[rancid] Watchguard xml file

Wayne Eisenberg Wayne.Eisenberg at CarolinasIT.com
Wed Jul 3 16:18:25 UTC 2019

If I run the export command manually, it just dumps the whole thing to the screen without any breaks or requests to 'hit space to continue' or things like that, so I don't *think* it's a page length type setting?

Actually, I just did another review and I'm thinking that it has something to do with the prompt definition. Just so we're looking at the same thing, the files are here: https://github.com/hillscott/rancid-watchguard. Forked from https://bitbucket.org/aquerubin/rancid-vyatta. 

In the xtmlogin file, it sets the prompt (line 436) to something I don't see. In this original state, xtmlogin never recognized it finished the login. When I changed that line to
set prompt ">>|#"
then xtmlogin completes successfully. (The prompt for this watchguard firewall is "WG#")

foreach router [lrange $argv $i end] {
    set router [string tolower $router]
    send_user "$router\n"

    # device timeout
    set timeout [find timeout $router]
    if { [llength $timeout] == 0 } {
	set timeout $timeoutdflt

    set prompt ">>"

    # Figure out username
    if {[info exists username]} {

However, in the xtm.pm module, line 102 defines it again. 
while (/\s*($cmds_regexp)\s*$/) {
	    $cmd = $1;
	    $prompt = ">>";

	    if (!defined($prompt)) {
		$prompt = ($_ =~ /^([^>]+>)/)[0];
		$prompt =~ s/([][}{)(\\])/\\$1/g;
		print STDERR ("PROMPT MATCH: $prompt\n") if ($debug);
	    print STDERR ("HIT COMMAND:$_") if ($debug);
	    if (! defined($commands{$cmd})) {
		print STDERR "$host: found unexpected command - \"$cmd\"\n";
		$clean_run = 0;
		last TOP;
	    $rval = &{$commands{$cmd}}($INPUT, $OUTPUT, $cmd);
	    if ($rval == -1) {
		$clean_run = 0;
		last TOP;
Once you get to the sub ShowConfiguration section, on line 199 if it sees the prompt, end. Guess what? The "#" character is inside the config (there is some html code in one of the xml sections) and that is where the config ends.

sub ShowConfiguration {
    my($INPUT, $OUTPUT, $cmd) = @_;
    my($lines) = 0;
    my($snmp) = 0;
    print STDERR "    In ShowConfiguration: $_" if ($debug);
    # We don't care about password filtering as passwords are hashed
    # So don't use this if you need it (or develop the functionality).
    if ($filter_pwds >= 1){
        print STDERR "WARNING: Password filtering isn't implemented yet!\n";
        print STDERR "Either disable password filtering in rancid.conf";
        print STDERR " or don't use this plugin.\n";
    ProcessHistory("","","","# $_");
    while (<$INPUT>) {
	next if (/^\s*$/);
	# end of config - hopefully.
	# end-of-config tag.  appears to end with "\nPROMPT:~$".
	if (/$prompt/) {

So I'm thinking if I can figure out a different way to define the prompt to be more than just the # sign (at least in the xtm.pm), that should do the trick? Can you do something like $prompt = "#$" ?


-----Original Message-----
From: john heasley <heas at shrubbery.net> 
Sent: Tuesday, July 02, 2019 7:48 PM
To: Wayne Eisenberg <Wayne.Eisenberg at CarolinasIT.com>
Cc: 'rancid-discuss at shrubbery.net' <rancid-discuss at shrubbery.net>
Subject: Re: [rancid] Watchguard xml file

Sat, Jun 29, 2019 at 11:46:23AM +0000, Wayne Eisenberg:
> Hi,
> OK, so I can get into the firewall and pull the config with "export config to console". However, the config file is a very large xml file, this one is about 2MB in size. However, it seems like it only recorded the first 388KB of data. Is there a size limit on what rancid can process, or maybe there was a character in the xml that rancid didn't like and it just aborted processing it? How would I go about troubleshooting this?

there is no such limit.  I would suspect a PAGER is involved, causing the output to cease.

More information about the Rancid-discuss mailing list