[rancid] login script for PaloAlto PA850
heasley
heas at shrubbery.net
Fri Apr 7 20:00:29 UTC 2023
Thu, Apr 06, 2023 at 12:11:26PM +0000, Adam Thompson:
> Just a reminder that the "set" output cannot always be uploaded directly to a PA in a disaster scenario, only the XML can be used for that. You can try to paste in the "set" output through either the serial port or an SSH session once you have a network, but that is known to not always work 100% on all versions of PAN-OS. (The commands are not always generated in the correct order, and outright circular dependencies often exist.)
>
> OTOH, good luck having a human read and understand XML or JSON diffs, so you're kind of stuck between a rock and a hard place...
>
> We used to solve this by backing up the same config twice, once in each format. PITA but it worked.
There is probably a hack that can be used to collect both. the easiest
way would be a 'show config running' command that is slightly different
in its text, such as an additional argument. "show config running | no-more".
Is there such a thing?
Anything else will require changes to how rancid manages the command list,
so that it doesnt drop the duplicate.
More information about the Rancid-discuss
mailing list