[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+

Griesser Alexander AGriesser at anexia-it.com
Thu Jun 8 06:30:56 UTC 2017


Hey,

> >> 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match
> >> better with how most devices are handled.
>> 
>> I do not know the platform; you folks tell me.  or, covert it to a 
>> module and have more than one spec.
>
>I'd like to hear if others are on board with this, if so the quick and dirty is just adjusting @commandtable's
>
>	{'show full-configuration'     => 'GetConf'}
>
>to
>
>	 {'show' => 'GetConf'}

I think default values might change from time to time, so I do usually prefer to have a full config dump of my devices, just in case I need to recover from an older version of the configuration after an upgrade - but I'm not exactly sure how Forti* handles these kinds of things, so basically, I do not really have a strong opinion on that.

> Another patch that I hope others agree on would be to add this to sub GetSystem {}
>
>         next if (/^\s*IPS-ETDB: .*/);
>         next if (/^\s*APP-DB: .*/);
>         next if (/^\s*IPS Malicious URL Database: .*/);
>         next if (/^\s*Botnet DB: .*/);
>
> There are already a few lines like this in there, this may be fixes for newer versions of those names or newer features.

+1 on that, good point.

Best,
Alex


More information about the Rancid-discuss mailing list