[rancid] Fortigate - tweak suggestion as well as issue with spacing FortiOS >5.4+
Griesser Alexander
AGriesser at anexia-it.com
Thu Jun 8 06:30:56 UTC 2017
Hey,
> >> 1) feature - i'd suggest changing the config it fetches from 'show full-configuration' to just 'show', which will show only non-default stuff. 'show full-configuration' is equivilant to IOS's 'show running-config full'. 'show' seems to match
> >> better with how most devices are handled.
>>
>> I do not know the platform; you folks tell me. or, covert it to a
>> module and have more than one spec.
>
>I'd like to hear if others are on board with this, if so the quick and dirty is just adjusting @commandtable's
>
> {'show full-configuration' => 'GetConf'}
>
>to
>
> {'show' => 'GetConf'}
I think default values might change from time to time, so I do usually prefer to have a full config dump of my devices, just in case I need to recover from an older version of the configuration after an upgrade - but I'm not exactly sure how Forti* handles these kinds of things, so basically, I do not really have a strong opinion on that.
> Another patch that I hope others agree on would be to add this to sub GetSystem {}
>
> next if (/^\s*IPS-ETDB: .*/);
> next if (/^\s*APP-DB: .*/);
> next if (/^\s*IPS Malicious URL Database: .*/);
> next if (/^\s*Botnet DB: .*/);
>
> There are already a few lines like this in there, this may be fixes for newer versions of those names or newer features.
+1 on that, good point.
Best,
Alex
More information about the Rancid-discuss
mailing list