From smunzani at comcast.net Fri May 1 13:51:54 2009 From: smunzani at comcast.net (Sam Munzani) Date: Fri, 01 May 2009 08:51:54 -0500 Subject: [rancid] Should we create a list of supported make/model? Message-ID: <49FAFE7A.7090909@comcast.net> Team, Here is something I compiled for my company. I hope that benefits others too. Feel free to add make/model to the list that has worked for you. The reason I started on this was, being tired of continuously answering questions of why its not backing up mds9xxx switch or VPN concentrator etc. I am publishing the list to my internal staff that what fits to the list is guaranteed to work with rancid and rest if work in progress. Cisco 18xx (all IOS versions) Cisco 25xx (all IOS versions) Cisco 28xx (all IOS versions) Cisco 26xx (all IOS versions) Cisco 36xx (all IOS versions) Cisco 38xx (all IOS versions) Cisco 7xxx (all IOS versions) Cisco 65xx Native Mode(all IOS versions) Cisco CSS switches(All models) Cisco ASA55xx - IOS version 7.2.x Cisco ASA55xx - IOS version 8.0.x Cisco ASA55xx - IOS version 7.1.x Cisco PIX - all models, all versions Netscreen all models - all ScreenOS versions Netscreen SSG models - all ScreenOS versions Cisco Catalysts switches with Native IOS - All models all IOS Does anybody know if Cisco ACE blades work with rancid? If yes, what version of rancid? I tried on an older version and it doesn't seem to work. Hope this helps, Thanks, Sam From babydr at baby-dragons.com Fri May 1 17:37:05 2009 From: babydr at baby-dragons.com (Mr. James W. Laferriere) Date: Fri, 1 May 2009 09:37:05 -0800 (AKDT) Subject: [rancid] Re: RANCID 2.3.2 , Patch against hlogin.in . In-Reply-To: <20090428181156.GH13146@shrubbery.net> References: <20090428181156.GH13146@shrubbery.net> Message-ID: Hello John & All , I still require this patch in order to have the 'paging' turned off correctly on all my hp equipment . This Patch has been working these devices for ~ 8 months now . This includes a9 a7 versions of rancid . Routers: 4 ProCurve Secure Router 7102dl SROS Version: J06.06 Switches: 1 HP J4813A ProCurve Switch 2524 Firmware revision F.05.34 6 HP J4813A ProCurve Switch 2524 Software revision F.05.59 2 ProCurve J4903A Switch 2824 Software revision I.10.32 3 ProCurve J4899B Switch 2650 Software revision H.10.31 Hth , JimL -- +------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network&System Engineer | 2133 McCullam Ave | Give me Linux | | babydr at baby-dragons.com | Fairbanks, AK. 99701 | only on AXP | +------------------------------------------------------------------+ -------------- next part -------------- --- /home/archive/rancid-2.3.2/bin/hlogin.in.orig 2009-05-01 08:27:03.000000000 -0800 +++ /home/archive/rancid-2.3.2/bin/hlogin.in 2009-05-01 08:31:12.000000000 -0800 @@ -501,6 +501,7 @@ # Turn off the pager and escape regex meta characters in the $prompt send "no page\r" + send "terminal length 0\r" regsub -all {[)(]} $prompt {\\&} reprompt regsub -all {^(.{1,11}).*([#>])$} $reprompt {\1([^#>\r\n]+)?[#>](\\([^)\\r\\n]+\\))?} reprompt expect { @@ -739,6 +740,7 @@ } elseif { $do_script } { # disable the pager send "no page\r" + send "terminal length 0\r" expect -re $prompt {} source $sfile catch {close}; From George.Nussbaum at l-3com.com Mon May 4 13:26:07 2009 From: George.Nussbaum at l-3com.com (George.Nussbaum at l-3com.com) Date: Mon, 4 May 2009 09:26:07 -0400 Subject: [rancid] changing email notification Message-ID: Hello, I was trying to follow the below mentioned FAQ about changing e-mail notifications using mail-list software. Can anyone provide a HOWTO or a sample as I am having difficulty. Thanks, George Q. I would like to collect device configurations every hour, but only receive diffs every Nth collection or every N hours. Is this possible? A. Certainly, but rancid does not provide such a mechanism natively. Two approaches are recommended: 1) Using your preferred mail-list software, add a list with a digest and configure your MTA (example: sendmail) to send diffs to the list. Configure the mail-list software to force the digest at the interval desired. This allows folks to choose which type they prefer, after each collection or every N hours. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090504/a5f5bf46/attachment.html From heas at shrubbery.net Mon May 4 16:13:33 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 4 May 2009 09:13:33 -0700 Subject: [rancid] Re: changing email notification In-Reply-To: References: Message-ID: <20090504161333.GA6380@shrubbery.net> Mon, May 04, 2009 at 09:26:07AM -0400, George.Nussbaum at l-3com.com: > Hello, > > I was trying to follow the below mentioned FAQ about changing e-mail > notifications using mail-list software. Can anyone provide a HOWTO or a > sample as I am having difficulty. this is a function of your maillist s/w, not rancid. See the maillist's documentation. From peter.serwe at gmail.com Fri May 8 00:18:06 2009 From: peter.serwe at gmail.com (Peter Serwe) Date: Thu, 7 May 2009 17:18:06 -0700 Subject: [rancid] Clock state generating diffs on Juniper M40e. Message-ID: How can I get the parser to ignore the clock state on a Juniper M40e? - # Selected for : 6 days, 3 hours, 47 minutes, 53 seconds + # Selected for : 6 days, 4 hours, 47 minutes, 56 seconds Every time rancid runs, it's generating that diff. Peter -- ???? From ville.leinonen at solodel.com Mon May 11 10:49:38 2009 From: ville.leinonen at solodel.com (Ville Leinonen) Date: Mon, 11 May 2009 13:49:38 +0300 (EEST) Subject: [rancid] Problem in rancid and subversion (CentOS), Message-ID: <50318.192.168.1.113.1242038978.squirrel@192.168.21.90> Hi, I just installed rancid and subversion. I can log in my sw's using clogin, but i can't get any configs in my CVS repos. Any suggestion what is wrong? Here is some log: starting: Mon May 4 13:23:55 EEST 2009 svn: '.' is not a working copy /home/manager/dead.letter... Saved message in /home/manager/dead.letter svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.29 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.30 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.31 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.32 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.33 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.41 svn: warning: '192.168.1.29' is not a working copy svn: warning: '192.168.1.30' is not a working copy svn: warning: '192.168.1.31' is not a working copy svn: warning: '192.168.1.32' is not a working copy svn: warning: '192.168.1.33' is not a working copy svn: warning: '192.168.1.41' is not a working copy Trying to get all of the configs. All routers sucessfully completed. svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet' is not a working copy ending: Mon May 4 13:24:19 EEST 2009 Subversion version is subversion-1.4.2-4.el5 ad rancid is rancid-2.3.2. Br, Ville From ville.leinonen at solodel.com Mon May 11 10:30:44 2009 From: ville.leinonen at solodel.com (Ville Leinonen) Date: Mon, 11 May 2009 13:30:44 +0300 (EEST) Subject: [rancid] Problem in rancid and subversion (CentOS), Message-ID: <50057.192.168.1.113.1242037844.squirrel@192.168.21.90> Hi, I just installed rancid and subversion. I can log in my sw's using clogin, but i can't get any configs in my CVS repos. Any suggestion what is wrong? Here is some log: starting: Mon May 4 13:23:55 EEST 2009 svn: '.' is not a working copy /home/manager/dead.letter... Saved message in /home/manager/dead.letter svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.29 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.30 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.31 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.32 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.33 svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet/configs' is not a working copy svn: Can't open file '/home/manager/rancid/var/PALnet/configs/.svn/entries': No such file or directory Added 192.168.1.41 svn: warning: '192.168.1.29' is not a working copy svn: warning: '192.168.1.30' is not a working copy svn: warning: '192.168.1.31' is not a working copy svn: warning: '192.168.1.32' is not a working copy svn: warning: '192.168.1.33' is not a working copy svn: warning: '192.168.1.41' is not a working copy Trying to get all of the configs. All routers sucessfully completed. svn: '.' is not a working copy svn: Can't open file '.svn/entries': No such file or directory svn: '/home/manager/rancid/var/PALnet' is not a working copy ending: Mon May 4 13:24:19 EEST 2009 Subversion version is subversion-1.4.2-4.el5 ad rancid is rancid-2.3.2. Br, Ville From rancid at veggiechinese.net Tue May 12 01:26:21 2009 From: rancid at veggiechinese.net (William Yardley) Date: Mon, 11 May 2009 18:26:21 -0700 Subject: [rancid] Foundry ServerIron Message-ID: <20090512012621.GE25050@mitch.veggiechinese.net> A few questions about getting a Foundry ServerIron setup and working with Rancid.... First, I have the following in .cloginrc: add user hostname.example.com rancid add password hostname.example.com [thepassword] add method hostname.example.com ssh add autoenable hostname.example.com 1 The user is connecting as a user which already should have the necessary permissions; I first tried: add noenable hostname.example.com 1 but then, if I run 'flogin hostname.example.com', I get: Error: no enable password for hostname.example.com in /var/rancid/.cloginrc. running 'clogin hostname.example.com' or 'flogin -noenable hostname.example.com' works as expected (i.e., I get to the router's prompt). Is this a bug or am I just trying to do things the wrong way? And in this case (using a user account with appropriate privs), is 'noenable' or 'autoenable' what I want? So far, I can login Ok with clogin / flogin (with the caveat above), but for whatever reason, after switching from 'noenable' to 'autoenable', I'm getting the following in the logs if I try to do a run: Trying to get all of the configs. hostname.example.com flogin error: Error: TIMEOUT reached hostname.example.com: missed cmd(s): show chassis,show module,show flash,show version,show running-config,write term hostname.example.com: End of run not found I notice that flogin is trying to run the following commands: show version;show chassis;show module;show flash;write term;show running-config Will it fail if some of these don't work? write term and show module don't work for me (not as the user I'm connecting as, and I believe not at all). TIA w From jethro.binks at strath.ac.uk Tue May 12 07:22:03 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 12 May 2009 08:22:03 +0100 (BST) Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512012621.GE25050@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> Message-ID: On Mon, 11 May 2009, William Yardley wrote: > A few questions about getting a Foundry ServerIron setup and working > with Rancid.... ... A couple of quick comments (no time for more): > The user is connecting as a user which already should have the necessary > permissions; What privilege level is this user? I have a user on Foundry with priv level '5' (readonly), but I also need: privilege exec level 5 skip-page-display I can't remember if I have also had to patch flogin to send the 'skip-page-display' display command, or whether it is in the default. I do have: add noenable hostname.example.com 1 > So far, I can login Ok with clogin / flogin (with the caveat above), but > for whatever reason, after switching from 'noenable' to 'autoenable', > I'm getting the following in the logs if I try to do a run: > > Trying to get all of the configs. > hostname.example.com flogin error: Error: TIMEOUT reached > hostname.example.com: missed cmd(s): show chassis,show module,show flash,show version,show running-config,write term > hostname.example.com: End of run not found > > I notice that flogin is trying to run the following commands: > show version;show chassis;show module;show flash;write term;show running-config > > Will it fail if some of these don't work? write term and show module > don't work for me (not as the user I'm connecting as, and I believe not > at all). As long as it can find the prompt again after a failed command, it should be OK. But you need to check your paging (also make sure you're running the latest rancid). To find out exactly where it is failing, you will need to grab the raw output, see the web page for more details. Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From bi at rackpeople.dk Tue May 12 12:16:32 2009 From: bi at rackpeople.dk (Brian Ipsen) Date: Tue, 12 May 2009 14:16:32 +0200 Subject: [rancid] Cisco ASA 8.2 software - changes.... Message-ID: Hi After I upgraded one of our ASA5500-series boxes to software 8.2 - I get notification about the change below every time rancid is run: - !Flash: 114 43 May 12 2009 02:06:03 coredumpinfo/coredump.cfg + !Flash: 114 43 May 12 2009 03:06:14 coredumpinfo/coredump.cfg The timestamp changes - depending on when the check is run... Is there an easy way of excluding this info from the config collection ?? Med venlig hilsen / Kind regards Brian Ipsen ? From tylerh at bandcon.com Tue May 12 16:35:22 2009 From: tylerh at bandcon.com (Tyler Hall) Date: Tue, 12 May 2009 09:35:22 -0700 Subject: [rancid] lg.cgi and locking Message-ID: <67B864FDA9789F4FA1A854AFD6A1F3C80CB82F2ABC@devo> Rancid's looking glass has a function in lg.conf called LG_SINGLE which determines if it should lock or not. Regardless of what I put in, it creates a lock file in /tmp for the router name, therefore if there are two people doing traceroutes on the lg at the exact same time, it will wait for one to complete before doing the other. Is it possible to stop locking and allow multiple requests to the lg? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090512/00a7b8d0/attachment.html From rancid at ale.cx Tue May 12 19:34:40 2009 From: rancid at ale.cx (alex) Date: Tue, 12 May 2009 20:34:40 +0100 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: References: Message-ID: <200905122034.40523.rancid@ale.cx> On Tuesday 12 May 2009 13:16:32 Brian Ipsen wrote: > I get notification about the change below every time rancid is run: > > - !Flash: 114 43 May 12 2009 02:06:03 coredumpinfo/coredump.cfg > + !Flash: 114 43 May 12 2009 03:06:14 coredumpinfo/coredump.cfg If you're getting core dumps that often, you might want to investigate why. alexd From rancid at veggiechinese.net Tue May 12 21:19:11 2009 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 12 May 2009 14:19:11 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: References: <20090512012621.GE25050@mitch.veggiechinese.net> Message-ID: <20090512211911.GG25050@mitch.veggiechinese.net> On Tue, May 12, 2009 at 08:22:03AM +0100, Jethro R Binks wrote: > On Mon, 11 May 2009, William Yardley wrote: > I have a user on Foundry with priv level '5' (readonly), but I also > need: > privilege exec level 5 skip-page-display level 5 doesn't seem to work for me - show doesn't work at all. We are using priv level 1 (context-based) with username rancid privilege 1 password ..... global all viewer Trying to set something for privilege level 1 doesn't seem to work (the level gets changed to '2' in the config, and paging isn't turned off), probably because it's role-based. I tried doing: username rancid enable skip-page-display but that set skip-page-display globally again, not just for that user. Also, it's been a while, but maybe francid should just send a 'terminal length 0' before starting, which I think would accomplish the same thing? I guess that's not done because not all versions of the foundry code support it? http://www.gossamer-threads.com/lists/rancid/users/3743 > > Will it fail if some of these don't work? write term and show module > > don't work for me (not as the user I'm connecting as, and I believe not > > at all). > > As long as it can find the prompt again after a failed command, it should > be OK. But you need to check your paging (also make sure you're running > the latest rancid). > > To find out exactly where it is failing, you will need to grab the raw > output, see the web page for more details. Yeah - the raw output shows it hanging on the prompt (which looks like: SSH at hostname> (where hostname is a single word made up of lower case letters) raw output from 'francid hostname.example.com' shows: hostname.example.com spawn ssh -c 3des -x -l rancid hostname.example.com rancid at hostname.example.com's password: SSH at hostname> [hangs there] I don't see an obvious way (in .cloginrc, anyway) to configure the prompt regex, nor do I see an obvious way to change the default ssh prompt. If I do 'flogin [host]', it similarly just hangs - I can't hit return, exit, or enter commands. w From rancid at veggiechinese.net Tue May 12 21:24:43 2009 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 12 May 2009 14:24:43 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512211911.GG25050@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> Message-ID: <20090512212443.GH25050@mitch.veggiechinese.net> On Tue, May 12, 2009 at 02:19:11PM -0700, William Yardley wrote: > If I do 'flogin [host]', it similarly just hangs - I can't hit return, > exit, or enter commands. ps: flogin -noenable does seem to do the trick (flogin succeeds and I can run commands). however, I still get $ flogin hostname.example.com hostname.example.com Error: no enable password for hostname.example.com in /var/rancid/.cloginrc. with this in .cloginrc: add noenable hostname.example.com 1 if I add noautoenable as well, flogin doesn't complain, but still hangs. w From heas at shrubbery.net Tue May 12 21:34:20 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 12 May 2009 14:34:20 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512211911.GG25050@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> Message-ID: <20090512213420.GQ25269@shrubbery.net> Tue, May 12, 2009 at 02:19:11PM -0700, William Yardley: > On Tue, May 12, 2009 at 08:22:03AM +0100, Jethro R Binks wrote: > > On Mon, 11 May 2009, William Yardley wrote: > > > I have a user on Foundry with priv level '5' (readonly), but I also > > need: > > > privilege exec level 5 skip-page-display > > level 5 doesn't seem to work for me - show doesn't work at all. We are > using priv level 1 (context-based) with > > username rancid privilege 1 password ..... > global all viewer > > Trying to set something for privilege level 1 doesn't seem to work (the > level gets changed to '2' in the config, and paging isn't turned off), > probably because it's role-based. I tried doing: > > username rancid > enable skip-page-display > > but that set skip-page-display globally again, not just for that user. > > Also, it's been a while, but maybe francid should just send a 'terminal > length 0' before starting, which I think would accomplish the same > thing? I guess that's not done because not all versions of the foundry > code support it? > http://www.gossamer-threads.com/lists/rancid/users/3743 > > > > Will it fail if some of these don't work? write term and show module > > > don't work for me (not as the user I'm connecting as, and I believe not > > > at all). > > > > As long as it can find the prompt again after a failed command, it should > > be OK. But you need to check your paging (also make sure you're running > > the latest rancid). > > > > To find out exactly where it is failing, you will need to grab the raw > > output, see the web page for more details. > > Yeah - the raw output shows it hanging on the prompt (which looks like: > > SSH at hostname> > > (where hostname is a single word made up of lower case letters) > > raw output from 'francid hostname.example.com' shows: > > hostname.example.com > spawn ssh -c 3des -x -l rancid hostname.example.com > rancid at hostname.example.com's password: > SSH at hostname> > [hangs there] if its autoenable, the prompt should end with '#'. > I don't see an obvious way (in .cloginrc, anyway) to configure the > prompt regex, nor do I see an obvious way to change the default ssh > prompt. > > If I do 'flogin [host]', it similarly just hangs - I can't hit return, > exit, or enter commands. > > w > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rancid at veggiechinese.net Tue May 12 21:42:00 2009 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 12 May 2009 14:42:00 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512213420.GQ25269@shrubbery.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> Message-ID: <20090512214200.GI25050@mitch.veggiechinese.net> On Tue, May 12, 2009 at 02:34:20PM -0700, john heasley wrote: > > raw output from 'francid hostname.example.com' shows: > > > > hostname.example.com > > spawn ssh -c 3des -x -l rancid hostname.example.com > > rancid at hostname.example.com's password: > > SSH at hostname> > > [hangs there] > > if its autoenable, the prompt should end with '#'. Yeah - then I guess it's noenable I want rather than autoenable. Any chance this is broken with foundry stuff on 2.3.2a10, or am I screwing something else up? RHEL 4u7, RPM of rancid built from the included specfile, Expect is version expect-5.42.1. w From heas at shrubbery.net Tue May 12 21:44:39 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 12 May 2009 14:44:39 -0700 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: References: Message-ID: <20090512214439.GR25269@shrubbery.net> Tue, May 12, 2009 at 02:16:32PM +0200, Brian Ipsen: > Hi > > After I upgraded one of our ASA5500-series boxes to software 8.2 - I get notification about the change below every time rancid is run: > > - !Flash: 114 43 May 12 2009 02:06:03 coredumpinfo/coredump.cfg > + !Flash: 114 43 May 12 2009 03:06:14 coredumpinfo/coredump.cfg > > The timestamp changes - depending on when the check is run... Is there an easy way of excluding this info from the config collection ?? what is that file for? From heas at shrubbery.net Tue May 12 21:48:03 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 12 May 2009 14:48:03 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512214200.GI25050@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> <20090512214200.GI25050@mitch.veggiechinese.net> Message-ID: <20090512214803.GT25269@shrubbery.net> Tue, May 12, 2009 at 02:42:00PM -0700, William Yardley: > On Tue, May 12, 2009 at 02:34:20PM -0700, john heasley wrote: > > > raw output from 'francid hostname.example.com' shows: > > > > > > hostname.example.com > > > spawn ssh -c 3des -x -l rancid hostname.example.com > > > rancid at hostname.example.com's password: > > > SSH at hostname> > > > [hangs there] > > > > if its autoenable, the prompt should end with '#'. > > Yeah - then I guess it's noenable I want rather than autoenable. Any > chance this is broken with foundry stuff on 2.3.2a10, or am I screwing > something else up? i dont think so. it should enable next, be sure that it does that and and flogin -c 'show vers;show vers' works > RHEL 4u7, RPM of rancid built from the included specfile, Expect is > version expect-5.42.1. and the expect patch available on the rancid web site. From rancid at veggiechinese.net Tue May 12 22:00:02 2009 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 12 May 2009 15:00:02 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512214803.GT25269@shrubbery.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> <20090512214200.GI25050@mitch.veggiechinese.net> <20090512214803.GT25269@shrubbery.net> Message-ID: <20090512220002.GJ25050@mitch.veggiechinese.net> On Tue, May 12, 2009 at 02:48:03PM -0700, john heasley wrote: > Tue, May 12, 2009 at 02:42:00PM -0700, William Yardley: > > On Tue, May 12, 2009 at 02:34:20PM -0700, john heasley wrote: > > > > raw output from 'francid hostname.example.com' shows: > > > > > > > > hostname.example.com > > > > spawn ssh -c 3des -x -l rancid hostname.example.com > > > > rancid at hostname.example.com's password: > > > > SSH at hostname> > > > > [hangs there] > > > > > > if its autoenable, the prompt should end with '#'. > > > > Yeah - then I guess it's noenable I want rather than autoenable. Any > > chance this is broken with foundry stuff on 2.3.2a10, or am I screwing > > something else up? > > i dont think so. it should enable next, be sure that it does that and > and flogin -c 'show vers;show vers' works It should enable even when 'noenable' is set (and autoenable is not set)? The thing I'm saying might be a bug is the fact that noenable seems to be getting ignored in .cloginrc (with flogin, but *not* clogin). Just to make sure we're talking about the same thing, the device in question should happily do the commands needed *without* enabling at all. I belive 'noenable 1' is what I need to set for that. As I said, running flogin with -noenable works Ok, but flogin with noenable set in .cloginrc spits out an error. FWIW, "flogin -noenable -c 'show vers;show vers'" works fine. > > RHEL 4u7, RPM of rancid built from the included specfile, Expect is > > version expect-5.42.1. > > and the expect patch available on the rancid web site. Oh - that may be part of my problem -- I had thought the expect patch was only necessary with versions of expect < 5.40, but just realized that that's not the case. w From heas at shrubbery.net Tue May 12 22:31:35 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 12 May 2009 15:31:35 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512220002.GJ25050@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> <20090512214200.GI25050@mitch.veggiechinese.net> <20090512214803.GT25269@shrubbery.net> <20090512220002.GJ25050@mitch.veggiechinese.net> Message-ID: <20090512223135.GA25269@shrubbery.net> Tue, May 12, 2009 at 03:00:02PM -0700, William Yardley: > On Tue, May 12, 2009 at 02:48:03PM -0700, john heasley wrote: > > Tue, May 12, 2009 at 02:42:00PM -0700, William Yardley: > > > On Tue, May 12, 2009 at 02:34:20PM -0700, john heasley wrote: > > > > > raw output from 'francid hostname.example.com' shows: > > > > > > > > > > hostname.example.com > > > > > spawn ssh -c 3des -x -l rancid hostname.example.com > > > > > rancid at hostname.example.com's password: > > > > > SSH at hostname> > > > > > [hangs there] > > > > > > > > if its autoenable, the prompt should end with '#'. > > > > > > Yeah - then I guess it's noenable I want rather than autoenable. Any > > > chance this is broken with foundry stuff on 2.3.2a10, or am I screwing > > > something else up? > > > > i dont think so. it should enable next, be sure that it does that and > > and flogin -c 'show vers;show vers' works > > It should enable even when 'noenable' is set (and autoenable is not > set)? The thing I'm saying might be a bug is the fact that noenable > seems to be getting ignored in .cloginrc (with flogin, but *not* > clogin). > > Just to make sure we're talking about the same thing, the device in > question should happily do the commands needed *without* enabling at > all. I belive 'noenable 1' is what I need to set for that. As I said, > running flogin with -noenable works Ok, but flogin with noenable set in > .cloginrc spits out an error. > > FWIW, "flogin -noenable -c 'show vers;show vers'" works fine. do it w/o the -noenable. francid also expects the '#' prompt. > > > RHEL 4u7, RPM of rancid built from the included specfile, Expect is > > > version expect-5.42.1. > > > > and the expect patch available on the rancid web site. > > Oh - that may be part of my problem -- I had thought the expect patch > was only necessary with versions of expect < 5.40, but just realized > that that's not the case. Afaik, ALL versions on linux or solaris. From rancid at veggiechinese.net Tue May 12 23:18:03 2009 From: rancid at veggiechinese.net (William Yardley) Date: Tue, 12 May 2009 16:18:03 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512223135.GA25269@shrubbery.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> <20090512214200.GI25050@mitch.veggiechinese.net> <20090512214803.GT25269@shrubbery.net> <20090512220002.GJ25050@mitch.veggiechinese.net> <20090512223135.GA25269@shrubbery.net> Message-ID: <20090512231803.GA13786@mitch.veggiechinese.net> On Tue, May 12, 2009 at 03:31:35PM -0700, john heasley wrote: > > > FWIW, "flogin -noenable -c 'show vers;show vers'" works fine. > > do it w/o the -noenable. francid also expects the '#' prompt. So there's no way to use (unmodified) Rancid to get a device's config when there's no "#" prompt, even with noenable set in the .cloginrc? In this case, what I'm trying to do is to collect the needed information with a user that has exactly the level of permissions to collect that information. Since the user has permissions to get the needed information, there's no need for the router to be in enable mode to get what I need. w From Sam.Holley at gtri.gatech.edu Wed May 13 05:12:22 2009 From: Sam.Holley at gtri.gatech.edu (Sam.Holley at gtri.gatech.edu) Date: Wed, 13 May 2009 01:12:22 -0400 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: References: Message-ID: <8E8D2F59C322B64598D5CBAA2C882F4316C5FDA921@apatlisdmail19.core.gtri.org> I have been having the same issue since we upgraded to the new 8.2 code. Opened a case with TAC and was told that this was normal behavior in the new 8.2 code. The coredump.cfg file that I have contains three entries, they are there so that if I want to enable coredump in the config that it new how to configure it when needed. The TAC engineer suggested that I issue the no coredump enable command. When I told him that I had done that and that the configuration file timestamp still change at various times, he informed me that this was a normal behavior for the 8.2 code. Still looking for a way to exclude this from rancid when the check is run aginst my devices that are now running the new 8.2 code. ________________________________________ From: rancid-discuss-bounces at shrubbery.net [rancid-discuss-bounces at shrubbery.net] On Behalf Of Brian Ipsen [bi at rackpeople.dk] Sent: Tuesday, May 12, 2009 8:16 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Cisco ASA 8.2 software - changes.... Hi After I upgraded one of our ASA5500-series boxes to software 8.2 - I get notification about the change below every time rancid is run: - !Flash: 114 43 May 12 2009 02:06:03 coredumpinfo/coredump.cfg + !Flash: 114 43 May 12 2009 03:06:14 coredumpinfo/coredump.cfg The timestamp changes - depending on when the check is run... Is there an easy way of excluding this info from the config collection ?? Med venlig hilsen / Kind regards Brian Ipsen _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Wed May 13 17:13:45 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 13 May 2009 10:13:45 -0700 Subject: [rancid] Re: Foundry ServerIron In-Reply-To: <20090512231803.GA13786@mitch.veggiechinese.net> References: <20090512012621.GE25050@mitch.veggiechinese.net> <20090512211911.GG25050@mitch.veggiechinese.net> <20090512213420.GQ25269@shrubbery.net> <20090512214200.GI25050@mitch.veggiechinese.net> <20090512214803.GT25269@shrubbery.net> <20090512220002.GJ25050@mitch.veggiechinese.net> <20090512223135.GA25269@shrubbery.net> <20090512231803.GA13786@mitch.veggiechinese.net> Message-ID: <20090513171345.GI23366@shrubbery.net> Tue, May 12, 2009 at 04:18:03PM -0700, William Yardley: > On Tue, May 12, 2009 at 03:31:35PM -0700, john heasley wrote: > > > > > FWIW, "flogin -noenable -c 'show vers;show vers'" works fine. > > > > do it w/o the -noenable. francid also expects the '#' prompt. > > So there's no way to use (unmodified) Rancid to get a device's config > when there's no "#" prompt, even with noenable set in the .cloginrc? > > In this case, what I'm trying to do is to collect the needed information > with a user that has exactly the level of permissions to collect that > information. Since the user has permissions to get the needed > information, there's no need for the router to be in enable mode to get > what I need. There is no support for that, sorry. From tom.duijf at gmail.com Thu May 14 09:41:50 2009 From: tom.duijf at gmail.com (Tom Duijf) Date: Thu, 14 May 2009 11:41:50 +0200 Subject: [rancid] Patch for arancid - ignore extra lines which change every rancid-run Message-ID: Hi all, This is a small patch to fix a problem in arancid when using it for alteons in reduntant mode. Every rancid run 1 field changes, resulting in at least 1 (useless) change per run. ---------------------------------8<------------------------------------------- /c/sys/access/user /* usrpw - opw "89fdbea188f5aaa0a2b4f7e24b450952240c165c9d0c656f115b3bce4f3f7571" + opw "8c9f1d09081d08088496f6e2cbadabfa976ac365cae485f988b181638001451e" /* admpw ---------------------------------8<------------------------------------------- This patch does not remove 'opw' it just adds it to the 'remove password option' regexp. At least this way arancid 'shuts up' regarding the 'opw' stuff. Kindly include this patch (as is or completely ignoring 'opw') in future releases. Kind regards, Tom Duijf -------------- next part -------------- A non-text attachment was scrubbed... Name: arancid.in.patch-20090515 Type: application/octet-stream Size: 471 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090514/c460bea2/attachment.obj From arussos at comune.modena.it Thu May 14 12:44:35 2009 From: arussos at comune.modena.it (Andrea) Date: Thu, 14 May 2009 14:44:35 +0200 Subject: [rancid] Help on new devices Message-ID: <4A0C1233.8040708@comune.modena.it> Hi all !! I'm new to this list so, first of all, NICE MEETENG YOU ALL!! ...I've just installed RANCID and i find it really useful !! ..I'm the network admin of a distributed Net in which, unfortunately, i have to mantain and admin Cisco appliances, Enterasys swithces, 3COM switches and also Allied Telesyn swithces.. So i'm asking for hints or help in understanding if it's possible ( and HOW ) to use RANCID to get and mantain the config og Enterasys, 3COM ad AT Switches.. Thanks a lot in advance !! --Andrea From jethro.binks at strath.ac.uk Thu May 14 13:42:43 2009 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Thu, 14 May 2009 14:42:43 +0100 (BST) Subject: [rancid] Re: Help on new devices In-Reply-To: <4A0C1233.8040708@comune.modena.it> References: <4A0C1233.8040708@comune.modena.it> Message-ID: On Thu, 14 May 2009, Andrea wrote: > ..I'm the network admin of a distributed Net in which, unfortunately, i > have to mantain and admin Cisco appliances, Enterasys swithces, 3COM > switches and also Allied Telesyn swithces.. What models of 3Com? . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK From Bernhard.Fischer at Kurz.de Fri May 15 09:47:20 2009 From: Bernhard.Fischer at Kurz.de (Fischer Bernhard) Date: Fri, 15 May 2009 11:47:20 +0200 Subject: [rancid] access-problem Message-ID: <0ED090983FB34242B743789387E69C5F027DD645@defumss0034.kurz-group.com> Hi All, I'm a Rancid-Newby and have try a testinstallation on CentOS5.3 in a VM. For testing I've configured a Cisco C3560 and user rancid over Tacacs-Server. With clogin I can login and authenticate and become the prompt, but I can't execute any commands and receive a timeout. If I use the telnet-command all is working fine. Where is the error or where I can search? Thanks a lot in advance !! Bernhard LEONHARD KURZ Stiftung & Co. KG, Sitz der Gesellschaft: Furth, Registergericht Furth HR A 5526, personlich haftende Gesellschafterin: Leonhard Kurz Verwaltungs-Stiftung, Sitz der Stiftung: Furth, Registergericht Furth HR A 8969, Vorstande: Walter Kurz, Peter Kurz __________________________________ Alle Lieferungen und Leistungen von KURZ erfolgen ausschlie?lich auf der Grundlage unserer Allgemeinen Bedingungen fur die Lieferung von Folie, bzw. Maschinen und Ersatzteilen an Unternehmer, jeweils vom Stand November 2007 (AGB/AGBM), sowie der Technischen Spezifikation (TS) fur den jeweiligen Folien- bzw. Maschinentyp. Alle Lieferungen und Leistungen an KURZ erfolgen ausschlie?lich auf der Grundlage unserer Einkaufsbedingungen, Stand April 2008 (EKB). Die AGB/AGBM/EKB konnen Sie im Internet auf unserer Homepage unter www.kurz.de abrufen. Die AGB/AGBM/EKB und die TS senden wir Ihnen auf Wunsch auch gerne zu. All supplies and services of KURZ shall exclusively be subject to our Terms and Conditions of Sale of Foil or Machines/Machine Parts, respectively, to Business Customers, each of Edition November 2007 (T&C/T&CM), as well as the Technical Specification (TS) of the respective foil/machine. All supplies and services to KURZ shall exclusively be subject to our Terms and Conditions of Purchase, Edition April 2008 (T&C Purchase). You may find our T&C/T&CM and T&C Purchase on our homepage www.kurz.de. On request we will provide you with a paper copy of the T&C/T&CM/T&C Purchase and TS. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090515/513078d5/attachment.html From ron.whitney at doitbest.com Fri May 15 11:15:15 2009 From: ron.whitney at doitbest.com (Ron Whitney) Date: Fri, 15 May 2009 07:15:15 -0400 Subject: [rancid] Re: access-problem In-Reply-To: <0ED090983FB34242B743789387E69C5F027DD645@defumss0034.kurz-group.com> Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6501E4A98A@EXCHANGE1.ntserv.doitbestcorp.com> > With clogin I can login > and authenticate and become the prompt, but I can't execute > any commands and receive a timeout. When you log in, are you already in privlidged exec mode? (IWO, already enabled?) If so, Rancid may be waiting for the user exec prompt so it can issue the 'enable' command. The 'set autoenable {routername}' option in your .cloginrc should get around that. Good luck. Ron From Bernhard.Fischer at Kurz.de Fri May 15 12:01:24 2009 From: Bernhard.Fischer at Kurz.de (Fischer Bernhard) Date: Fri, 15 May 2009 14:01:24 +0200 Subject: [rancid] FW: access-problem Message-ID: <0ED090983FB34242B743789387E69C5F027DD6C5@defumss0034.kurz-group.com> Hi All, Many thanks to Ron, absolute correct: the reason was the -autoenable flag. Now is it working. Anymore thanks to All for the help. Bernhard ________________________________ From: Fischer Bernhard Sent: Freitag, 15. Mai 2009 11:47 To: 'rancid-discuss at shrubbery.net' Subject: access-problem Hi All, I'm a Rancid-Newby and have try a testinstallation on CentOS5.3 in a VM. For testing I've configured a Cisco C3560 and user rancid over Tacacs-Server. With clogin I can login and authenticate and become the prompt, but I can't execute any commands and receive a timeout. If I use the telnet-command all is working fine. Where is the error or where I can search? Thanks a lot in advance !! Bernhard LEONHARD KURZ Stiftung & Co. KG, Sitz der Gesellschaft: Furth, Registergericht Furth HR A 5526, personlich haftende Gesellschafterin: Leonhard Kurz Verwaltungs-Stiftung, Sitz der Stiftung: Furth, Registergericht Furth HR A 8969, Vorstande: Walter Kurz, Peter Kurz __________________________________ Alle Lieferungen und Leistungen von KURZ erfolgen ausschlie?lich auf der Grundlage unserer Allgemeinen Bedingungen fur die Lieferung von Folie, bzw. Maschinen und Ersatzteilen an Unternehmer, jeweils vom Stand November 2007 (AGB/AGBM), sowie der Technischen Spezifikation (TS) fur den jeweiligen Folien- bzw. Maschinentyp. Alle Lieferungen und Leistungen an KURZ erfolgen ausschlie?lich auf der Grundlage unserer Einkaufsbedingungen, Stand April 2008 (EKB). Die AGB/AGBM/EKB konnen Sie im Internet auf unserer Homepage unter www.kurz.de abrufen. Die AGB/AGBM/EKB und die TS senden wir Ihnen auf Wunsch auch gerne zu. All supplies and services of KURZ shall exclusively be subject to our Terms and Conditions of Sale of Foil or Machines/Machine Parts, respectively, to Business Customers, each of Edition November 2007 (T&C/T&CM), as well as the Technical Specification (TS) of the respective foil/machine. All supplies and services to KURZ shall exclusively be subject to our Terms and Conditions of Purchase, Edition April 2008 (T&C Purchase). You may find our T&C/T&CM and T&C Purchase on our homepage www.kurz.de. On request we will provide you with a paper copy of the T&C/T&CM/T&C Purchase and TS. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090515/54685fe8/attachment.html From dmack at verizon.com Fri May 15 14:32:06 2009 From: dmack at verizon.com (Mack, David A (Dave)) Date: Fri, 15 May 2009 10:32:06 -0400 Subject: [rancid] jerancid show version parsing Message-ID: <0DAA5BAA8EAFC64F83CE84A8A26848BB018C1C82@FHDP1LUMXCV11.us.one.verizon.com> Hello! We are current running rancid version, rancid-2.3.2a7 and have run into a parsing issue for JunOSE devices (ERX-1440s and E320s). It appears that certain slots are being excluded from the parsed output of sh version and we have a need to see those slots. Details are provided below: Raw output from show version: BLTMMD-VFTTP-37#sh ver Juniper Edge Routing Switch E320 Copyright (c) 1999-2008 Juniper Networks, Inc. All rights reserved. System Release: e320_9-0-1p0-7-3.rel Version: 9.0.1 patch-0.7.3 [BuildId 10622] (March 8, 2009 21:10) System running for: 352 days, 19 hours, 13 minutes, 28 seconds (since TUE MAY 27 2008 18:15:28 UTC) slot state type admin spare running release slot uptime ---- -------- ------- ------- ----- -------------------- -------------- 0 standby LM-10 enabled spare e320_9-0-1p0-7-3.rel --- 1 online LM-4 enabled --- e320_9-0-1p0-7-3.rel 16d08h:14m:38s 2 --- --- --- --- --- --- 3 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d08h:00m:20s 4 --- --- --- --- --- --- 5 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d07h:59m:56s 6 standby SRP-320 enabled --- e320_9-0-1p0-7-3.rel --- 6 online SFM-320 enabled --- --- 16d08h:31m:30s 7 online SRP-320 enabled --- e320_9-0-1p0-7-3.rel 16d08h:31m:38s 7 online SFM-320 enabled --- --- 16d08h:31m:18s 8 online SFM-320 enabled --- --- 16d08h:31m:24s 9 online SFM-320 enabled --- --- 16d08h:31m:11s 10 online SFM-320 enabled --- --- 16d08h:31m:15s 11 online LM-10 enabled spare e320_9-0-1p0-7-3.rel 10d04h:36m:12s 12 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d07h:53m:10s 13 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d07h:52m:17s 14 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d08h:08m:49s 15 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d07h:57m:12s 16 inactive LM-10 enabled --- e320_9-0-1p0-7-3.rel --- BLTMMD-VFTTP-37# Here is the parsed output: !RANCID-CONTENT-TYPE: Juniper_ERX ! !Chassis type: E320 - a Juniper Edge Routing Switch E320 ! !System Release: e320_9-0-1p0-7-3.rel !System Version: 9.0.1 patch-0.7.3 [BuildId 10622] (March 8, 2009 21:10) ! ! slot state type admin spare running release ! ---- -------- ------- ------- ----- -------------------- ! 1 online LM-4 enabled --- e320_9-0-1p0-7-3.rel ! 3 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 5 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 6 online SFM-320 enabled --- --- ! 7 online SRP-320 enabled --- e320_9-0-1p0-7-3.rel ! 7 online SFM-320 enabled --- --- ! 8 online SFM-320 enabled --- --- ! 9 online SFM-320 enabled --- --- ! 10 online SFM-320 enabled --- --- ! 12 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 13 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 14 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 15 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! Here is the section of code that I believe that is responsible for parsing: # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); my($slots); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); next if (/^Please wait/i); return(-1) if (/command authorization failed/i); /^Juniper Edge .* (\S+)$/ && ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1 - a $_") && next; /^System Release: / && ProcessHistory("COMMENTS","keysort","B1", "!$_") && next; /^\s+(Version: .*)$/ && ProcessHistory("COMMENTS","keysort","B1", "!System $1\n") && next; if (/^(slot .*)\s+slot uptime/i) { ($slots++); ProcessHistory("COMMENTS","keysort","B2", "!\n! $1\n"); next; } /^(--.*) --+$/ && $slots && ProcessHistory("COMMENTS","keysort","B2", "! $1\n") && next; if (/^(\d+ +\S+ +(\S+).*) \S+$/ && $slots) { my($line) = $1; if ($2 != /--+/) { ProcessHistory("COMMENTS","keysort","B3", "! $line\n"); } next; } } ProcessHistory("COMMENTS","keysort","B4","!\n"); return(0); } >From the output above you can see that the parsed output is missing slots 0, 11 and 16. We need to capture those slots as well. As a side note, the slot uptime is actually useful to us as well. I am not really very good with PERL, can someone help with this missing output? Thanks! Dave ______________________________________________________________ David A. Mack (703) 391-7787 (W) CCIE #6963 (SP and R&S) JNCIE-M #399 CISSP (703) 431-7617 (C) email: dmack at verizon.com ______________________________________________________________ "We are now the knights who say... Ping!" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 4266 bytes Desc: not available Url : http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090515/a5234d9a/attachment.bin From rauseefanmr5 at msn.com Fri May 15 05:21:00 2009 From: rauseefanmr5 at msn.com (Stefan Krause) Date: Fri, 15 May 2009 05:21:00 -0000 Subject: [rancid] Dear Customer Message-ID: <200905150033.n4F0XQxO026824@valinor.theunixman.com> Dear Customer, , I am corresponding to you on the basis of your Good Name and Address which I obtain through international reliable skills research for western union money transfer customers. My name is Mr.Stefan Krause and I am working with the Deutsche BANK AG, WESTERN UNION MONEY TRANSFER DEPARTMENT here in London . Be informed that the sum of $750,000.00usd have been awarded to you as a result of a compensation to you from the western union money transfer management board based on your good reputation as their good customer. Please kindly note that the funds will be transferring to you at the volume of $13,500 daily until your payment is complete. To start the transaction kindly contact the protocol chairman on (Mr.Rami Cabi), email: and kindly reconfirm the following to us to avoid making any mistake on the transfer: Your full names, phone numbers and your full address. Note: Your pin code is deutschebank/wumt/0009.And please make sure you use a valid ID as the funds will not be released to you if not with your original ID. Thanks, Stefan Krause Bank Deutsche Ag London. From peter.serwe at gmail.com Fri May 15 17:27:51 2009 From: peter.serwe at gmail.com (Peter Serwe) Date: Fri, 15 May 2009 10:27:51 -0700 Subject: [rancid] Re: Dear Customer In-Reply-To: <200905150033.n4F0XQxO026824@valinor.theunixman.com> References: <200905150033.n4F0XQxO026824@valinor.theunixman.com> Message-ID: How exciting, we've all been selected to receive $750,000.00usd! Scambait, anyone? 419eater.com Peter On Sat, Jan 1, 2005 at 3:57 PM, Stefan Krause wrote: > Dear Customer, , > > > > I am corresponding to you on the basis of your Good Name and Address which I obtain through international reliable skills research for western union money transfer customers. > > My name is Mr.Stefan Krause and I am working with the Deutsche BANK AG, WESTERN UNION MONEY TRANSFER DEPARTMENT here in London . > > > > Be informed that the sum of $750,000.00usd have been awarded to you as a result of a compensation to you from the western union money transfer management board based on your good reputation as their good customer. > > > > Please kindly note that the funds will be transferring to you at the volume of $13,500 daily until your payment is complete. To start the transaction kindly contact the protocol chairman on (Mr.Rami Cabi), email: and kindly reconfirm the following to us to avoid making any mistake on the transfer: Your full names, phone numbers and your full address. > > > > Note: Your pin code is deutschebank/wumt/0009.And please make sure you use a valid ID as the funds will not be released to you if not with your original ID. > > > > Thanks, > > Stefan Krause > > Bank Deutsche Ag > > London. > _____________________________________________ -- ???? From heas at shrubbery.net Fri May 15 17:36:19 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 15 May 2009 10:36:19 -0700 Subject: [rancid] Re: Patch for arancid - ignore extra lines which change every rancid-run In-Reply-To: References: Message-ID: <20090515173619.GG24192@shrubbery.net> Thu, May 14, 2009 at 11:41:50AM +0200, Tom Duijf: > Hi all, > > This is a small patch to fix a problem in arancid when using it for > alteons in reduntant mode. > > Every rancid run 1 field changes, resulting in at least 1 (useless) > change per run. > ---------------------------------8<------------------------------------------- > /c/sys/access/user > /* usrpw > - opw "89fdbea188f5aaa0a2b4f7e24b450952240c165c9d0c656f115b3bce4f3f7571" > + opw "8c9f1d09081d08088496f6e2cbadabfa976ac365cae485f988b181638001451e" > /* admpw > ---------------------------------8<------------------------------------------- > > This patch does not remove 'opw' it just adds it to the 'remove > password option' regexp. > At least this way arancid 'shuts up' regarding the 'opw' stuff. > > Kindly include this patch (as is or completely ignoring 'opw') in > future releases. I think that you intended this patch in reverse. right? From ismail at habari.co.tz Fri May 15 17:56:29 2009 From: ismail at habari.co.tz (Ismail M. Settenda) Date: Fri, 15 May 2009 20:56:29 +0300 Subject: [rancid] Re: Dear Customer In-Reply-To: References: <200905150033.n4F0XQxO026824@valinor.theunixman.com> Message-ID: <3c1cf0fd0905151056r3ca7f35awb31c142262e57e82@mail.gmail.com> Wait a minute ...waaiiit a minute ... what do u mean we??? It is all mine ...cse I saw it first. -- Ismail 2009/5/15 Peter Serwe > How exciting, we've all been selected to receive $750,000.00usd! > > Scambait, anyone? > > 419eater.com > > Peter > > On Sat, Jan 1, 2005 at 3:57 PM, Stefan Krause > wrote: > > Dear Customer, , > > > > > > > > I am corresponding to you on the basis of your Good Name and Address > which I obtain through international reliable skills research for western > union money transfer customers. > > > > My name is Mr.Stefan Krause and I am working with the Deutsche BANK AG, > WESTERN UNION MONEY TRANSFER DEPARTMENT here in London . > > > > > > > > Be informed that the sum of $750,000.00usd have been awarded to you as a > result of a compensation to you from the western union money transfer > management board based on your good reputation as their good customer. > > > > > > > > Please kindly note that the funds will be transferring to you at the > volume of $13,500 daily until your payment is complete. To start the > transaction kindly contact the protocol chairman on (Mr.Rami Cabi), email: > and kindly reconfirm the following to us to avoid making any mistake on the > transfer: Your full names, phone numbers and your full address. > > > > > > > > Note: Your pin code is deutschebank/wumt/0009.And please make sure you > use a valid ID as the funds will not be released to you if not with your > original ID. > > > > > > > > Thanks, > > > > Stefan Krause > > > > Bank Deutsche Ag > > > > London. > > _____________________________________________ > > > > -- > ???? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090515/cc7f21c5/attachment.html From brady.lamprecht at incontact.com Fri May 15 17:55:35 2009 From: brady.lamprecht at incontact.com (Brady Lamprecht) Date: Fri, 15 May 2009 11:55:35 -0600 Subject: [rancid] HP Virtual Connect Switches Message-ID: <4ED7BB34A83D5A4498AAA4575D49A9A114AA053B@via-mail.ucn.net> I've been looking into getting rancid to do backups of HP VirtualConnect Switches. Have any of you had any success with these switches or have seen modified scripts to grab the appropriate information? The hlogin and the hpuifilter seem to be working fine, but since these are not "normal switches," what would be the best way to grab the relevant data once I am at the following prompt: GETTING STARTED: help : displays a list of available subcommands exit : quits the command shell ? : displays a list of managed elements for a subcommand ? : displays detailed help for a command -> Ideally, I would like to issue a couple of commands such as "show devicebay" and "show network" and "show uplinkport". If not those commands individually, the single command "show all" would be great. Thanks, Brady Lamprecht Network Engineer inContact, Inc. www.inContact.com 801.320.3506 Phone Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law. The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090515/9930da52/attachment.html From heas at shrubbery.net Fri May 15 19:13:15 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 15 May 2009 12:13:15 -0700 Subject: [rancid] Re: HP Virtual Connect Switches In-Reply-To: <4ED7BB34A83D5A4498AAA4575D49A9A114AA053B@via-mail.ucn.net> References: <4ED7BB34A83D5A4498AAA4575D49A9A114AA053B@via-mail.ucn.net> Message-ID: <20090515191315.GZ24192@shrubbery.net> Fri, May 15, 2009 at 11:55:35AM -0600, Brady Lamprecht: > I've been looking into getting rancid to do backups of HP VirtualConnect > Switches. Have any of you had any success with these switches or have > seen modified scripts to grab the appropriate information? > > > > The hlogin and the hpuifilter seem to be working fine, but since these > are not "normal switches," what would be the best way to grab the > relevant data once I am at the following prompt: copy hrancid to a new file and alter as necessary From heas at shrubbery.net Fri May 15 20:29:49 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 15 May 2009 13:29:49 -0700 Subject: [rancid] Re: jerancid show version parsing In-Reply-To: <0DAA5BAA8EAFC64F83CE84A8A26848BB018C1C82@FHDP1LUMXCV11.us.one.verizon.com> References: <20090515201603.CE9C511CE9F@ni.shrubbery.net> <0DAA5BAA8EAFC64F83CE84A8A26848BB018C1C82@FHDP1LUMXCV11.us.one.verizon.com> Message-ID: <20090515202949.GF24192@shrubbery.net> Fri, May 15, 2009 at 10:32:06AM -0400, Mack, David A (Dave): > From the output above you can see that the parsed output is missing > slots 0, 11 and 16. We need to capture those slots as well. As a side > note, the slot uptime is actually useful to us as well. I am not really > very good with PERL, can someone help with this missing output? > I think that this patch will fix the missing slots. Please confirm. Index: jerancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/jerancid.in,v retrieving revision 1.47 diff -d -u -r1.47 jerancid.in --- jerancid.in 4 Mar 2009 19:11:55 -0000 1.47 +++ jerancid.in 15 May 2009 20:15:53 -0000 @@ -193,7 +193,7 @@ } /^(--.*) --+$/ && $slots && ProcessHistory("COMMENTS","keysort","B2", "! $1\n") && next; - if (/^(\d+ +\S+ +(\S+).*) \S+$/ && $slots) { + if (/^(\d+\s+\S+\s+(\S+).*) \S+$/ && $slots) { my($line) = $1; if ($2 != /--+/) { ProcessHistory("COMMENTS","keysort","B3", "! $line\n"); From dmack at verizon.com Fri May 15 21:46:24 2009 From: dmack at verizon.com (Mack, David A (Dave)) Date: Fri, 15 May 2009 17:46:24 -0400 Subject: [rancid] Re: jerancid show version parsing In-Reply-To: <20090515202949.GF24192@shrubbery.net> References: <20090515201603.CE9C511CE9F@ni.shrubbery.net> <0DAA5BAA8EAFC64F83CE84A8A26848BB018C1C82@FHDP1LUMXCV11.us.one.verizon.com> <20090515202949.GF24192@shrubbery.net> Message-ID: <0DAA5BAA8EAFC64F83CE84A8A26848BB018C1C94@FHDP1LUMXCV11.us.one.verizon.com> John, Hello! I applied the patch and did a manual run, but no joy! Here is cli output: Juniper Edge Routing Switch E320 Copyright (c) 1999-2008 Juniper Networks, Inc. All rights reserved. System Release: e320_9-0-1p0-7-3.rel Version: 9.0.1 patch-0.7.3 [BuildId 10622] (March 8, 2009 21:10) System running for: 353 days, 2 hours, 34 minutes, 40 seconds (since TUE MAY 27 2008 18:15:29 UTC) slot state type admin spare running release slot uptime ---- -------- ------- ------- ----- -------------------- -------------- 0 standby LM-10 enabled spare e320_9-0-1p0-7-3.rel --- 1 online LM-4 enabled --- e320_9-0-1p0-7-3.rel 16d15h:35m:50s 2 --- --- --- --- --- --- 3 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:21m:33s 4 --- --- --- --- --- --- 5 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:21m:09s 6 standby SRP-320 enabled --- e320_9-0-1p0-7-3.rel --- 6 online SFM-320 enabled --- --- 16d15h:52m:43s 7 online SRP-320 enabled --- e320_9-0-1p0-7-3.rel 16d15h:52m:51s 7 online SFM-320 enabled --- --- 16d15h:52m:31s 8 online SFM-320 enabled --- --- 16d15h:52m:36s 9 online SFM-320 enabled --- --- 16d15h:52m:24s 10 online SFM-320 enabled --- --- 16d15h:52m:27s 11 online LM-10 enabled spare e320_9-0-1p0-7-3.rel 10d11h:57m:24s 12 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:14m:22s 13 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:13m:30s 14 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:30m:01s 15 online LM-10 enabled --- e320_9-0-1p0-7-3.rel 16d15h:18m:24s 16 inactive LM-10 enabled --- e320_9-0-1p0-7-3.rel --- and here is the jerancid output: !RANCID-CONTENT-TYPE: Juniper_ERX ! !Chassis type: E320 - a Juniper Edge Routing Switch E320 ! !System Release: e320_9-0-1p0-7-3.rel !System Version: 9.0.1 patch-0.7.3 [BuildId 10622] (March 8, 2009 21:10) ! ! slot state type admin spare running release ! ---- -------- ------- ------- ----- -------------------- ! 1 online LM-4 enabled --- e320_9-0-1p0-7-3.rel ! 3 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 5 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 6 online SFM-320 enabled --- --- ! 7 online SRP-320 enabled --- e320_9-0-1p0-7-3.rel ! 7 online SFM-320 enabled --- --- ! 8 online SFM-320 enabled --- --- ! 9 online SFM-320 enabled --- --- ! 10 online SFM-320 enabled --- --- ! 12 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 13 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 14 online LM-10 enabled --- e320_9-0-1p0-7-3.rel ! 15 online LM-10 enabled --- e320_9-0-1p0-7-3.rel Thanks! Dave ______________________________________________________________ David A. Mack (703) 391-7787 (W) CCIE #6963 (SP and R&S) JNCIE-M #399 CISSP (703) 431-7617 (C) email: dmack at verizon.com ______________________________________________________________ "We are now the knights who say... Ping!" > -----Original Message----- > From: john heasley [mailto:heas at shrubbery.net] > Sent: Friday, May 15, 2009 4:30 PM > To: Mack, David A (Dave) > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] jerancid show version parsing > > Fri, May 15, 2009 at 10:32:06AM -0400, Mack, David A (Dave): > > From the output above you can see that the parsed output is missing > > slots 0, 11 and 16. We need to capture those slots as well. > As a side > > note, the slot uptime is actually useful to us as well. I am not > > really very good with PERL, can someone help with this > missing output? > > > > I think that this patch will fix the missing slots. Please confirm. > > > Index: jerancid.in > =================================================================== > RCS file: /home/rancid/.CVS/rancid/bin/jerancid.in,v > retrieving revision 1.47 > diff -d -u -r1.47 jerancid.in > --- jerancid.in 4 Mar 2009 19:11:55 -0000 1.47 > +++ jerancid.in 15 May 2009 20:15:53 -0000 > @@ -193,7 +193,7 @@ > } > /^(--.*) --+$/ && $slots && > ProcessHistory("COMMENTS","keysort","B2", "! > $1\n") && next; > - if (/^(\d+ +\S+ +(\S+).*) \S+$/ && $slots) { > + if (/^(\d+\s+\S+\s+(\S+).*) \S+$/ && $slots) { > my($line) = $1; > if ($2 != /--+/) { > ProcessHistory("COMMENTS","keysort","B3", "! $line\n"); > > From brady.lamprecht at incontact.com Fri May 15 22:26:42 2009 From: brady.lamprecht at incontact.com (Brady Lamprecht) Date: Fri, 15 May 2009 16:26:42 -0600 Subject: [rancid] Re: HP Virtual Connect Switches In-Reply-To: <20090515191315.GZ24192@shrubbery.net> References: <4ED7BB34A83D5A4498AAA4575D49A9A114AA053B@via-mail.ucn.net> <20090515191315.GZ24192@shrubbery.net> Message-ID: <4ED7BB34A83D5A4498AAA4575D49A9A114AA053F@via-mail.ucn.net> I've started modifying a copy of hrancid as necessary, but I was looking to see if anyone else had implemented something similar so I didn't have to "reinvent the wheel." If not, is there any sort of "how to" document available which gives me a few points on how to define a new rancid-type in the router.db file and how to change what prompt is expected before starting to gather the data? Brady Lamprecht Network Engineer inContact, Inc. -----Original Message----- From: john heasley [mailto:heas at shrubbery.net] Sent: Friday, May 15, 2009 1:13 PM To: Brady Lamprecht Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] HP Virtual Connect Switches Fri, May 15, 2009 at 11:55:35AM -0600, Brady Lamprecht: > I've been looking into getting rancid to do backups of HP VirtualConnect > Switches. Have any of you had any success with these switches or have > seen modified scripts to grab the appropriate information? > > > > The hlogin and the hpuifilter seem to be working fine, but since these > are not "normal switches," what would be the best way to grab the > relevant data once I am at the following prompt: copy hrancid to a new file and alter as necessary Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law. The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. From heas at shrubbery.net Sat May 16 00:28:01 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 15 May 2009 17:28:01 -0700 Subject: [rancid] Re: Help on new devices In-Reply-To: <4A0C1233.8040708@comune.modena.it> References: <4A0C1233.8040708@comune.modena.it> Message-ID: <20090516002801.GO14431@shrubbery.net> Thu, May 14, 2009 at 02:44:35PM +0200, Andrea: > Hi all !! I'm new to this list so, first of all, NICE MEETENG YOU ALL!! > > ...I've just installed RANCID and i find it really useful !! > > ..I'm the network admin of a distributed Net in which, unfortunately, i > have to mantain and admin Cisco appliances, Enterasys swithces, 3COM > switches and also Allied Telesyn swithces.. > > So i'm asking for hints or help in understanding if it's possible ( and > HOW ) to use RANCID to get and mantain the config og Enterasys, 3COM ad > AT Switches.. i dont know anything about enterasys, but a script is in the dist that supports their SSR (?) product. in general, if they act like the cisco/juniper cli, it can work pretty easily. if its like the hp, its a bit more painful. the cli is the key. From me at ale.cx Sat May 16 16:00:44 2009 From: me at ale.cx (alex) Date: Sat, 16 May 2009 17:00:44 +0100 Subject: [rancid] Re: access-problem In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6501E4A98A@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6501E4A98A@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <200905161700.45093.me@ale.cx> On Friday 15 May 2009 12:15:15 Ron Whitney wrote: > > With clogin I can login > > and authenticate and become the prompt, but I can't execute > > any commands and receive a timeout. > > When you log in, are you already in privlidged exec mode? (IWO, already > enabled?) If so, Rancid may be waiting for the user exec prompt so it > can issue the 'enable' command. The 'set autoenable {routername}' > option in your .cloginrc should get around that. Rancid should print a hint like this along with the timeout message, as it appears to be a very FAQ! alexd From heas at shrubbery.net Mon May 18 16:24:30 2009 From: heas at shrubbery.net (john heasley) Date: Mon, 18 May 2009 09:24:30 -0700 Subject: [rancid] Re: access-problem In-Reply-To: <200905161700.45093.me@ale.cx> References: <1FD6BFAE6EA54341821D01FB8E617B6501E4A98A@EXCHANGE1.ntserv.doitbestcorp.com> <200905161700.45093.me@ale.cx> Message-ID: <20090518162430.GG1704@shrubbery.net> Sat, May 16, 2009 at 05:00:44PM +0100, alex: > On Friday 15 May 2009 12:15:15 Ron Whitney wrote: > > > With clogin I can login > > > and authenticate and become the prompt, but I can't execute > > > any commands and receive a timeout. > > > > When you log in, are you already in privlidged exec mode? (IWO, already > > enabled?) If so, Rancid may be waiting for the user exec prompt so it > > can issue the 'enable' command. The 'set autoenable {routername}' > > option in your .cloginrc should get around that. > > Rancid should print a hint like this along with the timeout message, as it > appears to be a very FAQ! it doesn't seem a good investment of time to add the complexity to figure out of its a timeout due to misconfiguration vs. another problem. and, that configuration knob is right at the top of cloginrc(5) and its mentioned in the sample cloginrc. has anyone tried/tested the patch for clogin that i posted to eliminate autoenable? From mwlucas at blackhelicopters.org Tue May 19 19:16:30 2009 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Tue, 19 May 2009 15:16:30 -0400 Subject: [rancid] Netscreen/OpenSSH interaction problem Message-ID: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> Hi, I've found myself inheriting responsibility for a stack of Netscreen boxes, and of course I want their configurations backed up. There's a problem with interactions between newer versions of OpenSSH and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, you must add the option "-o ControlMaster=auto" to the SSH command line. Is there any way to pass this option to the Rancid SSH command for my Netscreen hosts? Thanks, ==ml -- Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org http://www.BlackHelicopters.org/~mwlucas/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/ From heas at shrubbery.net Tue May 19 20:01:49 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 19 May 2009 13:01:49 -0700 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> References: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> Message-ID: <20090519200149.GA11879@shrubbery.net> Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > Hi, > > I've found myself inheriting responsibility for a stack of Netscreen > boxes, and of course I want their configurations backed up. > > There's a problem with interactions between newer versions of OpenSSH > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > you must add the option "-o ControlMaster=auto" to the SSH command > line. > > Is there any way to pass this option to the Rancid SSH command for my > Netscreen hosts? see sshcmd in cloginrc(5). If I failed to disseminate that change to all of the login scripts, we can fix that. > Thanks, > ==ml > > > -- > Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org > http://www.BlackHelicopters.org/~mwlucas/ > Latest book: Cisco Routers for the Desperate, 2nd Edition > http://www.CiscoRoutersForTheDesperate.com/ > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mwlucas at blackhelicopters.org Tue May 19 21:12:11 2009 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Tue, 19 May 2009 17:12:11 -0400 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090519200149.GA11879@shrubbery.net> References: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> <20090519200149.GA11879@shrubbery.net> Message-ID: <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> On Tue, May 19, 2009 at 01:01:49PM -0700, john heasley wrote: > Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > > Hi, > > > > I've found myself inheriting responsibility for a stack of Netscreen > > boxes, and of course I want their configurations backed up. > > > > There's a problem with interactions between newer versions of OpenSSH > > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > > you must add the option "-o ControlMaster=auto" to the SSH command > > line. > > > > Is there any way to pass this option to the Rancid SSH command for my > > Netscreen hosts? > > see sshcmd in cloginrc(5). If I failed to disseminate that change to > all of the login scripts, we can fix that. That was exactly it, thanks! For anyone following along in the archives: you'll want to use a wrapper script much like the following. Trying to escape spaces with backslashes, quote marks, etc., doesn't appear to work. -- #!/bin/sh exec ssh -oControlMaster=auto $@ -- > > > Thanks, > > ==ml > > > > > > -- > > Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org > > http://www.BlackHelicopters.org/~mwlucas/ > > Latest book: Cisco Routers for the Desperate, 2nd Edition > > http://www.CiscoRoutersForTheDesperate.com/ > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org http://www.BlackHelicopters.org/~mwlucas/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/ From heas at shrubbery.net Tue May 19 21:23:07 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 19 May 2009 14:23:07 -0700 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> References: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> <20090519200149.GA11879@shrubbery.net> <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> Message-ID: <20090519212307.GL11016@shrubbery.net> Tue, May 19, 2009 at 05:12:11PM -0400, Michael W. Lucas: > On Tue, May 19, 2009 at 01:01:49PM -0700, john heasley wrote: > > Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > > > Hi, > > > > > > I've found myself inheriting responsibility for a stack of Netscreen > > > boxes, and of course I want their configurations backed up. > > > > > > There's a problem with interactions between newer versions of OpenSSH > > > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > > > you must add the option "-o ControlMaster=auto" to the SSH command > > > line. > > > > > > Is there any way to pass this option to the Rancid SSH command for my > > > Netscreen hosts? > > > > see sshcmd in cloginrc(5). If I failed to disseminate that change to > > all of the login scripts, we can fix that. > > That was exactly it, thanks! > > For anyone following along in the archives: you'll want to use a > wrapper script much like the following. Trying to escape spaces with > backslashes, quote marks, etc., doesn't appear to work. > > -- > #!/bin/sh > > exec ssh -oControlMaster=auto $@ > -- i'd have expected add sshcmd * {ssh -o...} would have done it From heas at shrubbery.net Tue May 19 21:24:00 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 19 May 2009 14:24:00 -0700 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090519212307.GL11016@shrubbery.net> References: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> <20090519200149.GA11879@shrubbery.net> <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> <20090519212307.GL11016@shrubbery.net> Message-ID: <20090519212400.GA14756@shrubbery.net> Tue, May 19, 2009 at 02:23:07PM -0700, john heasley: > Tue, May 19, 2009 at 05:12:11PM -0400, Michael W. Lucas: > > On Tue, May 19, 2009 at 01:01:49PM -0700, john heasley wrote: > > > Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > > > > Hi, > > > > > > > > I've found myself inheriting responsibility for a stack of Netscreen > > > > boxes, and of course I want their configurations backed up. > > > > > > > > There's a problem with interactions between newer versions of OpenSSH > > > > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > > > > you must add the option "-o ControlMaster=auto" to the SSH command > > > > line. > > > > > > > > Is there any way to pass this option to the Rancid SSH command for my > > > > Netscreen hosts? > > > > > > see sshcmd in cloginrc(5). If I failed to disseminate that change to > > > all of the login scripts, we can fix that. > > > > That was exactly it, thanks! > > > > For anyone following along in the archives: you'll want to use a > > wrapper script much like the following. Trying to escape spaces with > > backslashes, quote marks, etc., doesn't appear to work. > > > > -- > > #!/bin/sh > > > > exec ssh -oControlMaster=auto $@ > > -- > > i'd have expected > add sshcmd * {ssh -o...} > > would have done it Sorry for the extra mail, I should have written: add sshcmd * {ssh\ -o...} From mwlucas at blackhelicopters.org Wed May 20 18:23:40 2009 From: mwlucas at blackhelicopters.org (Michael W. Lucas) Date: Wed, 20 May 2009 14:23:40 -0400 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090519212400.GA14756@shrubbery.net> References: <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> <20090519200149.GA11879@shrubbery.net> <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> <20090519212307.GL11016@shrubbery.net> <20090519212400.GA14756@shrubbery.net> Message-ID: <20090520182340.GA19797@bewilderbeast.blackhelicopters.org> On Tue, May 19, 2009 at 02:24:00PM -0700, john heasley wrote: > Tue, May 19, 2009 at 02:23:07PM -0700, john heasley: > > Tue, May 19, 2009 at 05:12:11PM -0400, Michael W. Lucas: > > > On Tue, May 19, 2009 at 01:01:49PM -0700, john heasley wrote: > > > > Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > > > > > Hi, > > > > > > > > > > I've found myself inheriting responsibility for a stack of Netscreen > > > > > boxes, and of course I want their configurations backed up. > > > > > > > > > > There's a problem with interactions between newer versions of OpenSSH > > > > > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > > > > > you must add the option "-o ControlMaster=auto" to the SSH command > > > > > line. > > > > > > > > > > Is there any way to pass this option to the Rancid SSH command for my > > > > > Netscreen hosts? > > > > > > > > see sshcmd in cloginrc(5). If I failed to disseminate that change to > > > > all of the login scripts, we can fix that. > > > > > > That was exactly it, thanks! > > > > > > For anyone following along in the archives: you'll want to use a > > > wrapper script much like the following. Trying to escape spaces with > > > backslashes, quote marks, etc., doesn't appear to work. > > > > > > -- > > > #!/bin/sh > > > > > > exec ssh -oControlMaster=auto $@ > > > -- > > > > i'd have expected > > add sshcmd * {ssh -o...} > > > > would have done it > > Sorry for the extra mail, I should have written: > > add sshcmd * {ssh\ -o...} Thanks for the help, your way certainly would be nicer. I added this to my clogin: add sshcmd aubvp003 {ssh\ -oControlMaster\=auto} # clogin aubvp003 aubvp003 spawn {ssh\ -oControlMaster\=auto} -c 3des -x -l netscreen aubvp003 Error: {ssh\ -oControlMaster\=auto} failed: couldn't execute "": no such file or directoryerror setting blocking mode: resource temporarily unavailable # Any thoughts? (Not recalling if = needs an escape, I tried both with and without.) Thanks, ==ml -- Michael W. Lucas mwlucas at BlackHelicopters.org, mwlucas at FreeBSD.org http://www.BlackHelicopters.org/~mwlucas/ Latest book: Cisco Routers for the Desperate, 2nd Edition http://www.CiscoRoutersForTheDesperate.com/ From heas at shrubbery.net Wed May 20 19:20:46 2009 From: heas at shrubbery.net (john heasley) Date: Wed, 20 May 2009 12:20:46 -0700 Subject: [rancid] Re: Netscreen/OpenSSH interaction problem In-Reply-To: <20090520182340.GA19797@bewilderbeast.blackhelicopters.org> References: <20090520191914.45ABE11CE9E@ni.shrubbery.net> <20090519191630.GA14467@bewilderbeast.blackhelicopters.org> <20090519200149.GA11879@shrubbery.net> <20090519211210.GA15004@bewilderbeast.blackhelicopters.org> <20090519212307.GL11016@shrubbery.net> <20090519212400.GA14756@shrubbery.net> <20090520182340.GA19797@bewilderbeast.blackhelicopters.org> Message-ID: <20090520192046.GO5339@shrubbery.net> Wed, May 20, 2009 at 02:23:40PM -0400, Michael W. Lucas: > On Tue, May 19, 2009 at 02:24:00PM -0700, john heasley wrote: > > Tue, May 19, 2009 at 02:23:07PM -0700, john heasley: > > > Tue, May 19, 2009 at 05:12:11PM -0400, Michael W. Lucas: > > > > On Tue, May 19, 2009 at 01:01:49PM -0700, john heasley wrote: > > > > > Tue, May 19, 2009 at 03:16:30PM -0400, Michael W. Lucas: > > > > > > Hi, > > > > > > > > > > > > I've found myself inheriting responsibility for a stack of Netscreen > > > > > > boxes, and of course I want their configurations backed up. > > > > > > > > > > > > There's a problem with interactions between newer versions of OpenSSH > > > > > > and Netscreens, however. To SSH into a Netscreen with newer OpenSSH, > > > > > > you must add the option "-o ControlMaster=auto" to the SSH command > > > > > > line. > > > > > > > > > > > > Is there any way to pass this option to the Rancid SSH command for my > > > > > > Netscreen hosts? > > > > > > > > > > see sshcmd in cloginrc(5). If I failed to disseminate that change to > > > > > all of the login scripts, we can fix that. > > > > > > > > That was exactly it, thanks! > > > > > > > > For anyone following along in the archives: you'll want to use a > > > > wrapper script much like the following. Trying to escape spaces with > > > > backslashes, quote marks, etc., doesn't appear to work. > > > > > > > > -- > > > > #!/bin/sh > > > > > > > > exec ssh -oControlMaster=auto $@ > > > > -- > > > > > > i'd have expected > > > add sshcmd * {ssh -o...} > > > > > > would have done it > > > > Sorry for the extra mail, I should have written: > > > > add sshcmd * {ssh\ -o...} > > Thanks for the help, your way certainly would be nicer. > > I added this to my clogin: > > add sshcmd aubvp003 {ssh\ -oControlMaster\=auto} > > # clogin aubvp003 > aubvp003 > spawn {ssh\ -oControlMaster\=auto} -c 3des -x -l netscreen aubvp003 > > Error: {ssh\ -oControlMaster\=auto} failed: couldn't execute "": no such file or directoryerror setting blocking mode: resource temporarily unavailable > # > > Any thoughts? (Not recalling if = needs an escape, I tried both with > and without.) try this patch Index: nlogin.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/nlogin.in,v retrieving revision 1.51 diff -d -u -d -u -r1.51 nlogin.in --- nlogin.in 16 Apr 2009 21:22:58 -0000 1.51 +++ nlogin.in 20 May 2009 19:19:05 -0000 @@ -531,7 +531,7 @@ if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name - set sshcmd [find sshcmd $router] + set sshcmd [join [find sshcmd $router] ""] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router From ram.dahal at gmail.com Fri May 22 12:31:25 2009 From: ram.dahal at gmail.com (Ram Dahal) Date: Fri, 22 May 2009 18:16:25 +0545 Subject: [rancid] new to rancid Message-ID: I am new to rancid and installed the rancid in fedora. Could anybody help me to use rancid in switches and routers. regards ram -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090522/b23634e4/attachment.html From tom.duijf at gmail.com Fri May 22 15:13:59 2009 From: tom.duijf at gmail.com (Tom Duijf) Date: Fri, 22 May 2009 17:13:59 +0200 Subject: [rancid] Re: Patch for arancid - ignore extra lines which change every rancid-run In-Reply-To: <20090515173619.GG24192@shrubbery.net> References: <20090515173619.GG24192@shrubbery.net> Message-ID: <4A16C137.3070207@gmail.com> Hmm now that you mention it, yeah. seems i diffed in the wrong order, sorry about that :) john heasley wrote: > Thu, May 14, 2009 at 11:41:50AM +0200, Tom Duijf: > >> Hi all, >> >> This is a small patch to fix a problem in arancid when using it for >> alteons in reduntant mode. >> >> Every rancid run 1 field changes, resulting in at least 1 (useless) >> change per run. >> ---------------------------------8<------------------------------------------- >> /c/sys/access/user >> /* usrpw >> - opw "89fdbea188f5aaa0a2b4f7e24b450952240c165c9d0c656f115b3bce4f3f7571" >> + opw "8c9f1d09081d08088496f6e2cbadabfa976ac365cae485f988b181638001451e" >> /* admpw >> ---------------------------------8<------------------------------------------- >> >> This patch does not remove 'opw' it just adds it to the 'remove >> password option' regexp. >> At least this way arancid 'shuts up' regarding the 'opw' stuff. >> >> Kindly include this patch (as is or completely ignoring 'opw') in >> future releases. >> > > I think that you intended this patch in reverse. right? > From ron.whitney at doitbest.com Fri May 22 18:56:55 2009 From: ron.whitney at doitbest.com (Ron Whitney) Date: Fri, 22 May 2009 14:56:55 -0400 Subject: [rancid] Re: new to rancid In-Reply-To: Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6501E4A9AF@EXCHANGE1.ntserv.doitbestcorp.com> Personally, I'd start with the guides referenced on the official RANCID website: http://www.shrubbery.net/rancid/#started Between these, the readme and the FAQ, you should get the bulk of what you need to get started. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Ram Dahal Sent: Friday, May 22, 2009 08:31 To: Rancid-discuss at shrubbery.net Subject: [rancid] new to rancid I am new to rancid and installed the rancid in fedora. Could anybody help me to use rancid in switches and routers. regards ram -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090522/691cfa5f/attachment.html From rdeberry at gmail.com Fri May 22 19:12:10 2009 From: rdeberry at gmail.com (Ryan DeBerry) Date: Fri, 22 May 2009 15:12:10 -0400 Subject: [rancid] Re: new to rancid In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6501E4A9AF@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6501E4A9AF@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <4920e0b40905221212y71b09e1p56ed8e23ec493a51@mail.gmail.com> Also check out http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch1_:_Network_Backups_With_Rancid between the 2 you should be able to have rancid up and running fairly quick. 2009/5/22 Ron Whitney > Personally, I'd start with the guides referenced on the official RANCID > website: > > http://www.shrubbery.net/rancid/#started > > Between these, the readme and the FAQ, you should get the bulk of what you > need to get started. > > -----Original Message----- > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Ram Dahal > *Sent:* Friday, May 22, 2009 08:31 > *To:* Rancid-discuss at shrubbery.net > *Subject:* [rancid] new to rancid > > I am new to rancid and installed the rancid in fedora. Could anybody help > me to use rancid in switches and routers. > > regards > ram > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090522/de0fa8ce/attachment.html From justin at justinshore.com Sat May 23 07:19:54 2009 From: justin at justinshore.com (Justin Shore) Date: Sat, 23 May 2009 02:19:54 -0500 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <20090512214439.GR25269@shrubbery.net> References: <20090512214439.GR25269@shrubbery.net> Message-ID: <4A17A39A.6000902@justinshore.com> john heasley wrote: > Tue, May 12, 2009 at 02:16:32PM +0200, Brian Ipsen: >> Hi >> >> After I upgraded one of our ASA5500-series boxes to software 8.2 - I get notification about the change below every time rancid is run: >> >> - !Flash: 114 43 May 12 2009 02:06:03 coredumpinfo/coredump.cfg >> + !Flash: 114 43 May 12 2009 03:06:14 coredumpinfo/coredump.cfg >> >> The timestamp changes - depending on when the check is run... Is there an easy way of excluding this info from the config collection ?? > > what is that file for? I upgraded to 8.2(1) tonight as well and now I'm seeing the same thing. I haven't been keeping up with this list and so I didn't know about the new "feature" until I started investigating why I was suddenly getting these messages; Google pointed me to the list archives. Is there an easy way to alter the script to use a regex that can then exclude certain strings like "coredump" from the dir outputs? I'll put a call into TAC next week and raise hell about this. There's no excuse for this file's timestamp to be hit every time someone does a 'show run' (which is apparently the trigger for this "feature"). Besides, there's a big in disabling the 'coredump enable' command in global config: ASA(config)# no coredump enable Type help or '?' for a list of available commands. It shouldn't return a help string like that. Justin From dschuemann at gmail.com Mon May 25 22:13:47 2009 From: dschuemann at gmail.com (Dustin Schuemann) Date: Mon, 25 May 2009 18:13:47 -0400 Subject: [rancid] Device Groups Message-ID: I am a consultant so im not always able to run rancid run to download all the devices. Is there a way I can just specify a device list by client to only download that list. Also does this work with Adtran devices. From heas at shrubbery.net Tue May 26 17:54:20 2009 From: heas at shrubbery.net (john heasley) Date: Tue, 26 May 2009 17:54:20 +0000 Subject: [rancid] Re: Device Groups In-Reply-To: References: Message-ID: <20090526175420.GG5204@shrubbery.net> Mon, May 25, 2009 at 06:13:47PM -0400, Dustin Schuemann: > I am a consultant so im not always able to run rancid run to download > all the devices. Is there a way I can just specify a device list by > client to only download that list. i do not understand what you're asking exactly. you can mark a device 'down' and it won't be collected. you can run rancid-run groupname to only collect that group you can run rancid-run -r devicename or rancid-run -r devicename groupname to only collect that device or that device in that group > Also does this work with Adtran devices. no; someone suggested they'd write a module for it, but i havent seen it yet. From rancid at gheek.net Tue May 26 17:05:21 2009 From: rancid at gheek.net (Lance Vermilion) Date: Tue, 26 May 2009 10:05:21 -0700 Subject: [rancid] Re: Device Groups In-Reply-To: References: Message-ID: <8423e7bb0905261005u5e99f76dmc899bef449eec7b2@mail.gmail.com> Dustin, Provided you have access to run rancid-run you can do what you want. usage: rancid-run [-V] [-f config_file] [-r device_name] [-m mail rcpt] [group [group ...]] On Mon, May 25, 2009 at 3:13 PM, Dustin Schuemann wrote: > I am a consultant so im not always able to run rancid run to download > all the devices. Is there a way I can just specify a device list by > client to only download that list. > > Also does this work with Adtran devices. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090526/c96f28c9/attachment.html From satz.sm at gmail.com Tue May 26 22:36:37 2009 From: satz.sm at gmail.com (Satyam Mathura) Date: Tue, 26 May 2009 18:36:37 -0400 Subject: [rancid] Rancid and sSMTP Message-ID: <7ea146250905261536ud0bf2a1s4ab2e4e9d4c3b600@mail.gmail.com> Hello, We've got Rancid up and running on a Gentoo server which uses sSMTP. Because sSMTP does not use aliases we are having problems with e-mail notifications. We've used rancid-run -m in our crontab to get the diff mails but we've yet to find an option for the rancid-admin-group e-mails. Any ideas??? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090526/95b45ef3/attachment.html From justin at justinshore.com Fri May 29 02:17:46 2009 From: justin at justinshore.com (Justin Shore) Date: Thu, 28 May 2009 21:17:46 -0500 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <4A17A39A.6000902@justinshore.com> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> Message-ID: <4A1F45CA.7050402@justinshore.com> Justin Shore wrote: > I'll put a call into TAC next week and raise hell about this. There's > no excuse for this file's timestamp to be hit every time someone does a > 'show run' (which is apparently the trigger for this "feature"). I opened my case with TAC last week and asked for it to be escalated to the DE folks. My TAC engineer ran the case up the flagpole for me and this issue is now acknowledged to be and is officially logged as a bug. The BugID is CSCsz85597. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 My engineer suggested downgrading to the latest 8.0.4 interim release as a temporary workaround while the DE folks address the bug and work it into a maintenance release, hopefully for 8.2. It should be a really simple fix so hopefully it doesn't take too long. The engineer said that at least one other person is now attached to this bug and they too were running RANCID. Justin From peter.serwe at gmail.com Fri May 29 02:58:40 2009 From: peter.serwe at gmail.com (Peter Serwe) Date: Thu, 28 May 2009 19:58:40 -0700 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <4A1F45CA.7050402@justinshore.com> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> Message-ID: Anybody running a configuration management system that checks the same things is going to log the change, it just so happens that rancid is particularly complete about checking for differences. For that matter, rancid isn't really a full-fledged configuration management system, but most of what anyone really wants to use one for is encompassed in rancid's functionality. Any functioning configuration differ that is as complete as rancid would pick up the changes, it just so happens that most people don't run one, or look at the diffs, because the rest of them don't email out the changes like rancid does out of the box. I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. Peter On Thu, May 28, 2009 at 7:17 PM, Justin Shore wrote: > Justin Shore wrote: > > I'll put a call into TAC next week and raise hell about this. There's > > no excuse for this file's timestamp to be hit every time someone does a > > 'show run' (which is apparently the trigger for this "feature"). > > I opened my case with TAC last week and asked for it to be escalated to > the DE folks. My TAC engineer ran the case up the flagpole for me and > this issue is now acknowledged to be and is officially logged as a bug. > The BugID is CSCsz85597. > > > http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 > > My engineer suggested downgrading to the latest 8.0.4 interim release as > a temporary workaround while the DE folks address the bug and work it > into a maintenance release, hopefully for 8.2. It should be a really > simple fix so hopefully it doesn't take too long. The engineer said > that at least one other person is now attached to this bug and they too > were running RANCID. > > Justin > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- ???? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090528/4fdf340e/attachment.html From justin at justinshore.com Fri May 29 04:44:40 2009 From: justin at justinshore.com (Justin Shore) Date: Thu, 28 May 2009 23:44:40 -0500 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> Message-ID: <4A1F6838.6010609@justinshore.com> Peter Serwe wrote: > Anybody running a configuration management system that checks the same > things is going to log the change, > it just so happens that rancid is particularly complete about checking > for differences. > > For that matter, rancid isn't really a full-fledged configuration > management system, but most of what anyone really > wants to use one for is encompassed in rancid's functionality. Any > functioning configuration differ that is as complete > as rancid would pick up the changes, it just so happens that most people > don't run one, or look at the diffs, because > the rest of them don't email out the changes like rancid does out of the > box. > > I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. It's a new "feature" added in 8.2. I agree, other config management systems should pick this up to and I'm sure they do. In fact I took that position when I opened my TAC case. RANCID being the best, most popular config management system out there (is that pudding on my nose?) accounts for a proportionally larger amount of calls on this issue than the competitors. Justin From Sam.Holley at gtri.gatech.edu Fri May 29 12:11:47 2009 From: Sam.Holley at gtri.gatech.edu (Sam.Holley at gtri.gatech.edu) Date: Fri, 29 May 2009 08:11:47 -0400 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> Message-ID: <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> We to were having the same issue, we did the following to Rancid to keep it from reporting on the file every time it was updated. So far, working like a champ. The correct part to edit is the ShowFlash function between ~lines 564 and 577. I added one line under this one: /\s+vlan\.dat$/ && next; to look like this: /\s+vlan\.dat$/ && next; /.*coredumpinfo.*/ && next; It now ignores any lines in the flash drive directory listing that contain "coredumpinfo". The '.*' before and after are probably not necessary but it was added. Sam From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Serwe Sent: Thursday, May 28, 2009 10:59 PM To: Justin Shore Cc: rancid-discuss at shrubbery.net Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... Anybody running a configuration management system that checks the same things is going to log the change, it just so happens that rancid is particularly complete about checking for differences. For that matter, rancid isn't really a full-fledged configuration management system, but most of what anyone really wants to use one for is encompassed in rancid's functionality. Any functioning configuration differ that is as complete as rancid would pick up the changes, it just so happens that most people don't run one, or look at the diffs, because the rest of them don't email out the changes like rancid does out of the box. I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. Peter On Thu, May 28, 2009 at 7:17 PM, Justin Shore > wrote: Justin Shore wrote: > I'll put a call into TAC next week and raise hell about this. There's > no excuse for this file's timestamp to be hit every time someone does a > 'show run' (which is apparently the trigger for this "feature"). I opened my case with TAC last week and asked for it to be escalated to the DE folks. My TAC engineer ran the case up the flagpole for me and this issue is now acknowledged to be and is officially logged as a bug. The BugID is CSCsz85597. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 My engineer suggested downgrading to the latest 8.0.4 interim release as a temporary workaround while the DE folks address the bug and work it into a maintenance release, hopefully for 8.2. It should be a really simple fix so hopefully it doesn't take too long. The engineer said that at least one other person is now attached to this bug and they too were running RANCID. Justin _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- ???? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090529/9786d871/attachment.html From NMaio at guesswho.com Fri May 29 15:21:18 2009 From: NMaio at guesswho.com (NMaio at guesswho.com) Date: Fri, 29 May 2009 11:21:18 -0400 Subject: [rancid] Rancid SAN Switch (Brocade) Script Message-ID: Up until recently I have only used Rancid for our Firewalls, Routers, Switches, and Load balancers (ACE Modules) but we recently bought a pair of HP 4/256 San directors. (They are just rebranded brocade switches) I was asked to see if I can get Rancid to grab the config so after a ton of hacking to good code I finally got rancid to grab the switch confg and the zoning config. I have seen on the list that people have inquired about it so if anyone is interested I can send the script along. Keep in mind coding is not my forte but it works and that's all I care about. Nick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090529/0090b41a/attachment.html From heas at shrubbery.net Fri May 29 18:56:08 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 29 May 2009 11:56:08 -0700 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> Message-ID: <20090529185608.GM28760@shrubbery.net> Fri, May 29, 2009 at 08:11:47AM -0400, Sam.Holley at gtri.gatech.edu: > We to were having the same issue, we did the following to Rancid to keep it from reporting on the file every time it was updated. So far, working like a champ. > > > > The correct part to edit is the ShowFlash function between ~lines 564 and 577. I added one line under this one: > > > > /\s+vlan\.dat$/ && next; > > > > to look like this: > > /\s+vlan\.dat$/ && next; > > /.*coredumpinfo.*/ && next; still, what is the file? is it configuration, which exists in the show conf, and therefore can just be filtered? or is a coredump, which you'd want to know about changes. ie: should rancid filter it, or say here's the DDTS (Thanks Justin)? > > > It now ignores any lines in the flash drive directory listing that contain "coredumpinfo". The '.*' before and after are probably not necessary but it was added. > > > > Sam > > > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Serwe > Sent: Thursday, May 28, 2009 10:59 PM > To: Justin Shore > Cc: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... > > Anybody running a configuration management system that checks the same things is going to log the change, > it just so happens that rancid is particularly complete about checking for differences. > > For that matter, rancid isn't really a full-fledged configuration management system, but most of what anyone really > wants to use one for is encompassed in rancid's functionality. Any functioning configuration differ that is as complete > as rancid would pick up the changes, it just so happens that most people don't run one, or look at the diffs, because > the rest of them don't email out the changes like rancid does out of the box. > > I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. > > Peter > > On Thu, May 28, 2009 at 7:17 PM, Justin Shore > wrote: > Justin Shore wrote: > > I'll put a call into TAC next week and raise hell about this. There's > > no excuse for this file's timestamp to be hit every time someone does a > > 'show run' (which is apparently the trigger for this "feature"). > I opened my case with TAC last week and asked for it to be escalated to > the DE folks. My TAC engineer ran the case up the flagpole for me and > this issue is now acknowledged to be and is officially logged as a bug. > The BugID is CSCsz85597. > > http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 > > My engineer suggested downgrading to the latest 8.0.4 interim release as > a temporary workaround while the DE folks address the bug and work it > into a maintenance release, hopefully for 8.2. It should be a really > simple fix so hopefully it doesn't take too long. The engineer said > that at least one other person is now attached to this bug and they too > were running RANCID. > > Justin > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > ???? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From meskander at perimeterwatch.com Fri May 29 19:34:28 2009 From: meskander at perimeterwatch.com (Mina Eskander) Date: Fri, 29 May 2009 15:34:28 -0400 Subject: [rancid] Re: Rancid with Fortigate Devices? In-Reply-To: <795645b20904281207q6c0c9c99w76172abde5b8a725@mail.gmail.com> References: <20090416182401.GE25942@shrubbery.net> <20090420162509.GB21045@shrubbery.net> <20090420174551.GO21045@shrubbery.net> <795645b20904202005g7064098ama88dd09446e7a32@mail.gmail.com> <20090428190400.GR13146@shrubbery.net> <795645b20904281207q6c0c9c99w76172abde5b8a725@mail.gmail.com> Message-ID: <7F3F784A5FBB07429A564445F94F9D6E019F13A6DD@pwcoloex01.perimeterwatch.com> Thanks for your replay and sorry for such a late response. Does it make a difference what prompt it is? As long as what I have matches the prompt in the script? I don't know if I can get privileges on this box so I can get the # prompt. The weird thing is the following: FGT100A_VPN $ expect: does " \r\nFGT100A_VPN $ " (spawn_id exp6) match glob pattern "Connection refused"? no "Unknown host\r\n"? no "Host is unreachable"? no "No address associated with name"? no "Are you sure you want to continue connecting .*"? no "Host key not found .* (yes/no)?"? no "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no "Offending key for .* (yes/no)?"? no "denied"? no " ### Login failed"? no "(login:)"? no "@[^\r\n]+[Pp]assword:"? no "[Pp]assword:"? no " $ "? yes expect: set expect_out(0,string) " $ " expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) " \r\nFGT100A_VPN $ " send: sending "\r" to { exp6 } expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no "^(.+ $ )"? no FGT100A_VPN $ expect: does "\r\r\nFGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? yes expect: set expect_out(0,string) "\r\r\n" expect: set expect_out(spawn_id) "exp6" expect: set expect_out(buffer) "\r\r\n" expect: continuing expect expect: does "FGT100A_VPN $ " (spawn_id exp6) match regular expression "[\r\n]+"? no "^(.+ $ )"? no expect: timed out Error: TIMEOUT reached write() failed to write anything - will sleep(1) and retry... so it matches the modified prompt I made but then it fails after when it tries to match it with [\r\n]+ any ideas? Mina Eskander Perimeterwatch Technologies Direct: +1 (347) 448-2845 Mobile: +1 (347) 510-4102 meskander at perimeterwatch.com Network Security | Disaster Recovery | Business Continuity | IT Projects | Application Development _____________________________________________________________________ New York: (347) 448-2845 - 34-12 36th Street - 2nd Floor - Astoria, NY 11106 From: Jeff Moorse [mailto:jmoorse at gmail.com] Sent: Tuesday, April 28, 2009 3:08 PM To: john heasley Cc: Mina Eskander; rancid-discuss at shrubbery.net Subject: Re: [rancid] Re: Rancid with Fortigate Devices? For an admin account the prompt is (sans quotes): "FGT[model][s/n] # " Please note the trailing space For a read only account it is the same but with a $ instead of a # -Jeff Moorse On Tue, Apr 28, 2009 at 12:04 PM, john heasley > wrote: Thu, Apr 23, 2009 at 11:19:03AM -0400, Mina Eskander: > I changed the -> in the nlogin script to ~ $ and it still does not work, here is the output I get Would someone who knows the fortigate well please confirm the prompt format? I was told '-> ', but reading through the manual that I found online, it seems that the prompt is '$ ' and gives no indication that it changes with elevated permissions. But, the manual for their CLI seems poorly written. > [rancid at pwcolocacti bin]$ nlogin -d -t 90 -c"get system status;get conf" pwcolofgt100c > pwcolofgt100c > spawn ssh -c 3des -x -l meskander pwcolofgt100c > parent: waiting for sync byte > parent: telling child to go ahead > parent: now unsynchronized from child > spawn: returns {16963} > > expect: does "" (spawn_id exp6) match glob pattern "Connection refused"? no > "Unknown host\r\n"? no > "Host is unreachable"? no > "No address associated with name"? no > "Are you sure you want to continue connecting .*"? no > "Host key not found .* (yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "denied"? no > " ### Login failed"? no > "(login:)"? no > "@[^\r\n]+[Pp]assword:"? no > "[Pp]assword:"? no > "~ $ "? no > meskander at pwcolofgt100c's password: > expect: does "meskander at pwcolofgt100c's password: " (spawn_id exp6) match glob pattern "Connection refused"? no > "Unknown host\r\n"? no > "Host is unreachable"? no > "No address associated with name"? no > "Are you sure you want to continue connecting .*"? no > "Host key not found .* (yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "denied"? no > " ### Login failed"? no > "(login:)"? no > "@[^\r\n]+[Pp]assword:"? yes > expect: set expect_out(0,string) "@pwcolofgt100c's password:" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "meskander at pwcolofgt100c's password:" > send: sending "G0ds at v3s\r" to { exp6 } > expect: continuing expect > > expect: does " " (spawn_id exp6) match glob pattern "Connection refused"? no > "Unknown host\r\n"? no > "Host is unreachable"? no > "No address associated with name"? no > "Are you sure you want to continue connecting .*"? no > "Host key not found .* (yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "denied"? no > " ### Login failed"? no > "(login:)"? no > "@[^\r\n]+[Pp]assword:"? no > "[Pp]assword:"? no > "~ $ "? no > > > expect: does " \r\n" (spawn_id exp6) match glob pattern "Connection refused"? no > "Unknown host\r\n"? no > "Host is unreachable"? no > "No address associated with name"? no > "Are you sure you want to continue connecting .*"? no > "Host key not found .* (yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "denied"? no > " ### Login failed"? no > "(login:)"? no > "@[^\r\n]+[Pp]assword:"? no > "[Pp]assword:"? no > "~ $ "? no > FGT100C3G0860259~ $ > expect: does " \r\nFGT100C3G0860259~ $ " (spawn_id exp6) match glob pattern "Connection refused"? no > "Unknown host\r\n"? no > "Host is unreachable"? no > "No address associated with name"? no > "Are you sure you want to continue connecting .*"? no > "Host key not found .* (yes/no)?"? no > "HOST IDENTIFICATION HAS CHANGED.* (yes/no)?"? no > "Offending key for .* (yes/no)?"? no > "denied"? no > " ### Login failed"? no > "(login:)"? no > "@[^\r\n]+[Pp]assword:"? no > "[Pp]assword:"? no > "~ $ "? yes > expect: set expect_out(0,string) "~ $ " > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) " \r\nFGT100C3G0860259~ $ " > send: sending "\r" to { exp6 } > > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no > "^(.+~ $ )"? no > > > expect: does "\r\r\n" (spawn_id exp6) match regular expression "[\r\n]+"? yes > expect: set expect_out(0,string) "\r\r\n" > expect: set expect_out(spawn_id) "exp6" > expect: set expect_out(buffer) "\r\r\n" > expect: continuing expect > > expect: does "" (spawn_id exp6) match regular expression "[\r\n]+"? no > "^(.+~ $ )"? no > FGT100C3G0860259~ $ > expect: does "FGT100C3G0860259~ $ " (spawn_id exp6) match regular expression "[\r\n]+"? no > "^(.+~ $ )"? no > expect: timed out > > Error: TIMEOUT reached > write() failed to write anything - will sleep(1) and retry... > [rancid at pwcolocacti bin]$ > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jeff Moorse > Sent: Monday, April 20, 2009 11:06 PM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Re: Rancid with Fortigate Devices? > > Anyone know what the correct syntax for the expect script would be to match prompt (assuming the string of #'s following FGT is variable)? > > I have experienced similar problems > > Thanks > On Mon, Apr 20, 2009 at 10:45 AM, john heasley >> wrote: > yep, your prompt is nFGT100C3G0860259~ $ > but the script expects -> > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > -- Jeff Moorse -- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- -- Jeff Moorse -- ________________________________ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not one of the intended recipients, please notify the sender immediately and destroy this e-mail; you must not copy, distribute or take any action in reliance on the information contained within. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20090529/2f8ff717/attachment.html From justin at justinshore.com Fri May 29 19:56:33 2009 From: justin at justinshore.com (Justin Shore) Date: Fri, 29 May 2009 14:56:33 -0500 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <20090529185608.GM28760@shrubbery.net> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> <20090529185608.GM28760@shrubbery.net> Message-ID: <4A203DF1.60206@justinshore.com> Here's the contents of mine: ASA# more disk0:/coredumpinfo/coredump.cfg CD_ENA=no CD_FILESYSTEM=disk0: CD_COMP=yes It looks like some developer decided to store configuration parameters in a file on the disk rather than in the running-config. I downgraded last night but I fully expect the file to be updated with other config if I were to actually enable the coredump feature. I don't know where the actual coredumps would be stored however. It could be in the coredumpinfo directory so excluding the directory and all its contents might not be a good thing. Excluding the coredump.cfg file wouldn't be such a bad thing though. Justin john heasley wrote: > Fri, May 29, 2009 at 08:11:47AM -0400, Sam.Holley at gtri.gatech.edu: >> We to were having the same issue, we did the following to Rancid to keep it from reporting on the file every time it was updated. So far, working like a champ. >> >> >> >> The correct part to edit is the ShowFlash function between ~lines 564 and 577. I added one line under this one: >> >> >> >> /\s+vlan\.dat$/ && next; >> >> >> >> to look like this: >> >> /\s+vlan\.dat$/ && next; >> >> /.*coredumpinfo.*/ && next; > > still, what is the file? is it configuration, which exists in the > show conf, and therefore can just be filtered? or is a coredump, which > you'd want to know about changes. > > ie: should rancid filter it, or say here's the DDTS (Thanks Justin)? > >> >> It now ignores any lines in the flash drive directory listing that contain "coredumpinfo". The '.*' before and after are probably not necessary but it was added. >> >> >> >> Sam >> >> >> >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Serwe >> Sent: Thursday, May 28, 2009 10:59 PM >> To: Justin Shore >> Cc: rancid-discuss at shrubbery.net >> Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... >> >> Anybody running a configuration management system that checks the same things is going to log the change, >> it just so happens that rancid is particularly complete about checking for differences. >> >> For that matter, rancid isn't really a full-fledged configuration management system, but most of what anyone really >> wants to use one for is encompassed in rancid's functionality. Any functioning configuration differ that is as complete >> as rancid would pick up the changes, it just so happens that most people don't run one, or look at the diffs, because >> the rest of them don't email out the changes like rancid does out of the box. >> >> I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. >> >> Peter >> >> On Thu, May 28, 2009 at 7:17 PM, Justin Shore > wrote: >> Justin Shore wrote: >>> I'll put a call into TAC next week and raise hell about this. There's >>> no excuse for this file's timestamp to be hit every time someone does a >>> 'show run' (which is apparently the trigger for this "feature"). >> I opened my case with TAC last week and asked for it to be escalated to >> the DE folks. My TAC engineer ran the case up the flagpole for me and >> this issue is now acknowledged to be and is officially logged as a bug. >> The BugID is CSCsz85597. >> >> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 >> >> My engineer suggested downgrading to the latest 8.0.4 interim release as >> a temporary workaround while the DE folks address the bug and work it >> into a maintenance release, hopefully for 8.2. It should be a really >> simple fix so hopefully it doesn't take too long. The engineer said >> that at least one other person is now attached to this bug and they too >> were running RANCID. >> >> Justin >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> -- >> ???? > >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri May 29 21:21:51 2009 From: heas at shrubbery.net (john heasley) Date: Fri, 29 May 2009 14:21:51 -0700 Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... In-Reply-To: <4A203DF1.60206@justinshore.com> References: <20090512214439.GR25269@shrubbery.net> <4A17A39A.6000902@justinshore.com> <4A1F45CA.7050402@justinshore.com> <8E8D2F59C322B64598D5CBAA2C882F4316C6166E62@apatlisdmail19.core.gtri.org> <20090529185608.GM28760@shrubbery.net> <4A203DF1.60206@justinshore.com> Message-ID: <20090529212151.GS28760@shrubbery.net> Fri, May 29, 2009 at 02:56:33PM -0500, Justin Shore: > Here's the contents of mine: > > ASA# more disk0:/coredumpinfo/coredump.cfg > CD_ENA=no > CD_FILESYSTEM=disk0: > CD_COMP=yes looks useless to me; seems that info is either in the config or the file contents should be displayed by rancid, and filter the file from the flash listing. Index: rancid.in =================================================================== RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v retrieving revision 1.255 diff -d -u -r1.255 rancid.in --- rancid.in 20 Apr 2009 19:56:27 -0000 1.255 +++ rancid.in 29 May 2009 21:20:41 -0000 @@ -705,6 +705,8 @@ } /\s+(multiple-fs|nv_hdr|vlan\.dat)$/ && next; + # filter coredumpinfo/coredump.cfg + /\s+oredumpinfo\/coredump.cfg$/ && next; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); > It looks like some developer decided to store configuration parameters > in a file on the disk rather than in the running-config. I downgraded > last night but I fully expect the file to be updated with other config > if I were to actually enable the coredump feature. I don't know where > the actual coredumps would be stored however. It could be in the > coredumpinfo directory so excluding the directory and all its contents > might not be a good thing. Excluding the coredump.cfg file wouldn't be > such a bad thing though. > > Justin > > > john heasley wrote: >> Fri, May 29, 2009 at 08:11:47AM -0400, Sam.Holley at gtri.gatech.edu: >>> We to were having the same issue, we did the following to Rancid to keep it from reporting on the file every time it was updated. So far, working like a champ. >>> >>> >>> >>> The correct part to edit is the ShowFlash function between ~lines 564 and 577. I added one line under this one: >>> >>> >>> >>> /\s+vlan\.dat$/ && next; >>> >>> >>> >>> to look like this: >>> >>> /\s+vlan\.dat$/ && next; >>> >>> /.*coredumpinfo.*/ && next; >> >> still, what is the file? is it configuration, which exists in the >> show conf, and therefore can just be filtered? or is a coredump, which >> you'd want to know about changes. >> >> ie: should rancid filter it, or say here's the DDTS (Thanks Justin)? >> >>> >>> It now ignores any lines in the flash drive directory listing that contain "coredumpinfo". The '.*' before and after are probably not necessary but it was added. >>> >>> >>> >>> Sam >>> >>> >>> >>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Peter Serwe >>> Sent: Thursday, May 28, 2009 10:59 PM >>> To: Justin Shore >>> Cc: rancid-discuss at shrubbery.net >>> Subject: [rancid] Re: Cisco ASA 8.2 software - changes.... >>> >>> Anybody running a configuration management system that checks the same things is going to log the change, >>> it just so happens that rancid is particularly complete about checking for differences. >>> >>> For that matter, rancid isn't really a full-fledged configuration management system, but most of what anyone really >>> wants to use one for is encompassed in rancid's functionality. Any functioning configuration differ that is as complete >>> as rancid would pick up the changes, it just so happens that most people don't run one, or look at the diffs, because >>> the rest of them don't email out the changes like rancid does out of the box. >>> >>> I haven't noticed, FWIW, the same behavior in the 7.2.4 branch. >>> >>> Peter >>> >>> On Thu, May 28, 2009 at 7:17 PM, Justin Shore > wrote: >>> Justin Shore wrote: >>>> I'll put a call into TAC next week and raise hell about this. There's >>>> no excuse for this file's timestamp to be hit every time someone does a >>>> 'show run' (which is apparently the trigger for this "feature"). >>> I opened my case with TAC last week and asked for it to be escalated to >>> the DE folks. My TAC engineer ran the case up the flagpole for me and >>> this issue is now acknowledged to be and is officially logged as a bug. >>> The BugID is CSCsz85597. >>> >>> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsz85597 >>> >>> My engineer suggested downgrading to the latest 8.0.4 interim release as >>> a temporary workaround while the DE folks address the bug and work it >>> into a maintenance release, hopefully for 8.2. It should be a really >>> simple fix so hopefully it doesn't take too long. The engineer said >>> that at least one other person is now attached to this bug and they too >>> were running RANCID. >>> >>> Justin >>> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >>> >>> >>> -- >>> ???? >> >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss