[rancid] fortigate 100E hourly changes not filtered

john heasley heas at shrubbery.net
Tue Apr 28 20:28:49 UTC 2020


Tue, Apr 28, 2020 at 08:24:01PM +0000, Tim McIntire:
> Hi All,
> 
> Having a problem with Rancid 3.9 with Fortigate 100E firewall.  Each hour, the config is updated with new Virus files and it is triggering an update/email for the change.
> 
> Here is the delta:
> 
> @@ -1,12 +1,12 @@
> 
>   #RANCID-CONTENT-TYPE: fortigate
>   #
>   #Version: FortiGate-100E v6.2.3,build1066,191218 (GA)
> - #Virus-DB: 77.00033(2020-04-28 08:20)
> - #Extended DB: 77.00033(2020-04-28 08:20)
> - #IPS-DB: 15.00828(2020-04-25 01:28)
> + #Virus-DB: 77.00035(2020-04-28 10:20)
> + #Extended DB: 77.00035(2020-04-28 10:20)
> + #IPS-DB: 15.00829(2020-04-28 00:39)
>   #IPS-ETDB: 0.00000(2001-01-01 00:00)
> - #APP-DB: 15.00828(2020-04-25 01:28)
> + #APP-DB: 15.00829(2020-04-28 00:39)
>   #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
>   #Serial-Number: FG100ETK19022626
>   #IPS Malicious URL Database: 2.00627(2020-04-28 05:33)
>   #Botnet DB: 1.00000(2012-05-28 22:51)
> 
> I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up.   Has anyone else seen this?
> 
> Thanks for a really useful product, it has saved us on a number of occasions.

rancid.conf:FILTER_OSC=ALL (or in <group>/rancid.conf) must be set to filter
these.  It defaults to YES.  Also see rancid.conf(5).



More information about the Rancid-discuss mailing list