[rancid] Rancid-discuss Digest, Vol 37, Issue 15

Chris Davis Chris.Davis at prin.edu
Tue Nov 26 20:16:45 UTC 2013 

Thanks for your reply Alan.  Someone answered me by personal email.  What I discovered was that there were 2 patches that related to Fortinet on the Rancid ftp site.  (I didn't even know there was one)   Once I found it and the patches, I applied them to my 2.3.8 build and re-made the package and installed it.  The problems were taken care of by the patches.  The biggest one was that fnlogin was calling for a port for ssh and not supplying one.  That problem was fixed by patch 3.  Patch 4 looks like it dealt with the key issue and was recommended, so I installed that one as well.  

Everything has been perfect since.   No more 24 times a day diff files with Keys and date/time data in them.  And I made some insignificant changes on the firewall and they were reported properly on subsequent runs.  Much, much better.   Thanks to whoever wrote those patches.  Just wish I had gotten around to this earlier.  

Chris


-----Original Message-----
Message: 2
Date: Tue, 26 Nov 2013 01:25:20 +0200
From: Alan McKinnon <alan.mckinnon at gmail.com>
To: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Fortinet Firewall Question.
Message-ID: <5293DC60.6020403 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On 25/11/2013 21:53, Chris Davis wrote:
> I have configured Rancid to process my Fortinet Firewalls.  I was 
> running 2.3.6 and it was reporting every hour with changes because of 
> the time and keys in my HA cluster.  Well, I finally had the time to 
> look at upgrading it to 2.3.8 today.  I waited until after the hourly 
> processing, and configured, made and installed the upgrade.
> 
>  
> 
> I let it run, and voila, no firewall change.   The end of the hourly
> config diffs has finally ended.  So then I went in and deleted a
> disabled record, hoping to see it on the next hourly run.   But I got
> nothing.  The firewall itself emailed me the change, but I saw nothing 
> reported in Rancid.
> 
>  
> 
> Any ideas?




There are two main possibilities for the behaviour you describe:

- regexes have been updated to remove that annoying cycling data
- 2.3.8 is not sending mail (or you are not getting it).

A few simple questions to determine which it is:

- do you still receive other mail from rancid?
- are the line of interest appearing in rancid's output file? Do they change there after you make a config change on the device?



--
Alan McKinnon
alan.mckinnon at gmail.com
*****************************

More information about the Rancid-discuss mailing list