[rancid] Duplicate entries, sort of
on at LEFerguson.com
on at LEFerguson.com
Sun Oct 11 16:55:52 UTC 2015
These look like someone has saved a new copy of a text file, either with some automation or manually, notice the dates which are (reasonably) current.
There's an example out there in the mailing list for WAP's (http://www.gossamer-threads.com/lists/rancid/users/7715) that should provide some guidance how you could omit these entirely by patching, which worked for the WAP issues.
I believe, however, that you should not patch it but find the underlying cause. I'll share my own similar case (and not to hijack the thread but maybe someone has a clue for me). I have two ASA's that are giving differences like the below. Notice that all that changes is the number on the left (is that some kind of file number) without producing a new date. I THINK what is happening is that the router reboots, runs FSCK and gives a new file number for reasons a bit unclear (it is not producing new FSCKxxxx.REC files, they are all old and unchanging). However, I am unconvinced there is a reboot each time, as (a) they never show up as down on monitoring (polling 60 seconds so it might miss) and while one shows a few reboots, the other only had 1 in a month and more differences than that.
I am curious if someone knows of a good approach (which might apply to the OP as well) to monitor flash for unexpected changes, some way to audit or trap so you know when it happened? Especially in my case, where the date is not changing, there's no indication except when rancid pulls a new copy.
But for Ryan's case, if you have logs, I'd look at the date/time indicated and see if something else was going on? I think changing rancid in this case will just hide the cause, not fix it. As I think it would in mine. But I'm sympathetic as I have effectively an alarm without a clue what to do.
PS. I'm aware of the very old crypto crash bug, and the guy managing these is or has opened a cisco case to see if it applies, no word yet. But why wouldn't they give new dates?
retrieving revision 1.17
diff -u -4 -r1.17 trsrasa5505.moran.local @@ -29,10 +29,10 @@
!Flash: 117 4181246 Apr 28 2008 12:41:20 securedesktop-asa-3.2.1.103-k9.pkg
!Flash: 118 398305 Apr 28 2008 12:41:36 sslclient-win-1.1.0.154.pkg
!Flash: 119 11491880 Jun 26 2011 15:45:18 asdm-623.bin
!Flash: 12 4096 Mar 06 2012 06:44:46 crypto_archive
- !Flash: 140 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin
- !Flash: 141 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin
+ !Flash: 142 394148 Dec 06 2011 22:11:24 crypto_archive/crypto_eng0_arch_1.bin
+ !Flash: 143 394148 Mar 06 2012 06:44:46 crypto_archive/crypto_eng0_arch_2.bin
!Flash: 121 15390720 Sep 14 2011 06:44:12 asa825-k8.bin
!Flash: 122 28672 Dec 31 1979 18:00:00 FSCK0000.REC
!Flash: 3 4096 May 30 2008 10:41:34 log
!Flash: 13 4096 Jun 26 2011 16:01:38 coredumpinfo
-----Original Message-----
From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of heasley
Sent: Sunday, October 11, 2015 12:15 PM
To: Ryan Milton <ryanmilton74 at gmail.com>
Cc: Rancid-discuss at shrubbery.net
Subject: Re: [rancid] Duplicate entries, sort of
Sun, Oct 11, 2015 at 10:45:23AM -0400, Ryan Milton:
> Forgive that I've asked this before. I have a mix of hardware, all us
> good except one cisco that rancid sends 100's of emails for daily.
>
> What happens is that rancid reads the flash changes and reports on it
> constantly.
>
> How do I edit rancid to ignore these?
>
> Pardon the small screenshot.
make sure that you are running rancid 3.2. if its still occuring, its either a flaw in the IOS or the filter in rancid is missing it. upgrade the ios if its an ios flaw, else show the changes to us for modification of the filter.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss
More information about the Rancid-discuss
mailing list