[rancid] rancid login etc. for palo alto and silver peak

Peter Jackson peterjackson1610 at gmail.com
Tue Oct 30 01:42:34 UTC 2012


Doug, I have setup your panrancid and panlogin and they are working fine.

However, I just found that you can show the PA config in 'set' format (set
cli config-output-format set) and I like that better than the defaul xml
format.  I would like to back up the configs this way but you have to go
into configure mode in order to show the config in set format.

I have tried to modify panlogin but I don't know expect well enough.  I was
actually trying to borrow the enable section from clogin because panlogin
doesn't have a provision for enable mode and while it's not really enable
mode that we're getting into, the prompts are the same, > and #.

Any ideas?


On Wed, Sep 12, 2012 at 11:53 AM, Hughes, Doug <
Douglas.Hughes at deshawresearch.com> wrote:

>  Yes, it’s for the anti-virus and botnet stuff.  If you don’t want those
> diffs, you can comment that part out in the palorancid file.****
>
> ** **
>
> I thought it might be useful. I might disable it myself.****
>
> ** **
>
> *From:* Peter Jackson [mailto:peterjackson1610 at gmail.com]
> *Sent:* Wednesday, September 12, 2012 6:02 AM
> *To:* Hughes, Doug
> *Cc:* rancid-discuss at shrubbery.net
> *Subject:* Re: [rancid] rancid login etc. for palo alto and silver peak***
> *
>
> ** **
>
> Doug, thanks for posting this.  I have set this up for one of our PAs but
> we get the following diffs every so often - not every other RANCID run, but
> at least a few times a week.
>
> Have you seen anything like this?
>
>   #RANCID-CONTENT-TYPE: paloalto
>   #
> + exit
> + admin at pa101> show
> + admin at pa101> show config
> + admin at pa101> show config running
>
>   config {
>     shared {
>       ssl-decrypt {
>
>
>   #RANCID-CONTENT-TYPE: paloalto
>   #
> - exit
> - admin at pa101> show
> - admin at pa101> show config
> - admin at pa101> show config running
>
>   config {
>     shared {
>       ssl-decrypt {
>
> ****
>
> On Tue, Aug 14, 2012 at 10:23 AM, Hughes, Doug <
> Douglas.Hughes at deshawresearch.com> wrote:****
>
> A few people have requested this, so I’m attaching the few hours of work I
> put into making the rancid login/auth/archive for SilverPeak and for
> PaloAlto devices. Both of these use ssh for authentication, but I didn’t
> setup or test RSA key auth in either case. The SilverPeak has been tested
> with ‘enable’ mode. By default they ship with no enable password.
> (Apologies for the Windows style attachments.) Both have been copied from
> another script and modified, so there’s probably quite a bit of cruft in
> there that doesn’t need to be, but I  cleaned up the worst of it. I’m sure
> there are a lot of gratuitous regular expressions that could still be
> eliminated.****
>
>  ****
>
>  ****
>
> Here’s what you need in rancid-fe:****
>
>  ****
>
> %vendortable = (****
>
> …****
>
>    'silverpeak'        => 'silverrancid',****
>
>     'paloalto'          => 'panrancid',****
>
> …****
>
>  ****
>
> You can figure our .cloginrc yourself, just don’t forget the enable
> password for the silverpeak, if you have any. ;)****
>
>  ****
>
>  ****
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss****
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20121029/a6aa8cde/attachment.html>


More information about the Rancid-discuss mailing list