[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Chris Wopat me at falz.net
Tue Jun 6 13:26:52 UTC 2017 

On 06/06/2017 01:43 AM, heasley wrote:
> Tue, May 30, 2017 at 01:25:29PM +0000, Alexander Griesser:
>> Hi,
>>
>> me too (tm).
>> On all of my fortigates - also happens on Quaggas, fwiw.
>> The linebreaks are hard to ignore for diff, but this one:
>>
>> -     next
>> + next
>>    end
> 
> Is the command to disable the pager perhaps not working?

disabling pager appears to be working properly, the fnlogin script seems 
to properly do the correct commands (page 496 of 
http://docs.fortinet.com/uploaded/files/800/fortigate-cli-50.pdf )

	config system console
	set output standard

It does appear to send a "config global" command prior to this which 
appears to not be valid on fortiOS 5.2/5.4/5.6. Perhaps necessary on 
older versions, unsure.


>> 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match better with how most devices are handled.
> 
> I do not know the platform; you folks tell me.  or, covert it to a module and
> have more than one spec.

I'd like to hear if others are on board with this, if so the quick and 
dirty is just adjusting @commandtable's

	{'show full-configuration'     => 'GetConf'}

to

	 {'show' => 'GetConf'}


Another patch that I hope others agree on would be to add this to sub 
GetSystem {}

         next if (/^\s*IPS-ETDB: .*/);
         next if (/^\s*APP-DB: .*/);
         next if (/^\s*IPS Malicious URL Database: .*/);
         next if (/^\s*Botnet DB: .*/);

There are already a few lines like this in there, this may be fixes for 
newer versions of those names or newer features.

They're supper chatty and update every few days with revision #s and 
timestamps. Example lines if the regexp should be tweaked further (it 
was copied from existing):

	IPS-ETDB: 11.00153(2017-06-05 18:43)
	APP-DB: 11.00152(2017-06-01 23:21)
	IPS Malicious URL Database: 1.00665(2017-06-05 05:25)
	Botnet DB: 3.00393(2017-06-05 10:09)

--Chris

More information about the Rancid-discuss mailing list