From guy20034u at yahoo.com Wed Dec 1 07:55:13 2021 From: guy20034u at yahoo.com (simon ben) Date: Wed, 1 Dec 2021 07:55:13 +0000 (UTC) Subject: [rancid] Backup Fortygate 100D In-Reply-To: References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> Message-ID: <1576636436.1768654.1638345313479@mail.yahoo.com> Thanks heasley and Ugo for your prompt reply will implement and update?really appreciate thanks and Regards simon On Tuesday, November 30, 2021, 09:45:10 PM GMT+3, heasley wrote: Tue, Nov 30, 2021 at 06:16:58PM +0000, simon ben: > Dear All, > I am running Rancid in production environment and backing up Cisco Routers and Switches and its working greatPlan to backup FortygateI have 2 fortgates in active/active HA in our production data center > Can I go with the same steps as I do when I add another cisco switch or router or anything needs to be done either on rancid server side or the Fortygate sideAppreciate your kind advice. > Since this fortygate is in Production just want to be more cautious The device type used in your router.db be must be one of the following, assuming you have a recent version of rancid: # Fortinet Fortigate firewall # Normal or FULL (with defaults) configuration fortigate;script;rancid -t fortigate fortigate;login;fnlogin fortigate;timeout;90 fortigate;module;fortigate fortigate;inloop;fortigate::inloop fortigate;command;fortigate::GetSystem;get system status fortigate;command;fortigate::GetConf;show # fortigate-full;script;rancid -t fortigate-full fortigate-full;login;fnlogin fortigate-full;timeout;90 fortigate-full;module;fortigate fortigate-full;inloop;fortigate::inloop fortigate-full;command;fortigate::GetSystem;get system status fortigate-full;command;fortigate::GetConf;show full-configuration the user that rancid logs-in as on the fortigate must have the permission to run the commands above. -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at falz.net Fri Dec 3 14:13:22 2021 From: me at falz.net (Chris Wopat) Date: Fri, 3 Dec 2021 08:13:22 -0600 Subject: [rancid] change rancid.conf config setting once a week Message-ID: Hi folks, We run rancid hourly. Some devices (fortigate) have what i consider a bug where every time you display the config, it encrypts the passwords differently. We have this filtered with `FILTER_OSC=ALL; export FILTER_OSC` in rancid.conf. Without this, there would be a diff every time it runs. On a less frequent schedule, we would like to capture these passwords, perhaps weekly. I'm thinking we could set up a 2nd cronjob for this but with `FILTER_OSC=NO`. Is there any way to pass these config settings to this separate cron entry without modifying rancid.conf? The config file looks to be setting environment variables but I'm unsure if a local environment variable would override rancid.conf's settings. Cheers, --Chris From heas at shrubbery.net Fri Dec 3 15:49:35 2021 From: heas at shrubbery.net (heasley) Date: Fri, 3 Dec 2021 15:49:35 +0000 Subject: [rancid] change rancid.conf config setting once a week In-Reply-To: References: Message-ID: Fri, Dec 03, 2021 at 08:13:22AM -0600, Chris Wopat: > Is there any way to pass these config settings to this separate cron > entry without modifying rancid.conf? The config file looks to be > setting environment variables but I'm unsure if a local environment > variable would override rancid.conf's settings. if a separate group is used, a group-specific rancid.conf can be used to over-ride the global config. /pathto//rancid.conf, next to the group's router.db. it could be done in the environment that exececute rancid-run, but other changes would be needed to facilitate that.. From me at falz.net Fri Dec 3 16:02:56 2021 From: me at falz.net (Chris Wopat) Date: Fri, 3 Dec 2021 10:02:56 -0600 Subject: [rancid] change rancid.conf config setting once a week In-Reply-To: References: Message-ID: On Fri, Dec 3, 2021 at 9:49 AM heasley wrote: > > if a separate group is used, a group-specific rancid.conf can be used > to over-ride the global config. /pathto//rancid.conf, > next to the group's router.db. > > it could be done in the environment that exececute rancid-run, but > other changes would be needed to facilitate that.. We have everything one group now, so in theory i could setup a 2nd group and i suppose have two copies of the config, each running at their own separate intervals? Main downside to this is being confused as to which config to look at. Any further elaboration on 'other changes' with the environment variable method, or is that a deep rabbit hole? --Chris From heas at shrubbery.net Fri Dec 3 19:26:09 2021 From: heas at shrubbery.net (heasley) Date: Fri, 3 Dec 2021 19:26:09 +0000 Subject: [rancid] change rancid.conf config setting once a week In-Reply-To: References:

Message-ID: Fri, Dec 03, 2021 at 10:02:56AM -0600, Chris Wopat: > On Fri, Dec 3, 2021 at 9:49 AM heasley wrote: > > > > if a separate group is used, a group-specific rancid.conf can be used > > to over-ride the global config. /pathto//rancid.conf, > > next to the group's router.db. > > > > it could be done in the environment that exececute rancid-run, but > > other changes would be needed to facilitate that.. > > We have everything one group now, so in theory i could setup a 2nd > group and i suppose have two copies of the config, each running at > their own separate intervals? > > Main downside to this is being confused as to which config to look at. I would just send the diffmail for the secondary group to /dev/null. you only care that the data is retained. since it changes upon each run, it does not indicate if the underlying information is changing. > Any further elaboration on 'other changes' with the environment > variable method, or is that a deep rabbit hole? the lines in rancid.conf(s)s would need to check for an existing value; eg - foo=value;export foo + foo=${foo:-value};export foo else rancid.conf would over-ride. I think that would be sufficient. From cedric.bassaget.ml at gmail.com Mon Dec 6 09:46:39 2021 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?BASSAGET_C=C3=A9dric?=) Date: Mon, 6 Dec 2021 10:46:39 +0100 Subject: [rancid] h3crancid problem Message-ID: Hello, I have a problem when trying to rancid h3c switches : rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/rancid -d -t h3c sw-hp-hits-stack loadtype: device type h3c loadtype: found device type h3c at /usr/local/rancid/etc/rancid.types.base:595 loadtype: found device type h3c aliased to h3crancid loadtype: device type h3crancid loadtype: found device type h3crancid at /usr/local/rancid/etc/rancid.types.base:596 executing h3clogin -t 90 -c"" sw-hp-hits-stack sw-hp-hits-stack: missed cmd(s): all commands sw-hp-hits-stack: End of run not found sw-hp-hits-stack: clean_run is false sw-hp-hits-stack: found_end is false I don't understand why the "-c" parameter is empty. when running directly h3crancid it works fine : rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/h3crancid -d sw-hp-hits-stack -h executing h3clogin -t 20 -c"display version;display startup;dir /all /all-filesystems;display device;display fan;display power;display domain;display local-user;display ssh server status;display ntp-service status;display current-configuration" sw-hp-hits-stack PROMPT MATCH: HIT COMMAND:display version In CommentOutput: display version HIT COMMAND:display startup In CommentOutput: display startup HIT COMMAND:dir /all /all-filesystems In CommentOutput: dir /all /all-filesystems HIT COMMAND:display device In CommentOutput: display device HIT COMMAND:display fan In CommentOutput: display fan HIT COMMAND:display power In CommentOutput: display power HIT COMMAND:display domain In CommentOutput: display domain HIT COMMAND:display local-user In CommentOutput: display local-user HIT COMMAND:display ssh server status In CommentOutput: display ssh server status HIT COMMAND:display ntp-service status In CommentOutput: display ntp-service status HIT COMMAND:display current-configuration In DisplayCurrent: display current-configuration sw-hp-hits-stack: clean_run=1 found_end=1 can anybody telle me where I'm wrong please ? Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Dec 6 18:22:34 2021 From: heas at shrubbery.net (heasley) Date: Mon, 6 Dec 2021 18:22:34 +0000 Subject: [rancid] h3crancid problem In-Reply-To: References: Message-ID: Mon, Dec 06, 2021 at 10:46:39AM +0100, BASSAGET C?dric: > Hello, > I have a problem when trying to rancid h3c switches : > > rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/rancid -d -t h3c > sw-hp-hits-stack > loadtype: device type h3c > loadtype: found device type h3c at > /usr/local/rancid/etc/rancid.types.base:595 > loadtype: found device type h3c aliased to h3crancid > loadtype: device type h3crancid > loadtype: found device type h3crancid at > /usr/local/rancid/etc/rancid.types.base:596 > executing h3clogin -t 90 -c"" sw-hp-hits-stack > sw-hp-hits-stack: missed cmd(s): all commands > sw-hp-hits-stack: End of run not found > sw-hp-hits-stack: clean_run is false > sw-hp-hits-stack: found_end is false > > > I don't understand why the "-c" parameter is empty. An error in your rancid.types.conf file, I presume. It should resemble the built-in alteon device type spec. Maybe try one of the other built-in device types that most closely resemble your device? > when running directly h3crancid it works fine : > rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/h3crancid -d > sw-hp-hits-stack -h > executing h3clogin -t 20 -c"display version;display startup;dir /all > /all-filesystems;display device;display fan;display power;display > domain;display local-user;display ssh server status;display ntp-service > status;display current-configuration" sw-hp-hits-stack > PROMPT MATCH: > HIT COMMAND:display version > In CommentOutput: display version > HIT COMMAND:display startup > In CommentOutput: display startup > HIT COMMAND:dir /all /all-filesystems > In CommentOutput: dir /all /all-filesystems > HIT COMMAND:display device > In CommentOutput: display device > HIT COMMAND:display fan > In CommentOutput: display fan > HIT COMMAND:display power > In CommentOutput: display power > HIT COMMAND:display domain > In CommentOutput: display domain > HIT COMMAND:display local-user > In CommentOutput: display local-user > HIT COMMAND:display ssh server status > In CommentOutput: display ssh server status > HIT COMMAND:display ntp-service status > In CommentOutput: display ntp-service status > HIT COMMAND:display current-configuration > In DisplayCurrent: display current-configuration > sw-hp-hits-stack: clean_run=1 found_end=1 > > > can anybody telle me where I'm wrong please ? From guy20034u at yahoo.com Tue Dec 7 05:34:27 2021 From: guy20034u at yahoo.com (simon ben) Date: Tue, 7 Dec 2021 05:34:27 +0000 (UTC) Subject: [rancid] Backup Fortygate 100D In-Reply-To: References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> Message-ID: <2020813373.3452336.1638855267372@mail.yahoo.com> Dear All, Btw appreciate and thanks for the reply from Heasley and UGO? As I mentioned below I am trying to backup my fortigate 1000D ( sorry for the typo mistake in my earlier email as 100D)?so to test before I edit the router.db and .cloginrc file i ran the below /usr/local/rancid/bin/fnlogin -t 90 -c "get system status" 172.16.xx.xx i see and does not connect 172.16.xx.xxspawn telnet -K 172.16.xx.xxTrying 172.16.xx.xx... Do I need to add the below commands in my .clogin.rc file like the same way i do cisco routers n switchesI do appreciate if can help me with syntax in my clogin.rc file? Thanks and Regards simon On Tuesday, November 30, 2021, 09:45:10 PM GMT+3, heasley wrote: Tue, Nov 30, 2021 at 06:16:58PM +0000, simon ben: > Dear All, > I am running Rancid in production environment and backing up Cisco Routers and Switches and its working greatPlan to backup FortygateI have 2 fortgates in active/active HA in our production data center > Can I go with the same steps as I do when I add another cisco switch or router or anything needs to be done either on rancid server side or the Fortygate sideAppreciate your kind advice. > Since this fortygate is in Production just want to be more cautious The device type used in your router.db be must be one of the following, assuming you have a recent version of rancid: # Fortinet Fortigate firewall # Normal or FULL (with defaults) configuration fortigate;script;rancid -t fortigate fortigate;login;fnlogin fortigate;timeout;90 fortigate;module;fortigate fortigate;inloop;fortigate::inloop fortigate;command;fortigate::GetSystem;get system status fortigate;command;fortigate::GetConf;show # fortigate-full;script;rancid -t fortigate-full fortigate-full;login;fnlogin fortigate-full;timeout;90 fortigate-full;module;fortigate fortigate-full;inloop;fortigate::inloop fortigate-full;command;fortigate::GetSystem;get system status fortigate-full;command;fortigate::GetConf;show full-configuration the user that rancid logs-in as on the fortigate must have the permission to run the commands above. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cedric.bassaget.ml at gmail.com Tue Dec 7 07:15:34 2021 From: cedric.bassaget.ml at gmail.com (=?UTF-8?Q?BASSAGET_C=C3=A9dric?=) Date: Tue, 7 Dec 2021 08:15:34 +0100 Subject: [rancid] h3crancid problem In-Reply-To: References: Message-ID: hi Heasley, I don't understand why you talk about alteon. tried to add that in rancid.types.conf # HP Comware h3c;alias;h3crancid h3crancid;script;rancid -t h3crancid h3crancid;login;h3clogin h3crancid;module;h3crancid h3crancid;inloop;h3crancid::inloop h3crancid;command;h3crancid::DisplayCurrent;display current-configuration but I get this error : loadtype: undefined function in h3crancid: h3crancid::DisplayCurrent Couldn't load device type spec for h3c what I don't understand is why it works correctly wen calling : PATH=$PATH:/usr/local/rancid/bin ./bin/h3crancid -d sw-hp-hits-stack -h I found this too : https://sites.google.com/site/jrbinks/code/rancid/cmwrancid but it's quite old (2015) Regards C?dric Regards Le lun. 6 d?c. 2021 ? 19:22, heasley a ?crit : > Mon, Dec 06, 2021 at 10:46:39AM +0100, BASSAGET C?dric: > > Hello, > > I have a problem when trying to rancid h3c switches : > > > > rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/rancid -d -t h3c > > sw-hp-hits-stack > > loadtype: device type h3c > > loadtype: found device type h3c at > > /usr/local/rancid/etc/rancid.types.base:595 > > loadtype: found device type h3c aliased to h3crancid > > loadtype: device type h3crancid > > loadtype: found device type h3crancid at > > /usr/local/rancid/etc/rancid.types.base:596 > > executing h3clogin -t 90 -c"" sw-hp-hits-stack > > sw-hp-hits-stack: missed cmd(s): all commands > > sw-hp-hits-stack: End of run not found > > sw-hp-hits-stack: clean_run is false > > sw-hp-hits-stack: found_end is false > > > > > > I don't understand why the "-c" parameter is empty. > > An error in your rancid.types.conf file, I presume. It should resemble > the built-in alteon device type spec. Maybe try one of the other built-in > device types that most closely resemble your device? > > > when running directly h3crancid it works fine : > > rancid at jersey:~$ PATH=$PATH:/usr/local/rancid/bin ./bin/h3crancid -d > > sw-hp-hits-stack -h > > executing h3clogin -t 20 -c"display version;display startup;dir /all > > /all-filesystems;display device;display fan;display power;display > > domain;display local-user;display ssh server status;display ntp-service > > status;display current-configuration" sw-hp-hits-stack > > PROMPT MATCH: > > HIT COMMAND:display version > > In CommentOutput: display version > > HIT COMMAND:display startup > > In CommentOutput: display startup > > HIT COMMAND:dir /all /all-filesystems > > In CommentOutput: dir /all /all-filesystems > > HIT COMMAND:display device > > In CommentOutput: display device > > HIT COMMAND:display fan > > In CommentOutput: display fan > > HIT COMMAND:display power > > In CommentOutput: display power > > HIT COMMAND:display domain > > In CommentOutput: display domain > > HIT COMMAND:display local-user > > In CommentOutput: display local-user > > HIT COMMAND:display ssh server status > > In CommentOutput: display ssh server status > > HIT COMMAND:display ntp-service status > > In CommentOutput: display ntp-service status > > HIT COMMAND:display current-configuration > > In DisplayCurrent: display current-configuration > > sw-hp-hits-stack: clean_run=1 found_end=1 > > > > > > can anybody telle me where I'm wrong please ? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Dec 7 15:45:00 2021 From: heas at shrubbery.net (heasley) Date: Tue, 7 Dec 2021 15:45:00 +0000 Subject: [rancid] Backup Fortygate 100D In-Reply-To: <2020813373.3452336.1638855267372@mail.yahoo.com> References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> <2020813373.3452336.1638855267372@mail.yahoo.com> Message-ID: Tue, Dec 07, 2021 at 05:34:27AM +0000, simon ben: > Dear All, > Btw appreciate and thanks for the reply from Heasley and UGO? > As I mentioned below I am trying to backup my fortigate 1000D ( sorry for the typo mistake in my earlier email as 100D)?so to test before I edit the router.db and .cloginrc file i ran the below > /usr/local/rancid/bin/fnlogin -t 90 -c "get system status" 172.16.xx.xx i see and does not connect > > 172.16.xx.xxspawn telnet -K 172.16.xx.xxTrying 172.16.xx.xx... That is unrelated to rancid. Maybe it only accepts ssh or it has a packet filter that is blocking you? For ssh to be tried first you might need to add to your cloginrc; 'add method {ssh}' fnlogin -m 172.16.xx.xx will show you which cloginrc lines are matching. > Do I need to add the below commands in my .clogin.rc file like the same way i do cisco routers n switchesI do appreciate if can help me with syntax in my clogin.rc file? Those configuration are in the rancid.conf.base of rancid 3.10 or newer. From heas at shrubbery.net Tue Dec 7 15:47:56 2021 From: heas at shrubbery.net (heasley) Date: Tue, 7 Dec 2021 15:47:56 +0000 Subject: [rancid] h3crancid problem In-Reply-To: References: Message-ID: Tue, Dec 07, 2021 at 08:15:34AM +0100, BASSAGET C?dric: > hi Heasley, > I don't understand why you talk about alteon. alteon is a rancid script that is not yet a perl module, like your h3crancid > tried to add that in rancid.types.conf > > # HP Comware h3c;alias;h3crancid h3crancid;script;rancid -t h3crancid h3crancid;script;h3crancid h3crancid;login;h3clogin From adam.korab at sixpackets.com Tue Dec 7 16:31:56 2021 From: adam.korab at sixpackets.com (Adam Korab) Date: Tue, 7 Dec 2021 16:31:56 +0000 Subject: [rancid] Backup Fortygate 100D In-Reply-To: References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> <2020813373.3452336.1638855267372@mail.yahoo.com> Message-ID: On 12/7/21, 9:45 AM, "Rancid-discuss on behalf of heasley" wrote: Tue, Dec 07, 2021 at 05:34:27AM +0000, simon ben: > Dear All, > Btw appreciate and thanks for the reply from Heasley and UGO > As I mentioned below I am trying to backup my fortigate 1000D ( sorry for the typo mistake in my earlier email as 100D) so to test before I edit the router.db and .cloginrc file i ran the below > /usr/local/rancid/bin/fnlogin -t 90 -c "get system status" 172.16.xx.xx i see and does not connect > > 172.16.xx.xxspawn telnet -K 172.16.xx.xxTrying 172.16.xx.xx... That is unrelated to rancid. Maybe it only accepts ssh or it has a packet filter that is blocking you? For ssh to be tried first you might need to add to your cloginrc; 'add method {ssh}' Correct. Fnlogin is trying telnet, which is disabled by default on FGT devices. Like heas suggests, try add method ssh in your .cloginrc. On the FortiGate, you can check for telnet most easily from the CLI: Example show command: fw01a # show system global config system global set admin-port 8080 set admin-server-cert "fw01a" set admin-sport 8443 set admin-telnet disable set admintimeout 120 set alias "FortiGate-VM64" set autorun-log-fsck enable set gui-ipv6 enable set hostname "fw01a" set timezone 08 end Note that in FortiOS, configuration defaults are not exposed with 'show' - you need to enter config mode and do 'show full-configuration' and you can grep to match: fw01a # config sys global fw01a (global) # show full-configuration config system global set admin-concurrent enable set admin-console-timeout 0 set admin-hsts-max-age 15552000 set admin-https-pki-required disable set admin-https-redirect enable set admin-https-ssl-versions tlsv1-1 tlsv1-2 tlsv1-3 set admin-lockout-duration 60 set admin-lockout-threshold 3 set admin-login-max 100 set admin-maintainer enable set admin-port 8080 set admin-restrict-local disable set admin-scp disable set admin-server-cert "fw01a " set admin-sport 8443 set admin-ssh-grace-time 120 set admin-ssh-password enable set admin-ssh-port 22 set admin-ssh-v1 disable set admin-telnet disable set admintimeout 120 set alias "FortiGate-VM64" set allow-traffic-redirect enable set anti-replay strict set arp-max-entry 131072 set auth-cert "Fortinet_Factory" set auth-http-port 1000 set auth-https-port 1003 set auth-keepalive disable set auth-session-limit block-new set auto-auth-extension-device enable set autorun-log-fsck enable set av-affinity "0" set av-failopen pass set av-failopen-session disable set batch-cmdb enable set block-session-timer 30 set br-fdb-max-entry 8192 set cert-chain-max 8 set cfg-save automatic set check-protocol-header loose set check-reset-range disable fw01a (global) # show full-configuration | grep telnet set admin-telnet disable This is FortiOS v6.4.7; YMMV. AK From guy20034u at yahoo.com Wed Dec 8 07:44:55 2021 From: guy20034u at yahoo.com (simon ben) Date: Wed, 8 Dec 2021 07:44:55 +0000 (UTC) Subject: [rancid] Backup Fortygate 1000D In-Reply-To: References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> <2020813373.3452336.1638855267372@mail.yahoo.com> Message-ID: <2107291112.3060295.1638949495543@mail.yahoo.com> Thanks Heasley, Ugo and Adam for your immediate response I really appreciateActually I am little confused and do apologize for the same. Its been working fine?also i used before clogin instead of fnlogin and was actually confused Actually I also had? the below in my .cloginrc file fortigate-full;script;rancid -t fortigate-fullfortigate-full;login;fnloginfortigate-full;timeout;90fortigate-full;module;fortigatefortigate-full;inloop;fortigate::inloopfortigate-full;command;fortigate::GetSystem;get system statusfortigate-full;command;fortigate::GetConf;show full-configuration Once again i m sorry for the bother and also being so silly thanks and Regards simon On Tuesday, December 7, 2021, 06:45:00 PM GMT+3, heasley wrote: Tue, Dec 07, 2021 at 05:34:27AM +0000, simon ben: >? Dear All, > Btw appreciate and thanks for the reply from Heasley and UGO? > As I mentioned below I am trying to backup my fortigate 1000D ( sorry for the typo mistake in my earlier email as 100D)?so to test before I edit the router.db and .cloginrc file i ran the below > /usr/local/rancid/bin/fnlogin -t 90 -c "get system status" 172.16.xx.xx i see and does not connect > > 172.16.xx.xxspawn telnet -K 172.16.xx.xxTrying 172.16.xx.xx... That is unrelated to rancid.? Maybe it only accepts ssh or it has a packet filter that is blocking you?? For ssh to be tried first you might need to add to your cloginrc; 'add method {ssh}' fnlogin -m 172.16.xx.xx will show you which cloginrc lines are matching. > Do I need to add the below commands in my .clogin.rc file like the same way i do cisco routers n switchesI do appreciate if can help me with syntax in my clogin.rc file? Those configuration are in the rancid.conf.base of rancid 3.10 or newer. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ak+rancid at mid.net Wed Dec 8 16:16:23 2021 From: ak+rancid at mid.net (Adam Korab) Date: Wed, 8 Dec 2021 10:16:23 -0600 Subject: [rancid] Backup Fortygate 1000D In-Reply-To: <2107291112.3060295.1638949495543@mail.yahoo.com> References: <1784901331.1817859.1638296218241.ref@mail.yahoo.com> <1784901331.1817859.1638296218241@mail.yahoo.com> <2020813373.3452336.1638855267372@mail.yahoo.com> <2107291112.3060295.1638949495543@mail.yahoo.com> Message-ID: simon ben wrote: > Thanks Heasley, Ugo and Adam for your immediate response I > really > appreciate Actually I am little confused and do apologize > for the same. > Its been working fine??also i used before clogin instead > of fnlogin and was actually confused > Actually I also had?? the below in my .cloginrc file First off, use fnlogin instead of clogin - the terminal environment/pagination/etc is different in FortiOS versus IOS, so that's why there's a different login script. That's the wrong stuff for .cloginrc. That goes into $PREFIX/etc/rancid.types.{base|conf} - and should be there by default, depending on your rancid version. Your .cloginrc should look somewhat like this for a FGT, assuming the hostname of said FGT is fw.foo.com: add user fw.foo.com admin add password fw.foo.com {somepassword} {null} add autoenable fw.foo.com 1 add method fw.foo.com ssh add identity fw.foo.com $env(HOME)/.ssh/id_rsa For that add identity line, this would be useful if you enable ssh key authentication for the admin user on the FGT. AK From guy20034u at yahoo.com Sun Dec 12 08:20:15 2021 From: guy20034u at yahoo.com (simon ben) Date: Sun, 12 Dec 2021 08:20:15 +0000 (UTC) Subject: [rancid] Frontend admin for Rancid References: <1642817397.104311.1639297215177.ref@mail.yahoo.com> Message-ID: <1642817397.104311.1639297215177@mail.yahoo.com> Dear All, Rancid is an excellent tool and and been working greatIs there any frontend admin for rancid through a browser? As my colleague is a novice in Linux and would like to add new devices to rancid I did google on the net .. there is one but probably very old Appreciate if anyone has tried or some like that can be of help Thanks and Regards simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From vom513 at gmail.com Wed Dec 15 14:31:24 2021 From: vom513 at gmail.com (vom513) Date: Wed, 15 Dec 2021 09:31:24 -0500 Subject: [rancid] Cisco IOS - "serial number" file changing in flash ? Message-ID: Hello, Apologies if this has been covered before. I did search, and didn?t seem to see this specific issue. I have a Cisco IOS AP (i.e. older standalone/autonomous). Every once in a while (I don?t see a time pattern here), RANCID sees a change of a file in flash. The file?s name is the PCB serial number of the AP: - !Flash: 8 -rwx 6 Dec 9 2021 17:19:40 -05:00 FOC12345LLK + !Flash: 8 -rwx 6 Dec 14 2021 05:31:51 -05:00 FOC12345LLK Is this a known issue ? Perhaps fixed in newer versions of RANCID (I?m running 3.9) ? Thanks for any insight. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Dec 15 16:37:42 2021 From: heas at shrubbery.net (heasley) Date: Wed, 15 Dec 2021 16:37:42 +0000 Subject: [rancid] Cisco IOS - "serial number" file changing in flash ? In-Reply-To: References: Message-ID: Wed, Dec 15, 2021 at 09:31:24AM -0500, vom513: > I have a Cisco IOS AP (i.e. older standalone/autonomous). Every once in a while (I don?t see a time pattern here), RANCID sees a change of a file in flash. > > The file?s name is the PCB serial number of the AP: > > - !Flash: 8 -rwx 6 Dec 9 2021 17:19:40 -05:00 FOC12345LLK > + !Flash: 8 -rwx 6 Dec 14 2021 05:31:51 -05:00 FOC12345LLK > > Is this a known issue ? Perhaps fixed in newer versions of RANCID (I?m running 3.9) ? I have an 891 w/ an embedded ap802; it does not do this. Maybe you have not told us enough, but rancid just reports what it receives. So, the file is changing. That could be a cisco bug (such as DE's debugging left in a production image) or a file that changes legitimately. I could not guess which, from the example. Can you view the contents of the file (more FOC12345LLK)? No debugging is emabled (show debug)? You're using device type 'ios'? From vom513 at gmail.com Wed Dec 15 20:12:55 2021 From: vom513 at gmail.com (vom513) Date: Wed, 15 Dec 2021 15:12:55 -0500 Subject: [rancid] Cisco IOS - "serial number" file changing in flash ? In-Reply-To: References: Message-ID: > > I have an 891 w/ an embedded ap802; it does not do this. Maybe you have not > told us enough, but rancid just reports what it receives. So, the file is > changing. That could be a cisco bug (such as DE's debugging left in a > production image) or a file that changes legitimately. I could not guess > which, from the example. > > Can you view the contents of the file (more FOC12345LLK)? No debugging is > emabled (show debug)? You're using device type 'ios?? Thanks for the reply. Here are the contents: 00000000: 0000148C 14A0XXXX XXXXXXXX XXXXXXXX .... . XX XXXX XXXX No debug is on. Yes - using ios device type. It?s not a huge deal as it?s not super often. Not the most elegant solution but I could probably hack that part of the flash / dir code and regex ignore this. Just figured someone else might have tripped over this. Also I might check to see if there is newer IOS. This is an older AP, so it might be at newest now. I might also post in Cisco?s community forum and ask what this file is. Thanks. From heas at shrubbery.net Wed Dec 15 21:22:24 2021 From: heas at shrubbery.net (heasley) Date: Wed, 15 Dec 2021 21:22:24 +0000 Subject: [rancid] Cisco IOS - "serial number" file changing in flash ? In-Reply-To: References:

Message-ID: Wed, Dec 15, 2021 at 03:12:55PM -0500, vom513: > > I have an 891 w/ an embedded ap802; it does not do this. Maybe you have not > > told us enough, but rancid just reports what it receives. So, the file is > > changing. That could be a cisco bug (such as DE's debugging left in a > > production image) or a file that changes legitimately. I could not guess > > which, from the example. > > > > Can you view the contents of the file (more FOC12345LLK)? No debugging is > > emabled (show debug)? You're using device type 'ios?? > > Thanks for the reply. > > Here are the contents: > > 00000000: 0000148C 14A0XXXX XXXXXXXX XXXXXXXX .... . XX XXXX XXXX > > No debug is on. Yes - using ios device type. > > It?s not a huge deal as it?s not super often. Not the most elegant solution but I could probably hack that part of the flash / dir code and regex ignore this. Just figured someone else might have tripped over this. > > Also I might check to see if there is newer IOS. This is an older AP, so it might be at newest now. I might also post in Cisco?s community forum and ask what this file is. OK. LMK how the bug or newer IOS research goes. if it is common, the code could be changed to automatically add the s/n to the list of time-stamp-filtered files. From troy at i2bnetworks.com Fri Dec 31 22:06:56 2021 From: troy at i2bnetworks.com (Troy Beisigl) Date: Fri, 31 Dec 2021 14:06:56 -0800 Subject: [rancid] Rancid and Mikrotik OS 7.1 stable Message-ID: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> Hello everyone, It looks like with the ?stable? release of version 7.1 for Mikrotik that rancid is no longer able to parse the config. Below is what the logs show. The commands that mtrancid runs all are valid and work. I suspect that they may have put some non-printable characters in the login screen that may be tripping this up, but has anyone else ran into this? Best, -Troy Trying to get all of the configs. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 1. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 2. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 3. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 4. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # -------------- next part -------------- An HTML attachment was scrubbed... URL: From c.o.hopkins at gmail.com Fri Dec 31 22:12:50 2021 From: c.o.hopkins at gmail.com (Craig Hopkins) Date: Fri, 31 Dec 2021 22:12:50 +0000 Subject: [rancid] Rancid and Mikrotik OS 7.1 stable In-Reply-To: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> References: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> Message-ID: Yeah, it's an annoying change. A workaround has been proposed - https://forum.mikrotik.com/viewtopic.php?p=885246#p885616 Cheers, Craig On Fri, 31 Dec 2021 at 22:07, Troy Beisigl wrote: > Hello everyone, > > It looks like with the ?stable? release of version 7.1 for Mikrotik that > rancid is no longer able to parse the config. Below is what the logs show. > The commands that mtrancid runs all are valid and work. I suspect that they > may have put some non-printable characters in the login screen that may be > tripping this up, but has anyone else ran into this? > > Best, > > -Troy > > Trying to get all of the configs. > xxxc-mikrotik: missed cmd(s): all commands > xxxc-mikrotik: End of run not found > # > ===================================== > Getting missed routers: round 1. > xxxc-mikrotik: missed cmd(s): all commands > xxxc-mikrotik: End of run not found > # > ===================================== > Getting missed routers: round 2. > xxxc-mikrotik: missed cmd(s): all commands > xxxc-mikrotik: End of run not found > # > ===================================== > Getting missed routers: round 3. > xxxc-mikrotik: missed cmd(s): all commands > xxxc-mikrotik: End of run not found > # > ===================================== > Getting missed routers: round 4. > xxxc-mikrotik: missed cmd(s): all commands > xxxc-mikrotik: End of run not found > # > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at www.shrubbery.net > https://www.shrubbery.net/mailman/listinfo/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From timoid at timoid.org Fri Dec 31 23:31:50 2021 From: timoid at timoid.org (Tim Warnock) Date: Fri, 31 Dec 2021 23:31:50 +0000 Subject: [rancid] Rancid and Mikrotik OS 7.1 stable In-Reply-To: References: <0DDFA941-9B1B-4921-863D-44BF217B2701@i2bnetworks.com> Message-ID: <3e983819b7854e9e87dc7e08a1907fd1@timoid.org> Is this no longer working on 7.1+? https://github.com/haussli/rancid/issues/31 -----Original Message----- From: Rancid-discuss On Behalf Of Craig Hopkins Sent: Saturday, 1 January 2022 8:13 AM To: Troy Beisigl Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Rancid and Mikrotik OS 7.1 stable Yeah, it's an annoying change. A workaround has been proposed - https://forum.mikrotik.com/viewtopic.php?p=885246#p885616 Cheers, Craig On Fri, 31 Dec 2021 at 22:07, Troy Beisigl > wrote: Hello everyone, It looks like with the ?stable? release of version 7.1 for Mikrotik that rancid is no longer able to parse the config. Below is what the logs show. The commands that mtrancid runs all are valid and work. I suspect that they may have put some non-printable characters in the login screen that may be tripping this up, but has anyone else ran into this? Best, -Troy Trying to get all of the configs. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 1. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 2. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 3. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # ===================================== Getting missed routers: round 4. xxxc-mikrotik: missed cmd(s): all commands xxxc-mikrotik: End of run not found # _______________________________________________ Rancid-discuss mailing list Rancid-discuss at www.shrubbery.net https://www.shrubbery.net/mailman/listinfo/rancid-discuss