[rancid] login script for PaloAlto PA850
Adam Thompson
athompson at merlin.mb.ca
Mon Apr 17 18:24:07 UTC 2023
No, sadly you have to send a separate command to change formats:
set cli config-output-format
configure
show
exit
set cli config-output-format
configure
show
exit
Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
https://www.merlin.mb.ca
Chat with me on Teams
> -----Original Message-----
> From: heasley <heas at shrubbery.net>
> Sent: Friday, April 7, 2023 3:00 PM
> To: Adam Thompson <athompson at merlin.mb.ca>
> Cc: Chris <chris.weakland at gmail.com>; heasley <heas at shrubbery.net>;
> rancid-discuss at www.shrubbery.net
> Subject: Re: [rancid] login script for PaloAlto PA850
>
> Thu, Apr 06, 2023 at 12:11:26PM +0000, Adam Thompson:
> > Just a reminder that the "set" output cannot always be uploaded
> directly to a PA in a disaster scenario, only the XML can be used for
> that. You can try to paste in the "set" output through either the
> serial port or an SSH session once you have a network, but that is
> known to not always work 100% on all versions of PAN-OS. (The
> commands are not always generated in the correct order, and outright
> circular dependencies often exist.)
> >
> > OTOH, good luck having a human read and understand XML or JSON
> diffs, so you're kind of stuck between a rock and a hard place...
> >
> > We used to solve this by backing up the same config twice, once in
> each format. PITA but it worked.
>
> There is probably a hack that can be used to collect both. the
> easiest
> way would be a 'show config running' command that is slightly
> different
> in its text, such as an additional argument. "show config running |
> no-more".
>
> Is there such a thing?
>
> Anything else will require changes to how rancid manages the command
> list,
> so that it doesnt drop the duplicate.
More information about the Rancid-discuss
mailing list