[rancid] fortigate 100E hourly changes not filtered
john heasley
heas at shrubbery.net
Tue Apr 28 20:28:49 UTC 2020
Tue, Apr 28, 2020 at 08:24:01PM +0000, Tim McIntire:
> Hi All,
>
> Having a problem with Rancid 3.9 with Fortigate 100E firewall. Each hour, the config is updated with new Virus files and it is triggering an update/email for the change.
>
> Here is the delta:
>
> @@ -1,12 +1,12 @@
>
> #RANCID-CONTENT-TYPE: fortigate
> #
> #Version: FortiGate-100E v6.2.3,build1066,191218 (GA)
> - #Virus-DB: 77.00033(2020-04-28 08:20)
> - #Extended DB: 77.00033(2020-04-28 08:20)
> - #IPS-DB: 15.00828(2020-04-25 01:28)
> + #Virus-DB: 77.00035(2020-04-28 10:20)
> + #Extended DB: 77.00035(2020-04-28 10:20)
> + #IPS-DB: 15.00829(2020-04-28 00:39)
> #IPS-ETDB: 0.00000(2001-01-01 00:00)
> - #APP-DB: 15.00828(2020-04-25 01:28)
> + #APP-DB: 15.00829(2020-04-28 00:39)
> #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
> #Serial-Number: FG100ETK19022626
> #IPS Malicious URL Database: 2.00627(2020-04-28 05:33)
> #Botnet DB: 1.00000(2012-05-28 22:51)
>
> I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up. Has anyone else seen this?
>
> Thanks for a really useful product, it has saved us on a number of occasions.
rancid.conf:FILTER_OSC=ALL (or in <group>/rancid.conf) must be set to filter
these. It defaults to YES. Also see rancid.conf(5).
More information about the Rancid-discuss
mailing list