[rancid] Fortigate additional tweaks and device filters

heasley heas at shrubbery.net
Tue Jul 31 21:14:20 UTC 2018


Fri, Jul 27, 2018 at 08:02:28AM -0500, Chris Wopat:
> Hi Heasley and folks,
> 
> Sept 2017 i sent a note in with some proposed tweaks to a Fortigate. to
> filter out some additional chattiness, see:
> 
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-September/009871.html
> http://www.shrubbery.net/pipermail/rancid-discuss/2017-June/009643.html
> 
> A few people chimed in seeming to be OK with the propsed changes, which are
> to filter these things:
> 
> next if (/^\s*IPS-ETDB: .*/);
> next if (/^\s*APP-DB: .*/);
> next if (/^\s*IPS Malicious URL Database: .*/);
> next if (/^\s*Botnet DB: .*/);
> 
> Mentioning this as 3.8 came out and i didn't notice any of these included.
> 
> We have an additional fortigate tweak we make every time we update too,
> which to change from 'show full-configuration' to just 'show' in
> @commandtable. 'full-configuration' shows default config, just like the
> cisco 'full' command. It's really not necessary IMO.

This is from:
r2258 | heas | 2010-10-11 20:49:05 +0000 (Mon, 11 Oct 2010) | 3 lines

fnrancid: update recent fortinet software - Diego Ercolani
Cleaned-up a little by me.

afaict, the justification for full-configuration was so that VDOMs would
be included in the output.  perhaps this behavior has changed since this
change??  I have none of these devices.



More information about the Rancid-discuss mailing list