[rancid] SNMP community string not being removed (ASA/PIX/FWSM)
Skye Hagen
skyeh at uidaho.edu
Sat Mar 24 18:41:21 UTC 2012
I am running RANCID 2.3.6, and noticed that the snmp community string was
not being removed on certain lines from our Firewall Services Module (FWSM)
configs. The specific line was 'snmp-server host outside 10.10.196.238 poll
community <comm_str>'. I checked, and it doesn¹t look like this bug was
fixed in 2.3.8.
There is no Cisco Command Lookup Tool for the FWSM directly, however it is
based on older versions of the PIX/ASA commands. For ASA version 7.x and
lower, the format of the command is 'snmp-server host interface_name
ip_address [trap | poll] [community text] [version {1 | 2c}] [udp-port port]
'.
For ASA version 8.x and higher, the format changed a little. It is
'snmp-server host {interface {hostname | ip_address}} [trap | poll]
[community 0 | 8 community-string] [version {1 | 2c | 3 username}]
[udp-port port] '.
To cover both of these formats, I changed this section of rancid from...
if (/^(snmp-server community) (\S+)/) {
if ($filter_commstr) {
ProcessHistory("SNMPSERVERCOMM","keysort","$_",
"!$1 <removed>$'") && next;
} else {
ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") &&
next;
}
}
To...
if (/^(snmp-server .*community) ([08] )?(\S+)/) {
if ($filter_commstr) {
ProcessHistory("SNMPSERVERCOMM","keysort","$_",
"!$1 $2<removed>$'") && next;
} else {
ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") &&
next;
}
}
I don't have an ASA 8.x device, so I couldn't test this with a real config.
It worked when I dummied up an ASA config, and it works with my FWSM
configs.
Skye.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20120324/294eeb92/attachment.html>
More information about the Rancid-discuss
mailing list