[rancid] Juniper 'last commit' + Fortigate whitespace + DB

doug.hughes at keystonenap.com doug.hughes at keystonenap.com
Sat Sep 30 03:14:13 UTC 2017

Sent from my android device.

-----Original Message-----
From: heasley <heas at shrubbery.net>
To: Chris Wopat <me at falz.net>
Cc: rancid-discuss at shrubbery.net
Sent: Fri, 29 Sep 2017 22:54
Subject: Re: [rancid] Juniper 'last commit' + Fortigate whitespace + DB

Fri, Sep 29, 2017 at 07:28:27AM -0500, Chris Wopat:
>> Hey folks,
>> We recently updated to 3.7, a few comments/questions.
>> * Juniper was updated to ignore 'last committed by' line. Changelog
>> says 'useless
>> last commit config line'. Curious what others think about this. We think
>> it's quite valuable and is a nice way help correlate changes to accounts
>> that made the change. For now we've manually restored it, which is easy
>> enough.
>there is only one way that that token can be guaranteed - if rancid were
>guaranteed to collect the information before anyone else could run a
>commit.  if folks really like that ...

Since it doesn't show up without a commit, it actually does seem valuable to keep in since it won't generate noise.

> * We see the 'show chassis firmware' line come and go on some devices. This
> happened prior to 3.7 as well. This has been witnessed on MX running 15.1,
> QFX running 14.1X53-D45, and possibly other devices.
> + # show chassis firmware

hrm, what model MX?  I've not seen this in the lab or production for mx
or ptx.  perhaps we can chat about whats different in your env.

> * Fortigate: Some change was made to fix an issue where there was
> artificial spacing/line wraps being detected on Fortigate (
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-May/009620.html).
> Just wanted to say thanks, this makes Fortigates 20x less chatty!


>> * Fortigate suggestion: We manually add this to fnrancid still in GetSystem
>> to keep the chatter down. This was previously mentioned in this thread as
>> well:
>> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html,
>> curious if others would like to see these added as well.
>> next if (/^\s*IPS-ETDB: .*/);
>> next if (/^\s*APP-DB: .*/);
>> next if (/^\s*IPS Malicious URL Database: .*/);
>> next if (/^\s*Botnet DB: .*/);
>sure; i have none of these boxes and have no idea about the syntax of
>these lines.  opinion of other folks is???  Something that is useless
>or somthing that should be wrapped in "if ($rancid.conf:FILTER_OSC)"?

since those are all content/feature based and not configurable, it seems reasonable. It may also be reasonable for somebody to want to see the changes, but I think the normal mode would be to want to ignore.

Rancid-discuss mailing list
Rancid-discuss at shrubbery.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20170929/9220e687/attachment.html>

More information about the Rancid-discuss mailing list