe$eef57b60$4001a8c0@SUPERCECIL>
Message-ID: <20070617190743.GN3531@shrubbery.net>

is this a solaris or linux box that does not have the expect patch (found
on the rancid web page) applied?

Thu, Jun 14, 2007 at 10:40:34PM -0500, David B. Stewart:
> Thanks, but that doesn't seem to be the case here.
> 
> -----Original Message-----
> From: Austin Schutz [mailto:tex at off.org] 
> Sent: Thursday, June 14, 2007 10:32 PM
> To: David B. Stewart
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] missed cmd issues - "wr term"
> 
> 
> On Thu, Jun 14, 2007 at 09:46:27AM -0500, David B. Stewart wrote:
> > I've seen several reports by others having this same problem, but have 
> > yet to find a report of cause and resolution. RANCID was working fine 
> > for weeks, then started dropping "wr term" from the runs in an 
> > apparently random, though semi-permanent, fashion.  Once this problem 
> > hits, it doesn't seem to go away.  The nodes in question are Cisco 
> > IOS.
> > 
> > My suspicion is that it is resource problem on the rancid server.  
> > Suspicions don't count for much, though.  Can someone shed some light 
> > on the issue?
> > 
> > Sample log is shown below.  Notice that in this case, the 10.y.z.20 
> > seems to run OK, but the first two fail.  They fail consistently from 
> > the scheduled runs.  Manual clogin runs to the specific nodes have no 
> > apparent problem. Unfortunately, I know of no way to get the manual 
> > run to do the full diff and CVS archive.
> 
> 	When I have these problems I log into the offending device and run each command one by one. This almost always
> results in the device having some abnormal behavior during the command in question due to some router OS bug.
> 
> 	Austin
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From heas at shrubbery.net  Sun Jun 17 19:24:23 2007
From: heas at shrubbery.net (john heasley)
Date: Sun, 17 Jun 2007 19:24:23 +0000
Subject: [rancid] Re: ERX bugs in Rancid?
In-Reply-To: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com>
References: <788ce2b40706150711g46f24b35kbd87d7c78b3c7889@mail.gmail.com>
Message-ID: <20070617192423.GO3531@shrubbery.net>

Fri, Jun 15, 2007 at 04:11:13PM +0200, Neil Orley:
> Hello,
> 
> I've just commmented in this line 266 in the clogin file, and now it seems
> to work fine with the ERX1440 :

Could you provide more information?  What is the actually output of the
dir command?

> # This routine parses "dir"
> 
> sub DirSlotN {
> 
>    print STDERR "    In DirSlotN: $_" if ($debug);
> 
> 
>    my($dev) = (/\s([^\s]+):/);
> 
> 
> 
>    while (<INPUT>) {
> 
>        tr/\015//d;
> 
>        last if (/^$prompt/);
> 
>        next if (/^(\s*|\s*$cmd\s*)$/);
> 
>        next if (/^Please wait/i);
> 
>        next if (/^system\.log/);
> 
>        # fail if the RP is amid the auto-sync process
> 
>        *#return(-1) if (/active\/standby/ && /not sync/);*
> 
> 
> 
>        ProcessHistory("FLASH","","","!Flash: $_");
> 
>    }
> 
>    ProcessHistory("","","","!\n");
> 
>    return(0);
> 
> }
> 
> 
> 
> Regards,
> 
> Neil ORLEY

> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From rancid at gheek.net  Mon Jun 18 20:57:42 2007
From: rancid at gheek.net (Lance)
Date: Mon, 18 Jun 2007 13:57:42 -0700
Subject: [rancid] Re: missed cmd issues - "wr term"
Message-ID: <20070618135742.8e114e4890519e5179c192e02d6bca26.05849a21e2.wbe@email.secureserver.net>

I have had this same problem and a while back had a rather lengthy email
chain going. I had all the pathes and to no avail I was just out of
luck. I finally concluded it had to do with the OS as I never had this
issue with FreeBSD. I did however have different results with telnet vs
SSH. 

I wish I had an answer to this other than to tell you to switch to
FreeBSD and all your problems should go far far away.

-lance



> -------- Original Message --------
> Subject: [rancid] Re: missed cmd issues - "wr term"
> From: "Scott Stoddard" <scott at telesphere.com>
> Date: Fri, June 15, 2007 9:17 am
> To: <dbstewart at dswrite.com>,  <rancid-discuss at shrubbery.net>
> 
> I had the exact same problem and just like you it started out of
> nowhere. I
> logged into each device as rancid manually and the commands would work
> just
> fine. I eventually just removed "write term" from the list of
> commands and
> haven't had a problem since. I believe the command is in there for
> certain
> legacy devices anyway.
> 
> --Scott
> 
>  
> 
>    _____  
> 
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of David B.
> Stewart
> Sent: Thursday, June 14, 2007 7:46 AM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] missed cmd issues - "wr term"
> 
>  
> 
> I've seen several reports by others having this same problem, but have
> yet
> to find a report of cause and resolution.  RANCID was working fine for
> weeks, then started dropping "wr term" from the runs in an apparently
> random, though semi-permanent, fashion.  Once this problem hits, it
> doesn't
> seem to go away.  The nodes in question are Cisco IOS.
> 
> My suspicion is that it is resource problem on the rancid server.
> Suspicions don't count for much, though.  Can someone shed some light
> on the
> issue?
> 
> Sample log is shown below.  Notice that in this case, the 10.y.z.20
> seems to
> run OK, but the first two fail.  They fail consistently from the
> scheduled
> runs.  Manual clogin runs to the specific nodes have no apparent problem.
> Unfortunately, I know of no way to get the manual run to do the full diff
> and CVS archive.
> 
> ---begin included content
> 
> Trying to get all of the configs.
> 
> 10.x.y.248: missed cmd(s): write term
> 
> 10.x.y.249: missed cmd(s): write term
> 
> 10.y.z.20: missed cmd(s): write term
> 
> =====================================
> 
> Getting missed routers: round 1.
> 
> 10.x.y.248: missed cmd(s): write term
> 
> 10.x.y.249: missed cmd(s): write term
> 
> =====================================
> 
> Getting missed routers: round 2.
> 
> 10.x.y.248: missed cmd(s): write term
> 
> 10.x.y.249: missed cmd(s): write term
> 
> =====================================
> 
> Getting missed routers: round 3.
> 
> 10.x.y.249: missed cmd(s): write term
> 
> 10.x.y.248: missed cmd(s): write term
> 
> =====================================
> 
> Getting missed routers: round 4.
> 
> 10.x.y.249: missed cmd(s): write term
> 
> 10.x.y.248: missed cmd(s): write term
> 
> ---end included content
> 
> Thanks!
> 
> Dave
> 
>  
> 
> 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.472 / Virus Database: 269.8.16/849 - Release Date: 6/14/2007
> 12:44 PM
> 
> 
> 
> No virus found in this outgoing message.
> Checked by AVG Free Edition. 
> Version: 7.5.472 / Virus Database: 269.8.17/850 - Release Date: 6/15/2007
> 11:31 AM<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From chiel at gmx.net  Tue Jun 19 15:25:11 2007
From: chiel at gmx.net (chiel)
Date: Tue, 19 Jun 2007 17:25:11 +0200
Subject: [rancid]  Rancid Debian packages?
Message-ID: <00f201c7b286$0742d250$4d0010ac@michiel>

Hello,

I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package.
Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages.

chiel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070619/ae80018c/attachment.html 

From d.bay at cablesurf.de  Tue Jun 19 15:31:40 2007
From: d.bay at cablesurf.de (Dominik Bay)
Date: Tue, 19 Jun 2007 17:31:40 +0200
Subject: [rancid] Re: Rancid Debian packages?
In-Reply-To: <00f201c7b286$0742d250$4d0010ac@michiel>
References: <00f201c7b286$0742d250$4d0010ac@michiel>
Message-ID: <200706191731.45643.d.bay@cablesurf.de>

On Tuesday 19 June 2007 17:25:11 chiel wrote:
> Hello,
>
> I would like to try out Rancid (for cisco divices). But I only can find a
> source install and the debian website says Rancid is a "non-free" package.
> Is there any way to install it from a .deb file? I just want to do a quick
> install without going to compile all the packages.

Just install the non-free Package. Where is the Problem?

Regards,
Dominik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070619/e8031a4d/attachment.bin 

From heas at shrubbery.net  Tue Jun 19 17:42:25 2007
From: heas at shrubbery.net (john heasley)
Date: Tue, 19 Jun 2007 10:42:25 -0700
Subject: [rancid] Re: Rancid Debian packages?
In-Reply-To: <00f201c7b286$0742d250$4d0010ac@michiel>
References: <00f201c7b286$0742d250$4d0010ac@michiel>
Message-ID: <20070619174225.GE17142@shrubbery.net>

Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel:
> Hello,
> 
> I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package.

Who is charging for RANCID?  That violates the license.

> Is there any way to install it from a .deb file? I just want to do a quick install without going to compile all the packages.
> 
> chiel
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From tex at off.org  Tue Jun 19 17:50:09 2007
From: tex at off.org (Austin Schutz)
Date: Tue, 19 Jun 2007 10:50:09 -0700
Subject: [rancid] Re: Rancid Debian packages?
In-Reply-To: <20070619174225.GE17142@shrubbery.net>
References: <00f201c7b286$0742d250$4d0010ac@michiel>
	<20070619174225.GE17142@shrubbery.net>
Message-ID: <20070619175009.GK3746@gblx.net>

On Tue, Jun 19, 2007 at 10:42:25AM -0700, john heasley wrote:
> Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel:
> > Hello,
> > 
> > I would like to try out Rancid (for cisco divices). But I only can find a source install and the debian website says Rancid is a "non-free" package.
> 
> Who is charging for RANCID?  That violates the license.
> 


	free like free vs. enslaved. They don't like the license for
whatever reason. *shrug*
	5 seconds of google searching for 'rancid binary debian package'
returned locations for where to download x86 packages as the third item. Not
sure what you tried.

	Austin

From Todd at equivoice.com  Tue Jun 19 18:19:22 2007
From: Todd at equivoice.com (Todd Heide)
Date: Tue, 19 Jun 2007 13:19:22 -0500
Subject: [rancid] Re: Rancid Debian packages?
In-Reply-To: <20070619174225.GE17142@shrubbery.net>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22070A7E9@exchange.Equivoice.local>

I am wondering if it may have read non-fee, and was just misread. 

Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley
Sent: Tuesday, June 19, 2007 12:42 PM
To: chiel
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Rancid Debian packages?

Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel:
> Hello,
> 
> I would like to try out Rancid (for cisco divices). But I only can
find a source install and the debian website says Rancid is a "non-free"
package.

Who is charging for RANCID?  That violates the license.

> Is there any way to install it from a .deb file? I just want to do a
quick install without going to compile all the packages.
> 
> chiel
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From chiel at gmx.net  Tue Jun 19 19:00:01 2007
From: chiel at gmx.net (chiel)
Date: Tue, 19 Jun 2007 21:00:01 +0200
Subject: [rancid] Re: Rancid Debian packages?
References: <082FEA82DC985B4F8A6B412D5AC4E22070A7E9@exchange.Equivoice.local>
Message-ID: <000d01c7b2a4$172e9d20$0302a8c0@michiel>

See,
http://packages.debian.org/stable/net/rancid-core

But I already installed it now by editing the source list.
thanks all.



----- Original Message ----- 
From: "Todd Heide" <Todd at equivoice.com>
To: "john heasley" <heas at shrubbery.net>; "chiel" <chiel at gmx.net>
Cc: <rancid-discuss at shrubbery.net>
Sent: Tuesday, June 19, 2007 8:19 PM
Subject: RE: [rancid] Re: Rancid Debian packages?


I am wondering if it may have read non-fee, and was just misread. 

Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of john heasley
Sent: Tuesday, June 19, 2007 12:42 PM
To: chiel
Cc: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Rancid Debian packages?

Tue, Jun 19, 2007 at 05:25:11PM +0200, chiel:
> Hello,
> 
> I would like to try out Rancid (for cisco divices). But I only can
find a source install and the debian website says Rancid is a "non-free"
package.

Who is charging for RANCID?  That violates the license.

> Is there any way to install it from a .deb file? I just want to do a
quick install without going to compile all the packages.
> 
> chiel
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From david at infotrek.co.uk  Tue Jun 19 21:21:45 2007
From: david at infotrek.co.uk (David Croft)
Date: Tue, 19 Jun 2007 23:21:45 +0200
Subject: [rancid]  Fwd: Request to make "enable" command configurable
In-Reply-To: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>
References: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>
Message-ID: <c28c250d0706191421s4df2d706o1a0b100b43f3dcef@mail.gmail.com>

I made the change anyway as it turned out to be very easy. Please
consider this for the next release of rancid. This is a patch against
2.3.1.p1 and adds "-d" command line option and "set enacmd" .cloginrc
option to allow override of the default "enable" command.

Regards,

David

---------- Forwarded message ----------
From: David Croft <david at infotrek.co.uk>
Date: 19-Jun-2007 18:30
Subject: Request to make "enable" command configurable
To: rancid-discuss at shrubbery.net


Unlike most Cisco devices, the ASAs seem to launch you into privilege
mode 0 when you login even if the user's privilege level is higher.

There are then two ways to enable:
- "enable" (requires the device's enable password and shoots you to priv 15)
- "login" (requires the user's name & password and then uses their
configured privilege level)

As we don't want the device enable password to be stored or used
anywhere the ideal method to enable is thus to "login". The only
change required is to change
   send "enable\r"
to
   send "login\r"

Rancid already handles entering the username automatically so this
works a treat.

I have tested this by copying clogin to asalogin and making this
change. So please consider this a request to make the enable command
in clogin configurable per device (e.g. set enablecmd fw* {login} ).
If it would be helpful for me to prepare a patch for this, let me
know.

Thanks

David

david at netman2:~$ asalogin fw01
fw01
spawn ssh -c 3des -x -l david fw01
david at fw01's password:
Type help or '?' for a list of available commands.
fw01> login
Username: david
Password: ********
fw01#
-------------- next part --------------
--- /usr/local/bin/clogin	2007-06-19 13:20:41.000000000 +0100
+++ clogin	2007-06-19 17:48:06.000000000 +0100
@@ -33,8 +33,8 @@
 
 # Usage line
 set usage "Usage: $argv0 \[-autoenable\] \[-noenable\] \[-c command\] \
-\[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \[-p user-password\] \
-\[-s script-file\] \[-t timeout\] \[-u username\] \
+\[-d enable-cmd\] \[-Evar=x\] \[-e enable-password\] \[-f cloginrc-file\] \
+\[-p user-password\] \[-s script-file\] \[-t timeout\] \[-u username\] \
 \[-v vty-password\] \[-w enable-username\] \[-x command-file\] \
 \[-y ssh_cypher_type\] router \[router...\]\n"
 
@@ -114,6 +114,13 @@
 		incr i
 		set enausername [ lindex $argv $i ]
 	    }
+	# Enable Command
+	} -d* -
+	-D* {
+	    if {! [  regexp .\[wW\](.+) $arg ignore enacmd]} {
+		incr i
+		set enacmdline [ lindex $argv $i ]
+	    }
 	# Environment variable to pass to -s scripts
 	} -E*
 	{
@@ -454,12 +461,12 @@
 }
 
 # Enable
-proc do_enable { enauser enapasswd } {
+proc do_enable { enacmd enauser enapasswd } {
     global prompt in_proc
     global u_prompt e_prompt
     set in_proc 1
 
-    send "enable\r"
+    send "$enacmd\r"
     expect {
 	-re "$u_prompt"	{ send "$enauser\r"; exp_continue}
 	-re "$e_prompt"	{ send "$enapasswd\r"; exp_continue}
@@ -685,6 +692,15 @@
       if { "$enauser" == "" } { set enauser $ruser }
     }
 
+    # Figure out enable command
+    if {[info exists enacmdline]} {
+      # command line enacmd
+      set enacmd $enacmdline
+    } else {
+      set enacmd [join [find enacmd $router] ""]
+      if { "$enacmd" == "" } { set enacmd "enable" }
+    }
+
     # Figure out prompts
     set u_prompt [find userprompt $router]
     if { "$u_prompt" == "" } {
@@ -727,7 +743,7 @@
 	continue
     }
     if { $enable } {
-	if {[do_enable $enauser $enapasswd]} {
+	if {[do_enable $enacmd $enauser $enapasswd]} {
 	    if { $do_command || $do_script } {
 		close; wait
 		continue

From tex at off.org  Tue Jun 19 21:41:57 2007
From: tex at off.org (Austin Schutz)
Date: Tue, 19 Jun 2007 14:41:57 -0700
Subject: [rancid] Re: Fwd: Request to make "enable" command configurable
In-Reply-To: <c28c250d0706191421s4df2d706o1a0b100b43f3dcef@mail.gmail.com>
References: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>
	<c28c250d0706191421s4df2d706o1a0b100b43f3dcef@mail.gmail.com>
Message-ID: <20070619214157.GN3746@gblx.net>

On Tue, Jun 19, 2007 at 11:21:45PM +0200, David Croft wrote:
> I made the change anyway as it turned out to be very easy. Please
> consider this for the next release of rancid. This is a patch against
> 2.3.1.p1 and adds "-d" command line option and "set enacmd" .cloginrc
> option to allow override of the default "enable" command.
> 

	Seems fine in concept but I'd rather see -d used for debugging.
Maybe -E?

	Austin

From david.croft at infotrek.net  Tue Jun 19 16:30:31 2007
From: david.croft at infotrek.net (David Croft)
Date: Tue, 19 Jun 2007 18:30:31 +0200
Subject: [rancid]  Request to make "enable" command configurable
Message-ID: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>

Unlike most Cisco devices, the ASAs seem to launch you into privilege
mode 0 when you login even if the user's privilege level is higher.

There are then two ways to enable:
- "enable" (requires the device's enable password and shoots you to priv 15)
- "login" (requires the user's name & password and then uses their
configured privilege level)

As we don't want the device enable password to be stored or used
anywhere the ideal method to enable is thus to "login". The only
change required is to change
    send "enable\r"
to
    send "login\r"

Rancid already handles entering the username automatically so this
works a treat.

I have tested this by copying clogin to asalogin and making this
change. So please consider this a request to make the enable command
in clogin configurable per device (e.g. set enablecmd fw* {login} ).
If it would be helpful for me to prepare a patch for this, let me
know.

Thanks

David

david at netman2:~$ asalogin fw01
fw01
spawn ssh -c 3des -x -l david fw01
david at fw01's password:
Type help or '?' for a list of available commands.
fw01> login
Username: david
Password: ********
fw01#

From stephens at ameslab.gov  Wed Jun 20 14:17:56 2007
From: stephens at ameslab.gov (Douglas C. Stephens)
Date: Wed, 20 Jun 2007 09:17:56 -0500
Subject: [rancid] Re: Request to make "enable" command configurable
In-Reply-To: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.co
 m>
References: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>
Message-ID: <7.0.1.0.2.20070620090734.04f64a80@ameslab.gov>

David,

We have our Cisco ASA devices configured to use an authentication backend which drops
users into level-0 exec mode and then requires an enable secret to reach a higher
privileged mode.  This model works the same as for our other Cisco switch and router
equipment.

We did not need to patch RANCID to have it do this.  We did, however, need to put the
RANCID login username(s) into our backend authentication system.  Once we did that, our
RANCID user .cloginrc file looks something like this:

add method rtr-*.domain.comf ssh
add user rtr-*.ameslab.gov ranciduser1
add password rtr-*.ameslab.gov {loginpass1} {enablesecret1}

add method sw-*.ameslab.gov ssh
add user sw-*.ameslab.gov ranciduser2
add password sw-*.ameslab.gov {loginpass2} {enablesecret2}

add method fw-*.ameslab.gov ssh
add user fw-*.ameslab.gov ranciduser3
add password fw-*.ameslab.gov {loginpass3} {enablesecret3}


At 11:30 AM 6/19/2007, David Croft wrote:
>Unlike most Cisco devices, the ASAs seem to launch you into privilege
>mode 0 when you login even if the user's privilege level is higher.
>
>There are then two ways to enable:
>- "enable" (requires the device's enable password and shoots you to priv 15)
>- "login" (requires the user's name & password and then uses their
>configured privilege level)
>
>As we don't want the device enable password to be stored or used
>anywhere the ideal method to enable is thus to "login". The only
>change required is to change
>    send "enable\r"
>to
>    send "login\r"
>
>Rancid already handles entering the username automatically so this
>works a treat.
>
>I have tested this by copying clogin to asalogin and making this
>change. So please consider this a request to make the enable command
>in clogin configurable per device (e.g. set enablecmd fw* {login} ).
>If it would be helpful for me to prepare a patch for this, let me
>know.
>
>Thanks
>
>David
>
>david at netman2:~$ asalogin fw01
>fw01
>spawn ssh -c 3des -x -l david fw01
>david at fw01's password:
>Type help or '?' for a list of available commands.
>fw01> login
>Username: david
>Password: ********
>fw01#
>_______________________________________________
>Rancid-discuss mailing list
>Rancid-discuss at shrubbery.net
>http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

--
Douglas C. Stephens             | Network/DNS/Unix/Windows Administrator
System Support Specialist       | Postmaster / Webmaster
Information Systems             | Phone: (515) 294-6102
Ames Laboratory, US DOE         | Email: stephens at ameslab.gov


From david.croft at infotrek.net  Wed Jun 20 17:52:22 2007
From: david.croft at infotrek.net (David Croft)
Date: Wed, 20 Jun 2007 19:52:22 +0200
Subject: [rancid] Re: Request to make "enable" command configurable
In-Reply-To: <7.0.1.0.2.20070620090734.04f64a80@ameslab.gov>
References: <c28c250d0706190930w6cc53efem30380f16121c29e8@mail.gmail.com>
	<7.0.1.0.2.20070620090734.04f64a80@ameslab.gov>
Message-ID: <c28c250d0706201052i11ea908bp1573348e69a12144@mail.gmail.com>

Hi Douglas,

I know that you can tell rancid the enable password and have it enable
automatically, however as the enable password is a shared one rather
than per-user my client's policy is not for it to be in general use.
Hence wishing rancid to use login rather than enable to escalate
privileges.

Regards,

David

On 20/06/07, Douglas C. Stephens <stephens at ameslab.gov> wrote:
> David,
>
> We have our Cisco ASA devices configured to use an authentication backend which drops
> users into level-0 exec mode and then requires an enable secret to reach a higher
> privileged mode.  This model works the same as for our other Cisco switch and router
> equipment.
>
> We did not need to patch RANCID to have it do this.  We did, however, need to put the
> RANCID login username(s) into our backend authentication system.  Once we did that, our
> RANCID user .cloginrc file looks something like this:
>
> add method rtr-*.domain.comf ssh
> add user rtr-*.ameslab.gov ranciduser1
> add password rtr-*.ameslab.gov {loginpass1} {enablesecret1}
>
> add method sw-*.ameslab.gov ssh
> add user sw-*.ameslab.gov ranciduser2
> add password sw-*.ameslab.gov {loginpass2} {enablesecret2}
>
> add method fw-*.ameslab.gov ssh
> add user fw-*.ameslab.gov ranciduser3
> add password fw-*.ameslab.gov {loginpass3} {enablesecret3}
>
>
> At 11:30 AM 6/19/2007, David Croft wrote:
> >Unlike most Cisco devices, the ASAs seem to launch you into privilege
> >mode 0 when you login even if the user's privilege level is higher.
> >
> >There are then two ways to enable:
> >- "enable" (requires the device's enable password and shoots you to priv 15)
> >- "login" (requires the user's name & password and then uses their
> >configured privilege level)
> >
> >As we don't want the device enable password to be stored or used
> >anywhere the ideal method to enable is thus to "login". The only
> >change required is to change
> >    send "enable\r"
> >to
> >    send "login\r"
> >
> >Rancid already handles entering the username automatically so this
> >works a treat.
> >
> >I have tested this by copying clogin to asalogin and making this
> >change. So please consider this a request to make the enable command
> >in clogin configurable per device (e.g. set enablecmd fw* {login} ).
> >If it would be helpful for me to prepare a patch for this, let me
> >know.
> >
> >Thanks
> >
> >David
> >
> >david at netman2:~$ asalogin fw01
> >fw01
> >spawn ssh -c 3des -x -l david fw01
> >david at fw01's password:
> >Type help or '?' for a list of available commands.
> >fw01> login
> >Username: david
> >Password: ********
> >fw01#
> >_______________________________________________
> >Rancid-discuss mailing list
> >Rancid-discuss at shrubbery.net
> >http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> --
> Douglas C. Stephens             | Network/DNS/Unix/Windows Administrator
> System Support Specialist       | Postmaster / Webmaster
> Information Systems             | Phone: (515) 294-6102
> Ames Laboratory, US DOE         | Email: stephens at ameslab.gov
>
>

From Alexandra.Bakhto at MoneyMart.ca  Wed Jun 20 20:00:03 2007
From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto)
Date: Wed, 20 Jun 2007 13:00:03 -0700
Subject: [rancid]  Install Rancid for Gentoo
Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com>

Hi all:

Does anybody have step-by-step instructions on how to install and
configure Rancid fro Gentoo Linux.
Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not really
work.

Alexandra Bakhto, MA, CCNP, CCDP, CISSP, GIAC GISP
Network Administrator (WAN), National Money Mart
Office: 250-595-5211 x421
Fax: 250-412-3110
E-Mail: alexandra.bakhto at moneymart.ca <mailto:abakhto at moneymart.ca>  



This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/976f748a/attachment.html 

From heas at shrubbery.net  Wed Jun 20 20:19:44 2007
From: heas at shrubbery.net (john heasley)
Date: Wed, 20 Jun 2007 13:19:44 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com>
References: <4A091346DA94344BBCCF7A79D7877BA0041E06FE@nmmexch01.dfg.com>
Message-ID: <20070620201944.GY7043@shrubbery.net>

Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto:
> Hi all:
> 
> Does anybody have step-by-step instructions on how to install and
> configure Rancid fro Gentoo Linux.
> Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not really
> work.

it looks ok to me.  i suggest you explain the problem you're having.

From DylanV at semaphore.com  Wed Jun 20 20:22:27 2007
From: DylanV at semaphore.com (Dylan Vanderhoof)
Date: Wed, 20 Jun 2007 13:22:27 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
Message-ID: <F6F72F553C7E754A945CB88CD8804B42CBC886@exchange01.semaphore.lan>

Looks fine to me.  I didn't follow that (since I didn't know it
existed), but it looks pretty similar to how I installed rancid on my
gentoo servers.
 
Its really not much different than installing it anywhere else.
 
-D

	-----Original Message-----
	From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] 
	Sent: Wednesday, June 20, 2007 1:00 PM
	To: rancid-discuss at shrubbery.net
	Subject: [rancid] Install Rancid for Gentoo
	
	

	Hi all: 

	Does anybody have step-by-step instructions on how to install
and configure Rancid fro Gentoo Linux. 
	Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid
<http://gentoo-wiki.com/HOWTO_Rancid>  do not really work. 

	not the named recipient(s), please immediately notify the sender
and destroy this message. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/3530b572/attachment.html 

From DylanV at semaphore.com  Wed Jun 20 20:30:55 2007
From: DylanV at semaphore.com (Dylan Vanderhoof)
Date: Wed, 20 Jun 2007 13:30:55 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
Message-ID: <F6F72F553C7E754A945CB88CD8804B42CBC887@exchange01.semaphore.lan>

Ahhh, I don't use viewcvs or the apache portion, so I suppose that's why
it seemed easier to me.  I honestly don't know where that is concerned.
I think most people are using external/custom applications to handle the
CVS repository, or just monitoring the config change emails.
 
What do you get in the apache error log when you try to access those
links?  
 
(CC'ing the list again, since somebody might have experience with the
web portion)
 
-D

	-----Original Message-----
	From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] 
	Sent: Wednesday, June 20, 2007 1:25 PM
	To: Dylan Vanderhoof
	Subject: RE: [rancid] Install Rancid for Gentoo
	
	

	Hi Dylan:

	Thank you very much for you response!

	I chose gentoo because supposedly applications are easier to
integrate there using the emerge command.

	Installation instruction at per
http://gentoo-wiki.com/HOWTO_Rancid
<http://gentoo-wiki.com/HOWTO_Rancid>  do not even include starting
apache! Well I figured that out and I can now connect to
HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or
HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing
wrong? I followed all the instructions step by step...

	Alexandra Bakhto.

	

	. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/26836181/attachment.html 

From heas at shrubbery.net  Wed Jun 20 20:35:06 2007
From: heas at shrubbery.net (john heasley)
Date: Wed, 20 Jun 2007 13:35:06 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0701@nmmexch01.dfg.com>
References: <20070620201944.GY7043@shrubbery.net>
	<4A091346DA94344BBCCF7A79D7877BA0041E0701@nmmexch01.dfg.com>
Message-ID: <20070620203506.GA7043@shrubbery.net>

Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto:
> John:
> 
> Thank you very much for you response!
> Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do
> not even include starting apache! Well I figured that out and I can now

it didn't tell you boot the machine either.  demand a refund immediately.

> connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or
> HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing
> wrong?

i think cvs_roots is wrong in the viewcvs.conf example.  inspect your
apache logs.

> Alexandra Bakhto.
>  
> 
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net] 
> Sent: Wednesday, June 20, 2007 1:20 PM
> To: Alexandra Bakhto
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Install Rancid for Gentoo
> 
> Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto:
> > Hi all:
> > 
> > Does anybody have step-by-step instructions on how to install and 
> > configure Rancid fro Gentoo Linux.
> > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not 
> > really work.
> 
> it looks ok to me.  i suggest you explain the problem you're having.
> 
> This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message.

From Alexandra.Bakhto at MoneyMart.ca  Wed Jun 20 20:38:06 2007
From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto)
Date: Wed, 20 Jun 2007 13:38:06 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <20070620203506.GA7043@shrubbery.net>
Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0704@nmmexch01.dfg.com>

 Please forgive my  ignorance... where do find the apache error log?

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Wednesday, June 20, 2007 1:35 PM
To: Alexandra Bakhto
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Install Rancid for Gentoo

Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto:
> John:
> 
> Thank you very much for you response!
> Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do

> not even include starting apache! Well I figured that out and I can 
> now

it didn't tell you boot the machine either.  demand a refund
immediately.

> connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or 
> HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing

> wrong?

i think cvs_roots is wrong in the viewcvs.conf example.  inspect your
apache logs.

> Alexandra Bakhto.
>  
> 
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Wednesday, June 20, 2007 1:20 PM
> To: Alexandra Bakhto
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Install Rancid for Gentoo
> 
> Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto:
> > Hi all:
> > 
> > Does anybody have step-by-step instructions on how to install and 
> > configure Rancid fro Gentoo Linux.
> > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not 
> > really work.
> 
> it looks ok to me.  i suggest you explain the problem you're having.
> 
> This message is intended only for the named recipient(s) above and may
contain information that is privileged, confidential and/or exempt from
disclosure under applicable law.  If you have received this message in
error, or are not the named recipient(s), please immediately notify the
sender and destroy this message.

This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message.

From Alexandra.Bakhto at MoneyMart.ca  Wed Jun 20 20:42:10 2007
From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto)
Date: Wed, 20 Jun 2007 13:42:10 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <F6F72F553C7E754A945CB88CD8804B42CBC888@exchange01.semaphore.lan>
Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com>

Thanks, here are the errors;
 
NMMRancid / # tail var/log/apache2/error_log
[Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not
exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3
[Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not
exist: /var/www/localhost/htdocs/var
[Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not
exist: /var/www/localhost/htdocs/var
[Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not
exist: /var/www/localhost/htdocs/var
[Wed Jun 20 12:13:01 2007] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec2)
[Wed Jun 20 12:13:01 2007] [notice] Digest: generating secret for digest
authentication ...
[Wed Jun 20 12:13:01 2007] [notice] Digest: done
[Wed Jun 20 12:13:01 2007] [notice] mod_python: Creating 8 session
mutexes based on 150 max processes and 0 max threads.
[Wed Jun 20 12:13:01 2007] [notice] mod_python: using mutex_directory
/tmp
[Wed Jun 20 12:13:02 2007] [notice] Apache configured -- resuming normal
operations


________________________________

From: Dylan Vanderhoof [mailto:DylanV at semaphore.com] 
Sent: Wednesday, June 20, 2007 1:39 PM
To: Alexandra Bakhto
Subject: RE: [rancid] Install Rancid for Gentoo


/var/log/apache2/error_log most likely.  Or somewhere in that general
area.
 
-D

	-----Original Message-----
	From: Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca] 
	Sent: Wednesday, June 20, 2007 1:36 PM
	To: Dylan Vanderhoof
	Subject: RE: [rancid] Install Rancid for Gentoo
	
	
	Please forgive my  ignorance... where do find the apache error
log?

________________________________

	From: Dylan Vanderhoof [mailto:DylanV at semaphore.com] 
	Sent: Wednesday, June 20, 2007 1:31 PM
	To: Alexandra Bakhto
	Cc: rancid-discuss at shrubbery.net
	Subject: RE: [rancid] Install Rancid for Gentoo
	
	
	Ahhh, I don't use viewcvs or the apache portion, so I suppose
that's why it seemed easier to me.  I honestly don't know where that is
concerned.  I think most people are using external/custom applications
to handle the CVS repository, or just monitoring the config change
emails.
	 
	What do you get in the apache error log when you try to access
those links?  
	 
	(CC'ing the list again, since somebody might have experience
with the web portion)
	 
	-D

		-----Original Message-----
		From: Alexandra Bakhto
[mailto:Alexandra.Bakhto at MoneyMart.ca] 
		Sent: Wednesday, June 20, 2007 1:25 PM
		To: Dylan Vanderhoof
		Subject: RE: [rancid] Install Rancid for Gentoo
		
		

		Hi Dylan:

		Thank you very much for you response!

		I chose gentoo because supposedly applications are
easier to integrate there using the emerge command.

		Installation instruction at per
http://gentoo-wiki.com/HOWTO_Rancid
<http://gentoo-wiki.com/HOWTO_Rancid>  do not even include starting
apache! Well I figured that out and I can now connect to
HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or
HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing
wrong? I followed all the instructions step by step...

		Alexandra Bakhto.

		

		. 


	This message is intended only for the named recipient(s) above
and may contain information that is privileged, confidential and/or
exempt from disclosure under applicable law. If you have received this
message in error, or are not the named recipient(s), please immediately
notify the sender and destroy this message. 


This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070620/62768f67/attachment.html 

From heas at shrubbery.net  Wed Jun 20 20:58:05 2007
From: heas at shrubbery.net (john heasley)
Date: Wed, 20 Jun 2007 13:58:05 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com>
References: <F6F72F553C7E754A945CB88CD8804B42CBC888@exchange01.semaphore.lan>
	<4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com>
Message-ID: <20070620205805.GC7043@shrubbery.net>

Wed, Jun 20, 2007 at 01:42:10PM -0700, Alexandra Bakhto:
> Thanks, here are the errors;
>  
> NMMRancid / # tail var/log/apache2/error_log
> [Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not
> exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3
> [Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not
> exist: /var/www/localhost/htdocs/var
> [Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not
> exist: /var/www/localhost/htdocs/var
> [Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not
> exist: /var/www/localhost/htdocs/var

presumably it is simply that you have not tailored the apache configuration
for your environment, specifically where you've installed apache's document
root and viewcvs.

From Alexandra.Bakhto at MoneyMart.ca  Wed Jun 20 20:58:03 2007
From: Alexandra.Bakhto at MoneyMart.ca (Alexandra Bakhto)
Date: Wed, 20 Jun 2007 13:58:03 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0704@nmmexch01.dfg.com>
Message-ID: <4A091346DA94344BBCCF7A79D7877BA0041E0706@nmmexch01.dfg.com>

 Please forgive my  ignorance... Which directories should I specify as
CVS roots in viewcvs.conf?
-----Original Message-----
From: Alexandra Bakhto 
Sent: Wednesday, June 20, 2007 1:38 PM
To: 'john heasley'
Cc: rancid-discuss at shrubbery.net
Subject: RE: [rancid] Install Rancid for Gentoo

 Please forgive my  ignorance... where do find the apache error log?

-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net]
Sent: Wednesday, June 20, 2007 1:35 PM
To: Alexandra Bakhto
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Install Rancid for Gentoo

Wed, Jun 20, 2007 at 01:23:31PM -0700, Alexandra Bakhto:
> John:
> 
> Thank you very much for you response!
> Installation instruction at per http://gentoo-wiki.com/HOWTO_Rancid do

> not even include starting apache! Well I figured that out and I can 
> now

it didn't tell you boot the machine either.  demand a refund
immediately.

> connect to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or 
> HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I doing

> wrong?

i think cvs_roots is wrong in the viewcvs.conf example.  inspect your
apache logs.

> Alexandra Bakhto.
>  
> 
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net]
> Sent: Wednesday, June 20, 2007 1:20 PM
> To: Alexandra Bakhto
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Install Rancid for Gentoo
> 
> Wed, Jun 20, 2007 at 01:00:03PM -0700, Alexandra Bakhto:
> > Hi all:
> > 
> > Does anybody have step-by-step instructions on how to install and 
> > configure Rancid fro Gentoo Linux.
> > Instructions posed at http://gentoo-wiki.com/HOWTO_Rancid do not 
> > really work.
> 
> it looks ok to me.  i suggest you explain the problem you're having.
> 
> This message is intended only for the named recipient(s) above and may
contain information that is privileged, confidential and/or exempt from
disclosure under applicable law.  If you have received this message in
error, or are not the named recipient(s), please immediately notify the
sender and destroy this message.

This message is intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and destroy this message.

From cmoody at qualcomm.com  Wed Jun 20 21:02:57 2007
From: cmoody at qualcomm.com (Chris Moody)
Date: Wed, 20 Jun 2007 14:02:57 -0700
Subject: [rancid] Re: Install Rancid for Gentoo
In-Reply-To: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com>
References: <4A091346DA94344BBCCF7A79D7877BA0041E0705@nmmexch01.dfg.com>
Message-ID: <46799601.5000205@qualcomm.com>

You will also need to make sure you tell apache where the web-interface is.

Here's my example, using name-based virtual hosts in Apache.

ex>

########## VIRTUAL HOST CONFIG FOR ViewCVS ##########
#####################################################
#####################################################
################# cmoody 11.21.05 ###################
<VirtualHost *:443>
         ServerAdmin <insert your e-mail here>
         DocumentRoot /var/www/localhost/viewcvs/
         ServerName <dns-name for vhost goes here>
         UseCanonicalName Off
         ScriptAlias /config /var/www/localhost/cgi-bin/viewcvs/viewcvs.cgi
         <Directory "/var/www/localhost/cgi-bin/viewcvs/">
             AllowOverride AuthConfig
             Options ExecCGI FollowSymLinks
             Order allow,deny
             Allow from all
         </Directory>
         <Directory "/var/www/localhost/viewcvs/">
             AllowOverride AuthConfig
             Options Indexes MultiViews ExecCGI FollowSymLinks
             Options MultiViews ExecCGI FollowSymLinks
             Order allow,deny
             Allow from all
         </Directory>
</VirtualHost>


Alexandra Bakhto wrote:
> Thanks, here are the errors;
>  
> NMMRancid / # tail var/log/apache2/error_log
> [Wed Jun 20 12:03:05 2007] [error] [client 10.128.2.93] File does not 
> exist: /var/www/localhost/htdocs/manual, referer: http://10.128.2.3
> [Wed Jun 20 12:05:17 2007] [error] [client 10.128.2.93] File does not 
> exist: /var/www/localhost/htdocs/var
> [Wed Jun 20 12:05:20 2007] [error] [client 10.128.2.93] File does not 
> exist: /var/www/localhost/htdocs/var
> [Wed Jun 20 12:05:22 2007] [error] [client 10.128.2.93] File does not 
> exist: /var/www/localhost/htdocs/var
> [Wed Jun 20 12:13:01 2007] [notice] suEXEC mechanism enabled (wrapper: 
> /usr/sbin/suexec2)
> [Wed Jun 20 12:13:01 2007] [notice] Digest: generating secret for digest 
> authentication ...
> [Wed Jun 20 12:13:01 2007] [notice] Digest: done
> [Wed Jun 20 12:13:01 2007] [notice] mod_python: Creating 8 session 
> mutexes based on 150 max processes and 0 max threads.
> [Wed Jun 20 12:13:01 2007] [notice] mod_python: using mutex_directory /tmp
> [Wed Jun 20 12:13:02 2007] [notice] Apache configured -- resuming normal 
> operations
> 
> ------------------------------------------------------------------------
> *From:* Dylan Vanderhoof [mailto:DylanV at semaphore.com]
> *Sent:* Wednesday, June 20, 2007 1:39 PM
> *To:* Alexandra Bakhto
> *Subject:* RE: [rancid] Install Rancid for Gentoo
> 
> /var/log/apache2/error_log most likely.  Or somewhere in that general area.
>  
> -D
> 
>     -----Original Message-----
>     *From:* Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca]
>     *Sent:* Wednesday, June 20, 2007 1:36 PM
>     *To:* Dylan Vanderhoof
>     *Subject:* RE: [rancid] Install Rancid for Gentoo
> 
>     Please forgive my  ignorance... where do find the apache error log?
> 
>     ------------------------------------------------------------------------
>     *From:* Dylan Vanderhoof [mailto:DylanV at semaphore.com]
>     *Sent:* Wednesday, June 20, 2007 1:31 PM
>     *To:* Alexandra Bakhto
>     *Cc:* rancid-discuss at shrubbery.net
>     *Subject:* RE: [rancid] Install Rancid for Gentoo
> 
>     Ahhh, I don't use viewcvs or the apache portion, so I suppose that's
>     why it seemed easier to me.  I honestly don't know where that is
>     concerned.  I think most people are using external/custom
>     applications to handle the CVS repository, or just monitoring the
>     config change emails.
>      
>     What do you get in the apache error log when you try to access those
>     links? 
>      
>     (CC'ing the list again, since somebody might have experience with
>     the web portion)
>      
>     -D
> 
>         -----Original Message-----
>         *From:* Alexandra Bakhto [mailto:Alexandra.Bakhto at MoneyMart.ca]
>         *Sent:* Wednesday, June 20, 2007 1:25 PM
>         *To:* Dylan Vanderhoof
>         *Subject:* RE: [rancid] Install Rancid for Gentoo
> 
>         Hi Dylan:
> 
>         Thank you very much for you response!
> 
>         I chose gentoo because supposedly applications are easier to
>         integrate there using the emerge command.
> 
>         Installation instruction at per
>         _http://gentoo-wiki.com/HOWTO_Rancid_ do not even include
>         starting apache! Well I figured that out and I can now connect
>         to HTTP:\\SERVER-IP\ but HTTP:\\SERVER-IP\configs or
>         HTTP:\\SERVER-IP\viewcvs still result in broken links. What am I
>         doing wrong? I followed all the instructions step by step...
> 
>         Alexandra Bakhto.
> 
>         . 
> 
> 
>     This message is intended only for the named recipient(s) above and
>     may contain information that is privileged, confidential and/or
>     exempt from disclosure under applicable law. If you have received
>     this message in error, or are not the named recipient(s), please
>     immediately notify the sender and destroy this message. 
> 
> 
> This message is intended only for the named recipient(s) above and may 
> contain information that is privileged, confidential and/or exempt from 
> disclosure under applicable law. If you have received this message in 
> error, or are not the named recipient(s), please immediately notify the 
> sender and destroy this message.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From G.Ross at ccw.gov.uk  Fri Jun 22 12:52:01 2007
From: G.Ross at ccw.gov.uk (Gordon Ross)
Date: Fri, 22 Jun 2007 13:52:01 +0100
Subject: [rancid]  RANCID & SVN
Message-ID: <467BD3FF.AC0B.0006.3@ccw.gov.uk>

Hi,

I'm looking at using rancid, and I would like to use it with an SVN
repository. The web page for rancid says it works with SVN, but I
couldn't see anything on how to get rancid to use SVN.

A quick google revealed
http://www.shrubbery.net/pipermail/rancid-discuss/2006-February/001358.html
which doesn't seem to apply to the current version of rancid.

BTW - are there any docs for rancid other than the man pages ?

Thanks,

GTG

From thecomputerking at gmail.com  Fri Jun 22 14:37:09 2007
From: thecomputerking at gmail.com (Riley Tompkins)
Date: Fri, 22 Jun 2007 10:37:09 -0400
Subject: [rancid] Re: RANCID & SVN
In-Reply-To: <467BD3FF.AC0B.0006.3@ccw.gov.uk>
References: <467BD3FF.AC0B.0006.3@ccw.gov.uk>
Message-ID: <337a72540706220737m10e55000s1a657f6e7d3034e5@mail.gmail.com>

./configure --enable-svn

I also found it beneficial to modify the source file "rancid-cvs.in"
on line 80 as such:

# Top level CVS stuff
if [ ! -d $CVSROOT ]; then
    if [ $RCSSYS = cvs ]; then
        cvs -d $CVSROOT init
    else
        svnadmin create $CVSROOT --fs-type fsfs
    fi
fi

I chose the fsfs type because I kept having to recover the db due to
umask issues in the Berkley type db.

It has worked flawlessly since.

Regards,
-Riley


On 6/22/07, Gordon Ross <G.Ross at ccw.gov.uk> wrote:
> Hi,
>
> I'm looking at using rancid, and I would like to use it with an SVN
> repository. The web page for rancid says it works with SVN, but I
> couldn't see anything on how to get rancid to use SVN.
>
> A quick google revealed
> http://www.shrubbery.net/pipermail/rancid-discuss/2006-February/001358.html
> which doesn't seem to apply to the current version of rancid.
>
> BTW - are there any docs for rancid other than the man pages ?
>
> Thanks,
>
> GTG
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>

From G.Ross at ccw.gov.uk  Fri Jun 22 20:45:08 2007
From: G.Ross at ccw.gov.uk (Gordon Ross)
Date: Fri, 22 Jun 2007 21:45:08 +0100
Subject: [rancid] Re: RANCID & SVN
Message-ID: <467C447202000006000905FF@gwia3.ccw.gov.uk>

There is no mention of svn in configure. I'm using rancid 2.3.1 Do I
need to use the alpha release ?

GTG

>>> "Riley Tompkins" <thecomputerking at gmail.com> 06/22/07 3:37 PM >>>
./configure --enable-svn


From Chandrasekaran.Jayaraj at in.standardchartered.com  Mon Jun 25 06:53:55 2007
From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj,
	Chandrasekaran)
Date: Mon, 25 Jun 2007 12:23:55 +0530
Subject: [rancid] Need to know if mutiple usernames can be set in the
	.clogin file
Message-ID: <FE9A7CE61D39E84F9C160F36E6D564C86289BB@INHADXMB102V.zone1.scb.net>

Hi ,

 

I am a newcomer to RANCID and I find it an interesting tool .

 

I want to know how to use rancid for checking configuration changes done
by multiple users .

Currently I have 3 users in my router who have privilege access to my
routers and switches and rancid sends me the diff files of these 3 users
.

 

However I am not able to find out which user has done the change via the
email sent by rancid . Any suggestions on how to find it out ? 

 

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J

 

Senior Technical Analyst, Network Center of Excellence,
Network Services, Technology Production Services
Standard Chartered Bank

 

Direct Dial :  + 91 44 422 14233 
Mobile      :  + 91 98846 78777 
Fonenet    :  x  390 14233
------------------------------------------------------------------------
-----

 

This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/d983c292/attachment.html 

From shekhar at mos.com.np  Mon Jun 25 07:04:41 2007
From: shekhar at mos.com.np (Shekhar Basnet)
Date: Mon, 25 Jun 2007 12:49:41 +0545
Subject: [rancid] Re: Need to know if mutiple usernames can be set in
	the	.clogin file
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C86289BB@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C86289BB@INHADXMB102V.zone1.scb.net>
Message-ID: <1182755080.2250.16.camel@chulu.mos.com.np>

Hi,

You'd need to use TACACS+ to find out who is doing what in your
routers/switches. You can download it from
http://www.shrubbery.net/tools.html

rgds,
shekhar.

On Mon, 2007-06-25 at 12:38, Jayaraj, Chandrasekaran wrote:
> Hi ,
> 
>  
> 
> I am a newcomer to RANCID and I find it an interesting tool .
> 
>  
> 
> I want to know how to use rancid for checking configuration changes
> done by multiple users .
> 
> Currently I have 3 users in my router who have privilege access to my
> routers and switches and rancid sends me the diff files of these 3
> users .
> 
>  
> 
> However I am not able to find out which user has done the change via
> the email sent by rancid . Any suggestions on how to find it out ? 
> 
>  
> 
> warm regards,
> -----------------------------------------------------------------------------
> Chandrasekaran J
> 
>  



From Chandrasekaran.Jayaraj at in.standardchartered.com  Mon Jun 25 07:46:17 2007
From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj,
	Chandrasekaran)
Date: Mon, 25 Jun 2007 13:16:17 +0530
Subject: [rancid] Re: Need to know if mutiple usernames can be set in
	the.clogin file
Message-ID: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>



Hi ,

Thanks for the swift response . We do have cisco tacacs installed using
ACS.

Even when we have that there may be multiple users who will be a part of
the authentication group who will actually have level 15 access . 

So say for eg we have a group called noc-users and there are 3 users
namely user1 ,user2 ,user3 who will have privilege 15 access . 

But currently my cloginrc file has the entry in below format

add user *      user1 and 

add password * testpwd enabletestpwd



So how can I check if I login as a user2 and do some change ? 

Currently all I get from rancid is that a diff output mail with the
difference and no mention of the username doing the change .

So let me know if there is a way for this .

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J
 
Senior Technical Analyst, Network Center of Excellence,
Network Services, Technology Production Services
------------------------------------------------------------------------
-----
-----Original Message-----
From: Shekhar Basnet [mailto:shekhar at mos.com.np] 
Sent: Monday, June 25, 2007 12:35 PM
To: Jayaraj, Chandrasekaran
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Need to know if mutiple usernames can be set in
the.clogin file

Hi,

You'd need to use TACACS+ to find out who is doing what in your
routers/switches. You can download it from
http://www.shrubbery.net/tools.html

rgds,
shekhar.

On Mon, 2007-06-25 at 12:38, Jayaraj, Chandrasekaran wrote:
> Hi ,
> 
>  
> 
> I am a newcomer to RANCID and I find it an interesting tool .
> 
>  
> 
> I want to know how to use rancid for checking configuration changes
> done by multiple users .
> 
> Currently I have 3 users in my router who have privilege access to my
> routers and switches and rancid sends me the diff files of these 3
> users .
> 
>  
> 
> However I am not able to find out which user has done the change via
> the email sent by rancid . Any suggestions on how to find it out ? 
> 
>  
> 
> warm regards,
>
------------------------------------------------------------------------
-----
> Chandrasekaran J
> 
>  


This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.


From jeff at ocjtech.us  Mon Jun 25 13:02:03 2007
From: jeff at ocjtech.us (Jeffrey C. Ollie)
Date: Mon, 25 Jun 2007 08:02:03 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be set
	in	the.clogin file
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>
Message-ID: <1182776523.3821.6.camel@lt21223.campus.dmacc.edu>

On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote:
>
> Thanks for the swift response . We do have cisco tacacs installed using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
>
> So how can I check if I login as a user2 and do some change ? 
> 
> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

RANCID cannot do what you ask.  All that RANCID can do is give you a
summary of the changes made between two points in time, it cannot show
you who made those changes.  It also cannot show you changes that were
made then unmade in between the times that RANCID scans your routers.

You need to enable command accounting on your router to get the kind of
information that you want:

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca5f1.html#xtocid183737

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/9f659cc2/attachment.bin 

From Todd at equivoice.com  Mon Jun 25 13:18:34 2007
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 25 Jun 2007 08:18:34 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be
	setin	the.clogin file
In-Reply-To: <1182776523.3821.6.camel@lt21223.campus.dmacc.edu>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F017@exchange.Equivoice.local>

Setup a Tacacs+ server on the Rancid box. The one I use which has a nice
front end is found here, http://www.networkforums.net Once installed and
working it is easy to check the logs to see what has been done and by
whom. 

Thanks
Todd Heide
Equivoice Inc.

CCNA CWLSS CS-CISecS
847-235-3308
 
Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean
-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C.
Ollie
Sent: Monday, June 25, 2007 8:02 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Need to know if mutiple usernames can be setin
the.clogin file

On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote:
>
> Thanks for the swift response . We do have cisco tacacs installed
using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part
of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
>
> So how can I check if I login as a user2 and do some change ? 
> 
> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

RANCID cannot do what you ask.  All that RANCID can do is give you a
summary of the changes made between two points in time, it cannot show
you who made those changes.  It also cannot show you changes that were
made then unmade in between the times that RANCID scans your routers.

You need to enable command accounting on your router to get the kind of
information that you want:

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products
_configuration_guide_chapter09186a00800ca5f1.html#xtocid183737

Jeff


From rancid at gheek.net  Mon Jun 25 15:43:05 2007
From: rancid at gheek.net (Lance)
Date: Mon, 25 Jun 2007 08:43:05 -0700
Subject: [rancid] Re: Need to know if mutiple usernames can be setin
	the.clogin file
Message-ID: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net>

Todd,

Nice URL. :-D bad URL or a hacked site.

Miss Cindy's Neighborhood Nursery School


Hehehe. 

Happy Mondays.

-Lance

> -------- Original Message --------
> Subject: [rancid] Re: Need to know if mutiple usernames can be setin
> the.clogin file
> From: "Todd Heide" <Todd at equivoice.com>
> Date: Mon, June 25, 2007 6:18 am
> To: "Jeffrey C. Ollie" <jeff at ocjtech.us>, 
> <rancid-discuss at shrubbery.net>
> 
> Setup a Tacacs+ server on the Rancid box. The one I use which has a nice
> front end is found here, http://www.networkforums.net Once installed and
> working it is easy to check the logs to see what has been done and by
> whom. 
> 
> Thanks
> Todd Heide
> Equivoice Inc.
> 
> CCNA CWLSS CS-CISecS
> 847-235-3308
>  
> Nothing ever goes as planned, Its a hell of a notion, 
> Even pharaohs turn to sand, Like a drop in the ocean
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C.
> Ollie
> Sent: Monday, June 25, 2007 8:02 AM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: Need to know if mutiple usernames can be setin
> the.clogin file
> 
> On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote:
> >
> > Thanks for the swift response . We do have cisco tacacs installed
> using
> > ACS.
> > 
> > Even when we have that there may be multiple users who will be a part
> of
> > the authentication group who will actually have level 15 access . 
> > 
> > So say for eg we have a group called noc-users and there are 3 users
> > namely user1 ,user2 ,user3 who will have privilege 15 access . 
> >
> > So how can I check if I login as a user2 and do some change ? 
> > 
> > Currently all I get from rancid is that a diff output mail with the
> > difference and no mention of the username doing the change .
> 
> RANCID cannot do what you ask.  All that RANCID can do is give you a
> summary of the changes made between two points in time, it cannot show
> you who made those changes.  It also cannot show you changes that were
> made then unmade in between the times that RANCID scans your routers.
> 
> You need to enable command accounting on your router to get the kind of
> information that you want:
> 
> http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products
> _configuration_guide_chapter09186a00800ca5f1.html#xtocid183737
> 
> Jeff
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From Todd at equivoice.com  Mon Jun 25 15:47:16 2007
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 25 Jun 2007 10:47:16 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be setin
	the.clogin file
In-Reply-To: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local>

Oh great! Yep, been hacked, again it appears. I have the files for the
install if interested. 

Thanks
Todd Heide
Equivoice Inc.

CCNA CWLSS CS-CISecS

Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean

-----Original Message-----
From: Lance [mailto:rancid at gheek.net] 
Sent: Monday, June 25, 2007 10:43 AM
To: Todd Heide
Cc: Jeffrey C. Ollie; rancid-discuss at shrubbery.net
Subject: RE: [rancid] Re: Need to know if mutiple usernames can be setin
the.clogin file

Todd,

Nice URL. :-D bad URL or a hacked site.

Miss Cindy's Neighborhood Nursery School


Hehehe. 

Happy Mondays.

-Lance

> -------- Original Message --------
> Subject: [rancid] Re: Need to know if mutiple usernames can be setin
> the.clogin file
> From: "Todd Heide" <Todd at equivoice.com>
> Date: Mon, June 25, 2007 6:18 am
> To: "Jeffrey C. Ollie" <jeff at ocjtech.us>, 
> <rancid-discuss at shrubbery.net>
> 
> Setup a Tacacs+ server on the Rancid box. The one I use which has a
nice
> front end is found here, http://www.networkforums.net Once installed
and
> working it is easy to check the logs to see what has been done and by
> whom. 
> 
> Thanks
> Todd Heide
> Equivoice Inc.
> 
> CCNA CWLSS CS-CISecS
> 847-235-3308
>  
> Nothing ever goes as planned, Its a hell of a notion, 
> Even pharaohs turn to sand, Like a drop in the ocean
> -----Original Message-----
> From: rancid-discuss-bounces at shrubbery.net
> [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeffrey C.
> Ollie
> Sent: Monday, June 25, 2007 8:02 AM
> To: rancid-discuss at shrubbery.net
> Subject: [rancid] Re: Need to know if mutiple usernames can be setin
> the.clogin file
> 
> On Mon, 2007-06-25 at 13:16 +0530, Jayaraj, Chandrasekaran wrote:
> >
> > Thanks for the swift response . We do have cisco tacacs installed
> using
> > ACS.
> > 
> > Even when we have that there may be multiple users who will be a
part
> of
> > the authentication group who will actually have level 15 access . 
> > 
> > So say for eg we have a group called noc-users and there are 3 users
> > namely user1 ,user2 ,user3 who will have privilege 15 access . 
> >
> > So how can I check if I login as a user2 and do some change ? 
> > 
> > Currently all I get from rancid is that a diff output mail with the
> > difference and no mention of the username doing the change .
> 
> RANCID cannot do what you ask.  All that RANCID can do is give you a
> summary of the changes made between two points in time, it cannot show
> you who made those changes.  It also cannot show you changes that were
> made then unmade in between the times that RANCID scans your routers.
> 
> You need to enable command accounting on your router to get the kind
of
> information that you want:
> 
>
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1828/products
> _configuration_guide_chapter09186a00800ca5f1.html#xtocid183737
> 
> Jeff
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From saku+rancid at ytti.fi  Mon Jun 25 16:05:17 2007
From: saku+rancid at ytti.fi (Saku Ytti)
Date: Mon, 25 Jun 2007 19:05:17 +0300
Subject: [rancid] Re: Need to know if mutiple usernames can be setin
	the.clogin file
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local>
References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net>
	<082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local>
Message-ID: <20070625160517.GA15783@mx.ytti.net>

On (2007-06-25 10:47 -0500), Todd Heide wrote:

> Oh great! Yep, been hacked, again it appears. I have the files for the
> install if interested. 

Off-topic, but why does it appear 'hacked'? To me it seems like web hoster
didn't setup sane default page for unknown 'Host: x', e.g.
networkforums.net has been removed from that site and it falls back to
some config it found.

-- 
  ++ytti

From Todd at equivoice.com  Mon Jun 25 16:07:30 2007
From: Todd at equivoice.com (Todd Heide)
Date: Mon, 25 Jun 2007 11:07:30 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be
	setinthe.clogin file
In-Reply-To: <20070625160517.GA15783@mx.ytti.net>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F04A@exchange.Equivoice.local>

It has happened before with this site, someone gets in there and
replaced the content with something else. Worked last week. 

Thanks
Todd Heide
Equivoice Inc.

CCNA CWLSS CS-CISecS
847-235-3308
 
Nothing ever goes as planned, Its a hell of a notion, 
Even pharaohs turn to sand, Like a drop in the ocean

-----Original Message-----
From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Saku Ytti
Sent: Monday, June 25, 2007 11:05 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Re: Need to know if mutiple usernames can be
setinthe.clogin file

On (2007-06-25 10:47 -0500), Todd Heide wrote:

> Oh great! Yep, been hacked, again it appears. I have the files for the
> install if interested. 

Off-topic, but why does it appear 'hacked'? To me it seems like web
hoster
didn't setup sane default page for unknown 'Host: x', e.g.
networkforums.net has been removed from that site and it falls back to
some config it found.

-- 
  ++ytti
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

From justin at justinshore.com  Mon Jun 25 16:43:51 2007
From: justin at justinshore.com (Justin Shore)
Date: Mon, 25 Jun 2007 11:43:51 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be
 setin	the.clogin file
In-Reply-To: <20070625160517.GA15783@mx.ytti.net>
References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net>	<082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local>
	<20070625160517.GA15783@mx.ytti.net>
Message-ID: <467FF0C7.4070003@justinshore.com>

Saku Ytti wrote:
> On (2007-06-25 10:47 -0500), Todd Heide wrote:
> 
>> Oh great! Yep, been hacked, again it appears. I have the files for the
>> install if interested. 
> 
> Off-topic, but why does it appear 'hacked'? To me it seems like web hoster
> didn't setup sane default page for unknown 'Host: x', e.g.
> networkforums.net has been removed from that site and it falls back to
> some config it found.

Saku,

I think you're right.

Name:   www.networkforums.net
Address: 71.169.3.3

Name:   www.misscindysschool.com
Address: 71.169.3.3

All these URLs give you the same site.

http://www.misscindysschool.com
http://www.networkforums.net
http://71.169.3.3

The web hoster is apparently having problems...

Justin

From eravin at panix.com  Mon Jun 25 17:08:43 2007
From: eravin at panix.com (Ed Ravin)
Date: Mon, 25 Jun 2007 13:08:43 -0400
Subject: [rancid] Re: Need to know if mutiple usernames can be
	setin	the.clogin file
In-Reply-To: <467FF0C7.4070003@justinshore.com>
References: <20070625084305.8e114e4890519e5179c192e02d6bca26.589351f20c.wbe@email.secureserver.net>
	<082FEA82DC985B4F8A6B412D5AC4E22076F03F@exchange.Equivoice.local>
	<20070625160517.GA15783@mx.ytti.net>
	<467FF0C7.4070003@justinshore.com>
Message-ID: <20070625170843.GB4838@panix.com>

On Mon, Jun 25, 2007 at 11:43:51AM -0500, Justin Shore wrote:
> Saku Ytti wrote:
> > Off-topic, but why does it appear 'hacked'? To me it seems like web hoster
> > didn't setup sane default page for unknown 'Host: x', e.g.
> > networkforums.net has been removed from that site and it falls back to
> > some config it found.
> 
> Saku,
> 
> I think you're right.
> 
> Name:   www.networkforums.net
> Address: 71.169.3.3
> 
> Name:   www.misscindysschool.com
> Address: 71.169.3.3
> 
> All these URLs give you the same site.

Awww, shucks, I was hoping that this was a case of Pre-K
"script kiddies", who were going to follow up on this hack by
writing the Playskool UI for RANCID.

From heas at shrubbery.net  Mon Jun 25 17:28:50 2007
From: heas at shrubbery.net (john heasley)
Date: Mon, 25 Jun 2007 17:28:50 +0000
Subject: [rancid] Re: Need to know if mutiple usernames can be set in
	the.clogin file
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>
Message-ID: <20070625172850.GF10063@shrubbery.net>

Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
> 
> 
> Hi ,
> 
> Thanks for the swift response . We do have cisco tacacs installed using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
> 
> But currently my cloginrc file has the entry in below format
> 
> add user *      user1 and 
> 
> add password * testpwd enabletestpwd
> 
> 
> 
> So how can I check if I login as a user2 and do some change ? 

each user has their own HOME and  $HOME/.cloginrc.

> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

The others are correct, there is no attribution and no way to be certain of
it without tacacs (or radius?) login and command accounting.  You can further
associate specific changes with rancid by using SEC; see the rancid FAQ,
section 3 question 5.  With the time from the accounting logs, you can
approximately determine the user; approximate because multiple change could
occur in the time taken for the collection.

From jeff at ocjtech.us  Mon Jun 25 18:22:11 2007
From: jeff at ocjtech.us (Jeffrey C. Ollie)
Date: Mon, 25 Jun 2007 13:22:11 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be set
	in	the.clogin file
In-Reply-To: <20070625172850.GF10063@shrubbery.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C8628A69@INHADXMB102V.zone1.scb.net>
	<20070625172850.GF10063@shrubbery.net>
Message-ID: <1182795731.3821.44.camel@lt21223.campus.dmacc.edu>

On Mon, 2007-06-25 at 17:28 +0000, john heasley wrote:
>
> The others are correct, there is no attribution and no way to be certain of
> it without tacacs (or radius?) login and command accounting.

Command accounting is not available with RADIUS (on Cisco at least).

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070625/98f3984e/attachment.bin 

From Chandrasekaran.Jayaraj at in.standardchartered.com  Tue Jun 26 05:01:20 2007
From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj,
	Chandrasekaran)
Date: Tue, 26 Jun 2007 10:31:20 +0530
Subject: [rancid] Re: Need to know if mutiple usernames can be set in
	the.clogin file
Message-ID: <FE9A7CE61D39E84F9C160F36E6D564C8673C07@INHADXMB102V.zone1.scb.net>


Hi All ,

Thanks for all your inputs .It was an eye opener for me . I will have to
make this work with my current cisco tacacs configuration that I have .

But still I see a good amount of information using the GUI on what has
changed. 

By the way can anyone say what are these lines (sample of my diff
output)

Index: configs/10.132.17.66
===================================================================
retrieving revision 1.7
diff -U4 -r1.7 10.132.17.66        
@@ -498,9 +498,9 @@     - I don't understand what this line means
   no ip address                 - Also it always shows these 3 lines.
   no ip route-cache
   shutdown
  !
- ip http server
+ no ip http server
  !
  ip access-list extended Core_marking_AF12_Admin
   permit tcp any any eq smtp
   permit tcp any eq smtp any

While actually what I changed on the switch was the lines after the +
sign .

Anyone have a document on how to understand this output ?  ( I am aware
of the cvs-web and its cool but I would to like this to explain this
thing to my managers who will see this email stuff only ) 

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J
 
------------------------------------------------------------------------
-----
-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Monday, June 25, 2007 10:59 PM
To: Jayaraj, Chandrasekaran
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set
in the.clogin file

Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
> 
> 
> Hi ,
> 
> Thanks for the swift response . We do have cisco tacacs installed
using
> ACS.
> 
> Even when we have that there may be multiple users who will be a part
of
> the authentication group who will actually have level 15 access . 
> 
> So say for eg we have a group called noc-users and there are 3 users
> namely user1 ,user2 ,user3 who will have privilege 15 access . 
> 
> But currently my cloginrc file has the entry in below format
> 
> add user *      user1 and 
> 
> add password * testpwd enabletestpwd
> 
> 
> 
> So how can I check if I login as a user2 and do some change ? 

each user has their own HOME and  $HOME/.cloginrc.

> Currently all I get from rancid is that a diff output mail with the
> difference and no mention of the username doing the change .

The others are correct, there is no attribution and no way to be certain
of
it without tacacs (or radius?) login and command accounting.  You can
further
associate specific changes with rancid by using SEC; see the rancid FAQ,
section 3 question 5.  With the time from the accounting logs, you can
approximately determine the user; approximate because multiple change
could
occur in the time taken for the collection.
This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.


From justin at justinshore.com  Tue Jun 26 11:59:27 2007
From: justin at justinshore.com (Justin Shore)
Date: Tue, 26 Jun 2007 06:59:27 -0500
Subject: [rancid] Re: Need to know if mutiple usernames can be set in
 the.clogin file
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C8673C07@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C8673C07@INHADXMB102V.zone1.scb.net>
Message-ID: <4680FF9F.908@justinshore.com>

The output is pretty basic.  The first couple of lines are CVS output 
lines that pertain to the filename in the repository and what revisions 
are being diffed to generate the overall output.  I'm not exactly sure 
what the next line is (I'm not a CVS buff) but it's essentially telling 
you what line in the file the snippet of diff output came from or 
something along those lines.  You can just ignore those lines.  The real 
meat of the diff is the +/- lines.  As you can tell "ip http server" was 
removed from the file (note the "-") and "no ip http server" was added 
to the config (note the "+").  Everything else around the +/- lines are 
there for context essentially, so you can see in the file where the 
changes have been made.  Try adding a 20 line ACL and rerun rancid-run. 
  Then make a few changes in the middle of the ACL.  You'll see how it 
works pretty quickly.  It will be evident once you start using it.

Justin


Jayaraj, Chandrasekaran wrote:
> Hi All ,
> 
> Thanks for all your inputs .It was an eye opener for me . I will have to
> make this work with my current cisco tacacs configuration that I have .
> 
> But still I see a good amount of information using the GUI on what has
> changed. 
> 
> By the way can anyone say what are these lines (sample of my diff
> output)
> 
> Index: configs/10.132.17.66
> ===================================================================
> retrieving revision 1.7
> diff -U4 -r1.7 10.132.17.66        
> @@ -498,9 +498,9 @@     - I don't understand what this line means
>    no ip address                 - Also it always shows these 3 lines.
>    no ip route-cache
>    shutdown
>   !
> - ip http server
> + no ip http server
>   !
>   ip access-list extended Core_marking_AF12_Admin
>    permit tcp any any eq smtp
>    permit tcp any eq smtp any
> 
> While actually what I changed on the switch was the lines after the +
> sign .
> 
> Anyone have a document on how to understand this output ?  ( I am aware
> of the cvs-web and its cool but I would to like this to explain this
> thing to my managers who will see this email stuff only ) 
> 
> warm regards,
> ------------------------------------------------------------------------
> -----
> Chandrasekaran J
>  
> ------------------------------------------------------------------------
> -----
> -----Original Message-----
> From: john heasley [mailto:heas at shrubbery.net] 
> Sent: Monday, June 25, 2007 10:59 PM
> To: Jayaraj, Chandrasekaran
> Cc: rancid-discuss at shrubbery.net
> Subject: Re: [rancid] Re: Need to know if mutiple usernames can be set
> in the.clogin file
> 
> Mon, Jun 25, 2007 at 01:16:17PM +0530, Jayaraj, Chandrasekaran:
>>
>> Hi ,
>>
>> Thanks for the swift response . We do have cisco tacacs installed
> using
>> ACS.
>>
>> Even when we have that there may be multiple users who will be a part
> of
>> the authentication group who will actually have level 15 access . 
>>
>> So say for eg we have a group called noc-users and there are 3 users
>> namely user1 ,user2 ,user3 who will have privilege 15 access . 
>>
>> But currently my cloginrc file has the entry in below format
>>
>> add user *      user1 and 
>>
>> add password * testpwd enabletestpwd
>>
>>
>>
>> So how can I check if I login as a user2 and do some change ? 
> 
> each user has their own HOME and  $HOME/.cloginrc.
> 
>> Currently all I get from rancid is that a diff output mail with the
>> difference and no mention of the username doing the change .
> 
> The others are correct, there is no attribution and no way to be certain
> of
> it without tacacs (or radius?) login and command accounting.  You can
> further
> associate specific changes with rancid by using SEC; see the rancid FAQ,
> section 3 question 5.  With the time from the accounting logs, you can
> approximately determine the user; approximate because multiple change
> could
> occur in the time taken for the collection.
> This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
> without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
> interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
> damage caused by this email and may monitor email traffic.
> 
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> 
> 


From AElliott at xo.com  Tue Jun 26 19:51:39 2007
From: AElliott at xo.com (Elliott, Andrew)
Date: Tue, 26 Jun 2007 15:51:39 -0400
Subject: [rancid]  GSR 12k - sho diag / missing subslot spa info
Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net>

Hello,

I have been recently asked that my router backups include the SUBSLOT
line from 'sho diag' on the 12k's.

Here is an example (trimmed for brevity) of the output I want rancid to
parse:

SLOT 1  (RP/LC 1 ): Modular SPA Interface Card (10G)
-snip-

  SPA Information:
        subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok
        subslot 1/1: Empty
        subslot 1/2: Empty
        subslot 1/3: Empty

SUBSLOT  1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port
Adapter
        Product Identifier (PID) : SPA-10X1GE-V2
-snip-

This is a new card type that we have recently begun deploying, and
currently all that is backed up is the main SPA IC information, not the
info on the "SUBSLOT" or "SPA -> subslot" lines.

It is possible I am using a version of rancid that needs to be upgraded
and/or patched.  

## $Id: rancid.in,v 1.172 2004/03/14 16:57:05 heas Exp $

Any advice would be greatly appreciated.


-andrew

From Chandrasekaran.Jayaraj at in.standardchartered.com  Wed Jun 27 10:40:31 2007
From: Chandrasekaran.Jayaraj at in.standardchartered.com (Jayaraj,
	Chandrasekaran)
Date: Wed, 27 Jun 2007 16:10:31 +0530
Subject: [rancid]  Rancid -question
Message-ID: <FE9A7CE61D39E84F9C160F36E6D564C86AC33D@INHADXMB102V.zone1.scb.net>

Hi All ,

 

Rancid does the comparison with the running config on the router . Is
there a way to make it compare only using the startup configs ? 

 

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J

 

Senior Technical Analyst, Network Center of Excellence,



 

This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070627/85e545b0/attachment.html 

From rancid at gheek.net  Wed Jun 27 17:36:13 2007
From: rancid at gheek.net (Lance)
Date: Wed, 27 Jun 2007 10:36:13 -0700
Subject: [rancid] Re: Rancid -question
Message-ID: <20070627103612.8e114e4890519e5179c192e02d6bca26.1ce12dbe42.wbe@email.secureserver.net>

Chandrasekaran,

Maybe I am crazy, but I would think you would just need to make a small
adjustment to the code so it will run a show start. If I am right it
would be a simple piece of code.

Maybe even make a copy of RANCIDs script but alter it and change the
show run/write term, to show start. But remember want to remove any of
the old command reference to show run/write term. otherwise you will get
both.

-Lance

> -------- Original Message --------
> Subject: [rancid]  Rancid -question
> From: "Jayaraj, Chandrasekaran"
> <Chandrasekaran.Jayaraj at in.standardchartered.com>
> Date: Wed, June 27, 2007 3:40 am
> To: <rancid-discuss at shrubbery.net>
> 
> Hi All ,
> 
> 
> 
> Rancid does the comparison with the running config on the router . Is
> there a way to make it compare only using the startup configs ?
> 
> 
> 
> warm regards,
> ------------------------------------------------------------------------
> -----
> Chandrasekaran J
> 
> 
> 
> Senior Technical Analyst, Network Center of Excellence,
> 
> 
> 
> 
> 
> This email is confidential. If you are not the addressee tell the
> sender immediately and destroy this email
> without using, sending or storing it. Emails are not secure and may
> suffer errors, viruses, delay,
> interception and amendment. Standard Chartered PLC and subsidiaries
> ("SCGroup") do not accept liability for
> damage caused by this email and may monitor email traffic.<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From testure at ntlworld.com  Tue Jun 26 14:07:53 2007
From: testure at ntlworld.com (Coffey Winston)
Date: Tue, 26 Jun 2007 22:07:53 +0800
Subject: [rancid] The life has worsened? Depression has attacked you? STOP!
Message-ID: <01c7b83e$71546d30$1d6d1748@testure>


Hi,
Depression?
 
Life is bad? You do not wish to live? Depression? STOP! 
You have dropped from work? Depression? STOP! 
Problems in family? Depression? STOP!
The life has worsened? Depression has attacked? SAY STOP! 
We know how to kill Depression! Try Prozac!Only 1.99$ per pillOUR SITE:  RideSuch  .hk
 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070626/4d0956fd/attachment.html 

From tex at off.org  Wed Jun 27 17:40:50 2007
From: tex at off.org (Austin Schutz)
Date: Wed, 27 Jun 2007 10:40:50 -0700
Subject: [rancid] Re: Rancid -question
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C86AC33D@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C86AC33D@INHADXMB102V.zone1.scb.net>
Message-ID: <20070627174050.GQ3746@gblx.net>

On Wed, Jun 27, 2007 at 04:10:31PM +0530, Jayaraj, Chandrasekaran wrote:
> Hi All ,
> 
>  
> 
> Rancid does the comparison with the running config on the router . Is
> there a way to make it compare only using the startup configs ? 
> 
>  

	Where the code says

        {'show running-config'          => 'WriteTerm'},

	in rancid.in change it to startup-config. There is no rancid
configuration to support this without modifying the code.

	Austin

From lance at gheek.net  Wed Jun 27 17:35:35 2007
From: lance at gheek.net (Lance Vermilion)
Date: Wed, 27 Jun 2007 10:35:35 -0700
Subject: [rancid] Re: Rancid -question
Message-ID: <20070627103535.8e114e4890519e5179c192e02d6bca26.5c29552c02.wbe@email.secureserver.net>

Chandrasekaran,

Maybe I am crazy, but I would think you would just need to make a small
adjustment to the code so it will run a show start. If I am right it
would be a simple piece of code.

Maybe even make a copy of RANCIDs script but alter it and change the
show run/write term, to show start. But remember want to remove any of
the old command reference to show run/write term. otherwise you will get
both.

-Lance
> -------- Original Message --------
> Subject: [rancid]  Rancid -question
> From: "Jayaraj, Chandrasekaran"
> <Chandrasekaran.Jayaraj at in.standardchartered.com>
> Date: Wed, June 27, 2007 3:40 am
> To: <rancid-discuss at shrubbery.net>
> 
> Hi All ,
> 
> 
> 
> Rancid does the comparison with the running config on the router . Is
> there a way to make it compare only using the startup configs ?
> 
> 
> 
> warm regards,
> ------------------------------------------------------------------------
> -----
> Chandrasekaran J
> 
> 
> 
> Senior Technical Analyst, Network Center of Excellence,
> 
> 
> 
> 
> 
> This email is confidential. If you are not the addressee tell the
> sender immediately and destroy this email
> without using, sending or storing it. Emails are not secure and may
> suffer errors, viruses, delay,
> interception and amendment. Standard Chartered PLC and subsidiaries
> ("SCGroup") do not accept liability for
> damage caused by this email and may monitor email traffic.<hr>_______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


From heas at shrubbery.net  Wed Jun 27 18:41:42 2007
From: heas at shrubbery.net (john heasley)
Date: Wed, 27 Jun 2007 11:41:42 -0700
Subject: [rancid] Re: GSR 12k - sho diag / missing subslot spa info
In-Reply-To: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net>
References: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net>
Message-ID: <20070627184142.GV22136@shrubbery.net>

Tue, Jun 26, 2007 at 03:51:39PM -0400, Elliott, Andrew:
> Hello,
> 
> I have been recently asked that my router backups include the SUBSLOT
> line from 'sho diag' on the 12k's.
> 
> Here is an example (trimmed for brevity) of the output I want rancid to
> parse:
> 
> SLOT 1  (RP/LC 1 ): Modular SPA Interface Card (10G)
> -snip-
> 
>   SPA Information:
>         subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok
>         subslot 1/1: Empty
>         subslot 1/2: Empty
>         subslot 1/3: Empty
> 
> SUBSLOT  1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port
> Adapter
>         Product Identifier (PID) : SPA-10X1GE-V2
> -snip-
> 
> This is a new card type that we have recently begun deploying, and
> currently all that is backed up is the main SPA IC information, not the
> info on the "SUBSLOT" or "SPA -> subslot" lines.

I'd need to have the complete output; I don't have GSRs anymore.

> It is possible I am using a version of rancid that needs to be upgraded
> and/or patched.  

possibly.  'show inventory' has been added and that ought to include this
information...if cisco has gotten around to adding it to this platform
yet.

From AElliott at xo.com  Wed Jun 27 20:50:58 2007
From: AElliott at xo.com (Elliott, Andrew)
Date: Wed, 27 Jun 2007 16:50:58 -0400
Subject: [rancid] Re: GSR 12k - sho diag / missing subslot spa info
In-Reply-To: <20070627184142.GV22136@shrubbery.net>
References: <3B715C4683E2F54DBC36ECDD2CA70F5301F14628@VARESTMAIL03.mail.inthosts.net>
	<20070627184142.GV22136@shrubbery.net>
Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14633@VARESTMAIL03.mail.inthosts.net>


> > Hello,
> > 
> > I have been recently asked that my router backups include 
> the SUBSLOT
> > line from 'sho diag' on the 12k's.
> > 
> > Here is an example (trimmed for brevity) of the output I 
> want rancid to
> > parse:
> > 
> > SLOT 1  (RP/LC 1 ): Modular SPA Interface Card (10G)
> > -snip-
> > 
> >   SPA Information:
> >         subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok
> >         subslot 1/1: Empty
> >         subslot 1/2: Empty
> >         subslot 1/3: Empty
> > 
> > SUBSLOT  1/0 (SPA-10X1GE-V2): 10-port Gigabit Ethernet Shared Port
> > Adapter
> >         Product Identifier (PID) : SPA-10X1GE-V2
> > -snip-
> > 
> > This is a new card type that we have recently begun deploying, and
> > currently all that is backed up is the main SPA IC 
> information, not the
> > info on the "SUBSLOT" or "SPA -> subslot" lines.
> 
> I'd need to have the complete output; I don't have GSRs anymore.
>
CHR1.NYC-NY#sho diag 1

SLOT 1  (RP/LC 1 ): Modular SPA Interface Card (10G)
  MAIN: type 149,  00-0000-00 rev A0
        Deviation:  D090170
        HW config: 0x20    SW key: 00-00-00
  PCA:  00-00000-00 rev A0 ver 4
        Design Release 1.0  S/N SAD000000M0
  MBUS: Embedded Agent
        Test hist: 0x00    RMA#: 00-00-00    RMA hist: 0x00
  DIAG: Test count: 0x00000000    Test results: 0x00000000
  FRU:  Linecard/Module: 12000-SIP-601=
        Processor Memory: MEM-LC5-2048=(Non-Replaceable)
        Packet Memory: MEM-LC5-PKT-256=(Non-Replaceable)
  L3 Engine: 5 - ISE 10 Gbps
  MBUS Agent Software version 2.51 (RAM) (ROM version is 3.50)
  ROM Monitor version 17.1
  Fabric Downloader version used 4.1 (ROM version is 4.1)
  Primary clock is CSC 1
  Board is analyzed
  Board State is Line Card Enabled (IOS  RUN )
  Insertion time: 00:22:52 (2w4d ago)
  Processor Memory size: 2147483648 bytes
  TX Packet Memory size: 268435456 bytes, Packet Memory pagesize: 32768
bytes
  RX Packet Memory size: 268435456 bytes, Packet Memory pagesize: 32768
bytes
  0 crashes since restart

  SPA Information:
        subslot 1/0: SPA-10X1GE-V2 (0x508), status is ok
        subslot 1/1: Empty
        subslot 1/2: Empty
        subslot 1/3: Empty
CHR1.NYC-NY#

> 
> > It is possible I am using a version of rancid that needs to 
> be upgraded
> > and/or patched.  
> 
> possibly.  'show inventory' has been added and that ought to 
> include this
> information...if cisco has gotten around to adding it to this platform
> yet.
> 

Looks like this might be the best way to go.  From the show inventory:

NAME: "slot 1", DESCR: "ISE 10G Modular Services Card v2"
PID: 12000-SIP-601     , VID: V02, SN: SAD111403M0

NAME: "SPA subslot 1/0", DESCR: "10-port Gigabit Ethernet Shared Port
Adapter"
PID: SPA-10X1GE-V2     , VID: V01, SN: JAB111701NG


From Chandrasekaran.Jayaraj at IN.STANDARDCHARTERED.COM  Thu Jun 28 13:13:18 2007
From: Chandrasekaran.Jayaraj at IN.STANDARDCHARTERED.COM (Jayaraj,
	Chandrasekaran)
Date: Thu, 28 Jun 2007 18:43:18 +0530
Subject: [rancid]  telnet to a different port
Message-ID: <FE9A7CE61D39E84F9C160F36E6D564C86ACE9E@INHADXMB102V.zone1.scb.net>

Hi Friends ,

 

My environment demands that I need to telnet to a port other than 23 for
logging into a device .  How do I change it in the clogin file in the
/usr/local/rancid home directory .

 

warm regards,
------------------------------------------------------------------------
-----
Chandrasekaran J

 

------------------------------------------------------------------------
-----

 

This email is confidential. If you are not the addressee tell the sender immediately and destroy this email
without using, sending or storing it. Emails are not secure and may suffer errors, viruses, delay,
interception and amendment. Standard Chartered PLC and subsidiaries ("SCGroup") do not accept liability for
damage caused by this email and may monitor email traffic.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/6208ca96/attachment.html 

From AElliott at xo.com  Thu Jun 28 14:43:41 2007
From: AElliott at xo.com (Elliott, Andrew)
Date: Thu, 28 Jun 2007 10:43:41 -0400
Subject: [rancid]  Cvsweb question
Message-ID: <3B715C4683E2F54DBC36ECDD2CA70F5301F14637@VARESTMAIL03.mail.inthosts.net>

Hello,

I recently moved my cvs repository to a new box, and although all the
backups are working and I am having no problems with the diffs, I can
not seem to get cvsweb to display correctly.

In each level of the heirarchy, I get the following error:

NOTE: There are X files, but none matches the current tag ()

Googling has not been fruitful.  If anyone has run into this before,
please let me know what I should be looking at.  

So far, I have confirmed the permissions are set correctly and the paths
are correct.  As stated above, the repository is working as expected and
being updated with each run.

Thanks in advance,

-andrew

From Todd at equivoice.com  Thu Jun 28 16:14:05 2007
From: Todd at equivoice.com (Todd Heide)
Date: Thu, 28 Jun 2007 11:14:05 -0500
Subject: [rancid]  Current stable version?
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local>

What is the current stable version of Rancid? I am building a new box
due to the current one having hardware issues, and the OS is FC6, the
current is FC4.


 

Thanks

       

 

CCNA CWLSS CS-CISecS

 

Nothing ever goes as planned, Its a hell of a notion, 

Even pharaohs turn to sand, Like a drop in the ocean

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image001.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 3203 bytes
Desc: image002.gif
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/0753bf52/attachment.gif 

From mstefani at redhat.com  Thu Jun 28 16:27:26 2007
From: mstefani at redhat.com (Michael Stefaniuc)
Date: Thu, 28 Jun 2007 18:27:26 +0200
Subject: [rancid] Re: Current stable version?
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local>
References: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local>
Message-ID: <4683E16E.4060308@redhat.com>

Todd Heide wrote:
> What is the current stable version of Rancid? I am building a new box 
> due to the current one having hardware issues, and the OS is FC6, the 
> current is FC4. 
Afaik 2.3.1 is still counted as the last stable version but i doubt you 
will be happy with that one. Especially if you need/want one of the 
extra features/patches that float on the mailing list. Backporting that 
is just too much work. 2.3.2aX worked/works fine for me.

bye
	michael
-- 
Michael Stefaniuc               Tel.: +49-711-96437-199
Sr. Network Engineer            Fax.: +49-711-96437-111
Red Hat GmbH                    Email: mstefani at redhat.com
Hauptstaetterstr. 58            http://www.redhat.de/
D-70178 Stuttgart

From Todd at equivoice.com  Thu Jun 28 17:18:24 2007
From: Todd at equivoice.com (Todd Heide)
Date: Thu, 28 Jun 2007 12:18:24 -0500
Subject: [rancid] Re: Current stable version?
In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22076F2C4@exchange.Equivoice.local>
Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22076F2DD@exchange.Equivoice.local>

 

Also, is it possible to move the current repository of backups to the
new server? I use CVS for this. 

Thanks

Todd Heide

Equivoice Inc.

       

 

CCNA CWLSS CS-CISecS

847-235-3308

 

Nothing ever goes as planned, Its a hell of a notion, 

Even pharaohs turn to sand, Like a drop in the ocean

________________________________

From: rancid-discuss-bounces at shrubbery.net
[mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Todd Heide
Sent: Thursday, June 28, 2007 11:14 AM
To: rancid-discuss at shrubbery.net
Subject: [rancid] Current stable version?

 

What is the current stable version of Rancid? I am building a new box
due to the current one having hardware issues, and the OS is FC6, the
current is FC4.


 

Thanks

      

 

CCNA CWLSS CS-CISecS

 

Nothing ever goes as planned, Its a hell of a notion, 

Even pharaohs turn to sand, Like a drop in the ocean

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image002.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 3203 bytes
Desc: image003.gif
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1450 bytes
Desc: image004.jpg
Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/262dbfdc/attachment-0001.jpe 

From heas at shrubbery.net  Thu Jun 28 17:28:59 2007
From: heas at shrubbery.net (john heasley)
Date: Thu, 28 Jun 2007 10:28:59 -0700
Subject: [rancid] Re: telnet to a different port
In-Reply-To: <FE9A7CE61D39E84F9C160F36E6D564C86ACE9E@INHADXMB102V.zone1.scb.net>
References: <FE9A7CE61D39E84F9C160F36E6D564C86ACE9E@INHADXMB102V.zone1.scb.net>
Message-ID: <20070628172859.GU22136@shrubbery.net>

Thu, Jun 28, 2007 at 06:43:18PM +0530, Jayaraj, Chandrasekaran:
> Hi Friends ,
> 
> 
> 
> My environment demands that I need to telnet to a port other than 23 for
> logging into a device .  How do I change it in the clogin file in the
> /usr/local/rancid home directory .
> 

cloginrc(5)

From david+rancid at luyer.net  Thu Jun 28 18:20:54 2007
From: david+rancid at luyer.net (David Luyer - RANCID)
Date: Thu, 28 Jun 2007 11:20:54 -0700 (PDT)
Subject: [rancid] RANCID fails if a 'write term' fails after a 'show run'
	succeeds
Message-ID: <61937.65.57.245.11.1183054854.squirrel@www.luyer.net>

G'day,

I noticed recently that RANCID fails when it attempts to back up
the configuration for a Cisco where it is permitted to do a
"show run" but not permitted to do a "write term".  Since in this
case it wouldn't actually use the output of the "write term" so it
should ignore this and succeed.

The fix is trivial, move the 'return(0)' up a few lines.

Here's a patch (fixing other related cases too):

--- rancid.in.orig      2007-06-28 10:42:15.000000000 -0700
+++ rancid.in   2007-06-28 10:43:19.000000000 -0700
@@ -155,8 +155,8 @@
        next if (/^(\s*|\s*$cmd\s*)$/);
        return(1) if /Line has invalid autocommand /;
        return(1) if /(Invalid input detected|Type help or )/;
-       return(-1) if (/command authorization failed/i);
        return(0) if ($found_version);          # Only do this routine once
+       return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
            my($len) = length($1);
@@ -480,8 +480,8 @@
        #return(1) if ($type !~ /^7/);
        return(1) if /Line has invalid autocommand /;
        return(1) if /(Invalid input detected|Type help or )/;
-       return(-1) if (/command authorization failed/i);
        return(0) if ($found_env);              # Only do this routine once
+       return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
            my($len) = length($1);
@@ -939,8 +939,8 @@
        # return(1) if ($type !~ /^(12[40]|720|36|26)/);
        return(1) if /Line has invalid autocommand /;
        return(1) if /(Invalid input detected|Type help or )/;
-       return(-1) if (/command authorization failed/i);
        return(0) if ($found_diag);             # Only do this routine once
+       return(-1) if (/command authorization failed/i);
        /^$/ && next;
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
@@ -1411,6 +1411,7 @@
        last if (/^$prompt/);
        return(1) if /Line has invalid autocommand /;
        return(1) if (/(Invalid input detected|Type help or )/i);
+       return(0) if ($found_end);              # Only do this routine once
        return(-1) if (/command authorization failed/i);
        # the pager can not be disabled per-session on the PIX
        if (/^(<-+ More -+>)/) {
@@ -1419,7 +1420,6 @@
        }

        /Non-Volatile memory is in use/  && return(-1); # NvRAM is locked
-       return(0) if ($found_end);              # Only do this routine once
        $linecnt++;
        $lineauto = 0 if (/^[^ ]/);
        # skip the crap

David.


From tfpedroso at gmail.com  Thu Jun 28 13:52:31 2007
From: tfpedroso at gmail.com (Tiago Faro Pedroso)
Date: Thu, 28 Jun 2007 14:52:31 +0100
Subject: [rancid] Re: telnet to a different port
Message-ID: <3CDFE5E1-D1F5-4C82-9404-060FDF21DD37@gmail.com>

Hi,

        add method <router name glob> {ssh} [{...}]
               Defines,  in  order,  the connection methods to use  
for a device
               from the set {ssh, telnet,  rsh}.   Method  telnet   
may  have  a
               suffix, indicating an alternate TCP port, of the form  
":port".

so, I think add method <router> telnet:<altport> should do it...

Regards

Tiago Faro Pedroso
tfpedroso at gmail.com



On Jun 28, 2007, at 2:13 PM, Jayaraj, Chandrasekaran wrote:

> Hi Friends ,
>
>
>
> My environment demands that I need to telnet to a port other than  
> 23 for logging into a device .  How do I change it in the clogin  
> file in the /usr/local/rancid home directory .
>
>
>
> warm regards,
> ---------------------------------------------------------------------- 
> -------
> Chandrasekaran J
>
>
>
> ---------------------------------------------------------------------- 
> -------
>
>
>
> This email is confidential. If you are not the addressee tell the  
> sender immediately and destroy this email
> without using, sending or storing it. Emails are not secure and may  
> suffer errors, viruses, delay,
> interception and amendment. Standard Chartered PLC and subsidiaries  
> ("SCGroup") do not accept liability for
> damage caused by this email and may monitor email traffic.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20070628/96c4b4a2/attachment.html