From athompson at merlin.mb.ca Tue Sep 7 18:28:39 2021 From: athompson at merlin.mb.ca (Adam Thompson) Date: Tue, 7 Sep 2021 18:28:39 +0000 Subject: [rancid] Palo Alto XML backups - sort of solved Message-ID: I remember this being discussed several times here - Palo Alto's PANOS only emits JSON-formatted config when you run "show config running", which cannot be used to restore the device from scratch. You can (at least as of v9.x) convince "show config running" to emit XML, you need the "set cli op-command-xml-output on" command first, then "show config running". It's not very useful to humans, e.g. email diffs become utterly useless, but it IS usable for restoring a firewall from scratch. I documented this in slightly deeper detail at https://github.com/ytti/oxidized/issues/440#issuecomment-914517884 on the "other" project, don't feel like re-typing it all. Hopefully that helps someone... -Adam Adam Thompson Consultant, Infrastructure Services [1593169877849] 100 - 135 Innovation Drive Winnipeg, MB, R3T 6A8 (204) 977-6824 or 1-800-430-6404 (MB only) athompson at merlin.mb.ca www.merlin.mb.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Outlook-1593169877.png Type: image/png Size: 2687 bytes Desc: Outlook-1593169877.png URL: From heas at shrubbery.net Wed Sep 8 21:14:31 2021 From: heas at shrubbery.net (heasley) Date: Wed, 8 Sep 2021 21:14:31 +0000 Subject: [rancid] Palo Alto XML backups - sort of solved In-Reply-To: References: Message-ID: Tue, Sep 07, 2021 at 06:28:39PM +0000, Adam Thompson: > I remember this being discussed several times here - Palo Alto's PANOS only emits JSON-formatted config when you run "show config running", which cannot be used to restore the device from scratch. > > You can (at least as of v9.x) convince "show config running" to emit XML, you need the "set cli op-command-xml-output on" command first, then "show config running". > > It's not very useful to humans, e.g. email diffs become utterly useless, but it IS usable for restoring a firewall from scratch. > > I documented this in slightly deeper detail at https://github.com/ytti/oxidized/issues/440#issuecomment-914517884 on the "other" project, don't feel like re-typing it all. Hey, Thanks for the note. This could be done in rancid like this: diff --git a/etc/rancid.types.base b/etc/rancid.types.base index 30e90477..a55c61ed 100644 --- a/etc/rancid.types.base +++ b/etc/rancid.types.base @@ -777,6 +777,7 @@ paloalto;module;panos paloalto;inloop;panos::inloop paloalto;command;panos::ShowInfo;show system info paloalto;command;panos::ShowInventory;show chassis inventory +paloalto;command;rancid::RunCommand;set cli op-command-xml-output on paloalto;command;panos::ShowConfig;show config running # redback;script;rrancid Could also collect both. That will not maintain the password filtering that is normally done with the json output, though code could be added to do that. From linuxthreads at gmail.com Fri Sep 17 07:27:45 2021 From: linuxthreads at gmail.com (Linux Threads) Date: Fri, 17 Sep 2021 09:27:45 +0200 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: References: Message-ID: <66b30cb471d21ebaf09aedcf22b35c45c9fe4714.camel@gmail.com> Hi Rancid Users, please can you assist in prasing the following unwanted line "AV AI/ML Model:" - #AV AI/ML Model: 2.02458(2021-09-14 22:45) + #AV AI/ML Model: 2.02464(2021-09-16 20:45) the following does not work for me I am sure the / in AV AI/ML Model is the culprit next if (/AV AI/ML Model:/); Regards Juan From andreas at naund.org Fri Sep 17 18:39:35 2021 From: andreas at naund.org (Andreas Ott) Date: Fri, 17 Sep 2021 11:39:35 -0700 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: <66b30cb471d21ebaf09aedcf22b35c45c9fe4714.camel@gmail.com> References: <66b30cb471d21ebaf09aedcf22b35c45c9fe4714.camel@gmail.com> Message-ID: Hi, On Fri, Sep 17, 2021 at 12:28 AM Linux Threads wrote: > the following does not work for me I am sure the / in AV AI/ML Model is > the culprit > > next if (/AV AI/ML Model:/); > Correct, you need to escape quote the center slash in 'AI/ML' with a backslash as it is also used as the delimiter for the regex. Try this next if (/AV AI\/ML Model:/); -andreas -------------- next part -------------- An HTML attachment was scrubbed... URL: From Tim.McIntire at infinite.com Fri Sep 17 18:57:53 2021 From: Tim.McIntire at infinite.com (Tim McIntire) Date: Fri, 17 Sep 2021 18:57:53 +0000 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: References: <66b30cb471d21ebaf09aedcf22b35c45c9fe4714.camel@gmail.com> Message-ID: I have this problem also,, but don?t know where to make the update. Thanks? Tim From: Rancid-discuss [mailto:rancid-discuss-bounces at www.shrubbery.net] On Behalf Of Andreas Ott Sent: Friday, September 17, 2021 1:40 PM To: linuxthreads at gmail.com Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Excluding config lines in Rancid Hi, On Fri, Sep 17, 2021 at 12:28 AM Linux Threads > wrote: the following does not work for me I am sure the / in AV AI/ML Model is the culprit next if (/AV AI/ML Model:/); Correct, you need to escape quote the center slash in 'AI/ML' with a backslash as it is also used as the delimiter for the regex. Try this next if (/AV AI\/ML Model:/); -andreas -------------- next part -------------- An HTML attachment was scrubbed... URL: From linuxthreads at gmail.com Sat Sep 18 22:51:20 2021 From: linuxthreads at gmail.com (Linux Threads) Date: Sun, 19 Sep 2021 00:51:20 +0200 Subject: [rancid] Excluding config lines in Rancid In-Reply-To: References: <66b30cb471d21ebaf09aedcf22b35c45c9fe4714.camel@gmail.com> Message-ID: <605b4600939578f06931b15e7d045c8cb573d430.camel@gmail.com> Hi Rancid Users, Thank you Andreas! that did the trick, Tim I am running rancid 3.13, I did edit # fortigate.pm - Fortigate rancid procedures under: if ($filter_osc >= 2) { ... ... ... ... ... ... next if (/^\s*Virus-DB: .*/); next if (/AV AI\/ML Model: .*/); Regards Juan On Fri, 2021-09-17 at 18:57 +0000, Tim McIntire wrote: > I have this problem also,, but don?t know where to make the update. > > Thanks? > > Tim > > From: Rancid-discuss [mailto:rancid-discuss-bounces at www.shrubbery.net > ] On Behalf Of Andreas Ott > Sent: Friday, September 17, 2021 1:40 PM > To: linuxthreads at gmail.com > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Excluding config lines in Rancid > > Hi, > > > On Fri, Sep 17, 2021 at 12:28 AM Linux Threads < > linuxthreads at gmail.com> wrote: > > the following does not work for me I am sure the / in AV AI/ML > > Model is > > the culprit > > > > next if (/AV AI/ML Model:/); > > > Correct, you need to escape quote the center slash in 'AI/ML' with a > backslash as it is also used as the delimiter for the regex. Try this > > next if (/AV AI\/ML Model:/); > > -andreas From guy20034u at yahoo.com Tue Sep 28 06:58:33 2021 From: guy20034u at yahoo.com (simon ben) Date: Tue, 28 Sep 2021 06:58:33 +0000 (UTC) Subject: [rancid] Restore config on cisco devices References: <616421999.1285977.1632812313955.ref@mail.yahoo.com> Message-ID: <616421999.1285977.1632812313955@mail.yahoo.com> Dear All, I have rancid running and also installed viewvc and all working great and backing up switches and routersNow I just had one query about restoring the backed up config if there is a router or switch failure and is replaced with a new same model router or switch can I follow the below steps for restore 1)? connect the switch to console2) login to new switch3) copy and paste the config from the rancid backup write the config and reboot Is that OK or is there any other way to restore ,? I would really appreciate your kind help Thanks and regards simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From guy20034u at yahoo.com Tue Sep 28 06:58:33 2021 From: guy20034u at yahoo.com (simon ben) Date: Tue, 28 Sep 2021 06:58:33 +0000 (UTC) Subject: [rancid] Restore config on cisco devices References: <616421999.1285977.1632812313955.ref@mail.yahoo.com> Message-ID: <616421999.1285977.1632812313955@mail.yahoo.com> Dear All, I have rancid running and also installed viewvc and all working great and backing up switches and routersNow I just had one query about restoring the backed up config if there is a router or switch failure and is replaced with a new same model router or switch can I follow the below steps for restore 1)? connect the switch to console2) login to new switch3) copy and paste the config from the rancid backup write the config and reboot Is that OK or is there any other way to restore ,? I would really appreciate your kind help Thanks and regards simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Sep 28 16:42:34 2021 From: heas at shrubbery.net (heasley) Date: Tue, 28 Sep 2021 16:42:34 +0000 Subject: [rancid] Restore config on cisco devices In-Reply-To: <616421999.1285977.1632812313955@mail.yahoo.com> References: <616421999.1285977.1632812313955.ref@mail.yahoo.com> <616421999.1285977.1632812313955@mail.yahoo.com> Message-ID: Tue, Sep 28, 2021 at 06:58:33AM +0000, simon ben: > Dear All, > I have rancid running and also installed viewvc and all working great and backing up switches and routersNow I just had one query about restoring the backed up config > if there is a router or switch failure and is replaced with a new same model router or switch can I follow the below steps for restore > 1)? connect the switch to console2) login to new switch3) copy and paste the config from the rancid backup > write the config and reboot > Is that OK or is there any other way to restore ,? Yes, in general this works. If you have configured rancid to filter passwords or other configuration contents, then those must be restored separately. And, there are a few devices that simply have bugs (imo) that do not permit the configuration they display to be loaded in their entirety; ISTR procurve being one. Another way to restore the config, instead of cut/paste, is to apply the minimal config to the device for network connectivity, then use http/rcp/ftp/tftp to load the config. Not all devices support this. From guy20034u at yahoo.com Thu Sep 30 05:53:51 2021 From: guy20034u at yahoo.com (simon ben) Date: Thu, 30 Sep 2021 05:53:51 +0000 (UTC) Subject: [rancid] Restore config on cisco devices In-Reply-To: References: <616421999.1285977.1632812313955.ref@mail.yahoo.com> <616421999.1285977.1632812313955@mail.yahoo.com> Message-ID: <782567046.292868.1632981231414@mail.yahoo.com> Dear Heasley? Thanks for your quick reply.? just wanted to know regarding the alternate way mentioned by you after doing a minimum config for the cisco switch or router for network connectivity as guess it would be a better option Is it possible to restore the config from viewvc screen from the browser as I dont see any option neither no option to down and save it as a file on my local desktop pc appreciate your advice and help if the restore could be done from viewvc screen or if any tool is available with viewvc to achieve this Thanks and Regards simon On Tuesday, September 28, 2021, 07:42:35 PM GMT+3, heasley wrote: Tue, Sep 28, 2021 at 06:58:33AM +0000, simon ben: > Dear All, > I have rancid running and also installed viewvc and all working great and backing up switches and routersNow I just had one query about restoring the backed up config > if there is a router or switch failure and is replaced with a new same model router or switch can I follow the below steps for restore > 1)? connect the switch to console2) login to new switch3) copy and paste the config from the rancid backup > write the config and reboot > Is that OK or is there any other way to restore ,? Yes, in general this works.? If you have configured rancid to filter passwords or other configuration contents, then those must be restored separately.? And, there are a few devices that simply have bugs (imo) that do not permit the configuration they display to be loaded in their entirety; ISTR procurve being one. Another way to restore the config, instead of cut/paste, is to apply the minimal config to the device for network connectivity, then use http/rcp/ftp/tftp to load the config.? Not all devices support this. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Sep 30 20:07:36 2021 From: heas at shrubbery.net (heasley) Date: Thu, 30 Sep 2021 20:07:36 +0000 Subject: [rancid] Restore config on cisco devices In-Reply-To: <782567046.292868.1632981231414@mail.yahoo.com> References: <616421999.1285977.1632812313955.ref@mail.yahoo.com> <616421999.1285977.1632812313955@mail.yahoo.com> <782567046.292868.1632981231414@mail.yahoo.com> Message-ID: Thu, Sep 30, 2021 at 05:53:51AM +0000, simon ben: > just wanted to know regarding the alternate way mentioned by you after doing a minimum config for the cisco switch or router for network connectivity as guess it would be a better option > Is it possible to restore the config from viewvc screen from the browser as I dont see any option neither no option to down and save it as a file on my local desktop pc No, viewvc is only a CVS repository viewer. > appreciate your advice and help if the restore could be done from viewvc screen or if any tool is available with viewvc to achieve this Each device family may require its own procedure to restore a config, possibly manual cut/paste. One could automate it with expect talking to the console, but I have not done this.