From owner-rancid-discuss@shrubbery.net Mon Dec 3 17:39:54 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB3Hdsm25617 for ; Mon, 3 Dec 2001 17:39:54 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id fB3Hboj19746 for rancid-discuss-outgoing; Mon, 3 Dec 2001 17:37:50 GMT Received: from netservice.netcom.utah.edu (netservice.netcom.utah.edu [155.99.46.16]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id fB3Hbei19733; Mon, 3 Dec 2001 17:37:41 GMT X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: specify the router you want to diff on Date: Mon, 3 Dec 2001 10:36:27 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: specify the router you want to diff on Thread-Index: AcF0PfpfeZfCAvClQ5mrz+xGVyxNZgH4rCxA From: "Dave Packham" To: "Mark Cooper" , Cc: , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id fB3Hbgi19734 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Is it possible to run do-diffs on a specific router/switch instead of the whole group? We are using some homebrew scripts that watch the Cisco syslog output looking for user's login off from the routers, I want to be able to do a do-diffs for just this one router/switch and send the email to only that person that made the change. I can get the email addr of the person but it looks like I need to mod do-diffs to allow passing of a specific router from a specific group. Any thoughts? Dave Packham University of Utah Netcom Manager Network Engineering, Advanced Projects ISO Office member DSO   c. 718-7777@801 w. 585.6043@801 Dave.Packham@Utah.edu ICQ#:45818442 Current ICQ status: 45818442@pager.icq.com SMS: (Send an SMS message to my ICQ): +278314245818442 More ways to contact me: http://wwp.icq.com/45818442   http://www.netcom.utah.edu/network/engineering.html http://www.map.utah.edu/umaplink/0893.html   -----Original Message----- From: Mark Cooper [mailto:mcooper@blueyonder.co.uk] Sent: Friday, November 23, 2001 9:40 AM To: rancid-discuss@shrubbery.net Cc: rancid@shrubbery.net; asp@partan.com Subject: fix for special character handling I have run into a few problems with 'special' characters within router banners and/or prompts. The following diff against clogin should fix the banner containing expected prompt character and also any special characters in the prompt. 376c376,382 < -re "$p_prompt" { send "$userpswd\r" } --- > -re "$p_prompt" { send "$userpswd\r" > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -re "$u_prompt" { send "$user\r" } > "$prompt" { set in_proc 0; return 0 } > } > } 394d399 < "$prompt" { break; } 449c454,455 < regsub -all "\[)(]" $prompt {\\&} reprompt --- > regsub -all {\[} $prompt {\\&} reprompt > regsub -all {\]} $reprompt {\\&} reprompt The following diff against rancid should fix handling of special characters in the prompt. 1131c1131,1134 < if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } --- > if (!defined($prompt)) { > $prompt = ($_ =~ /^([^#]+#)/)[0]; > $prompt =~ s/([][])/\\$1/g; > } The following diff against blogin should fix problems with there being a banner on a nortel. 367c367,373 < -re "$p_prompt" { send "$userpswd\r" } --- > -re "$p_prompt" { send "$userpswd\r" > expect { > eof { send_user "\nError: Couldn't login\n"; wait; return 1 } > -re "$u_prompt" { send "$user\r" } > "$prompt" { set in_proc 0; return 0 } > } > } 385d390 < "$prompt" { break; } BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid patches installed. I obviously really need to provide these as full context diffs against 2.2b8....d'oh HTH Mark From owner-rancid-discuss@shrubbery.net Mon Dec 3 18:49:01 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB3In1m26257 for ; Mon, 3 Dec 2001 18:49:01 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id fB3Imia20272 for rancid-discuss-outgoing; Mon, 3 Dec 2001 18:48:44 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id fB3ImHo20264; Mon, 3 Dec 2001 18:48:18 GMT Date: Mon, 3 Dec 2001 10:48:17 -0800 From: john heasley To: Dave Packham Cc: Mark Cooper , rancid-discuss@shrubbery.net, rancid@shrubbery.net Subject: Re: specify the router you want to diff on Message-ID: <20011203104817.G19777@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from dave.packham@utah.edu on Mon, Dec 03, 2001 at 10:36:27AM -0700 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk control_rancid will also need to be modified. i'd suggest that a better way to acheive this would be; given username and router % cd /sometmpdir % touch router.lock % type = `grep ^fqdn /usr/local/rancid/*/router.db | awk -F: 'print $2'` % bin/rancid-fe fqdn: % diff -c /usr/local/rancid//configs/fqdn fqdn > fqdn.diff % ucbmail -s "diffs" username < fqdn.diff or something to that effect, with error detection. the point is, do it outside of rancid. this way the group still gets the diffs when the hourly (or however often you run) diffs are run. Mon, Dec 03, 2001 at 10:36:27AM -0700, Dave Packham: > Is it possible to run do-diffs on a specific router/switch instead of > the whole group? We are using some homebrew scripts that watch the > Cisco syslog output looking for user's login off from the routers, I > want to be able to do a do-diffs for just this one router/switch and > send the email to only that person that made the change. I can get the > email addr of the person but it looks like I need to mod do-diffs to > allow passing of a specific router from a specific group. Any thoughts? > > Dave Packham > University of Utah Netcom > Manager Network Engineering, > Advanced Projects > ISO Office member > DSO >   > c. 718-7777@801 > w. 585.6043@801 > Dave.Packham@Utah.edu > > ICQ#:45818442 > Current ICQ status: > > 45818442@pager.icq.com > SMS: (Send an SMS message to my ICQ): +278314245818442 > More ways to contact me: http://wwp.icq.com/45818442 >   > http://www.netcom.utah.edu/network/engineering.html > http://www.map.utah.edu/umaplink/0893.html > >   > > > -----Original Message----- > From: Mark Cooper [mailto:mcooper@blueyonder.co.uk] > Sent: Friday, November 23, 2001 9:40 AM > To: rancid-discuss@shrubbery.net > Cc: rancid@shrubbery.net; asp@partan.com > Subject: fix for special character handling > > I have run into a few problems with 'special' characters within router > banners and/or > prompts. > > The following diff against clogin should fix the banner containing > expected prompt > character > and also any special characters in the prompt. > > 376c376,382 > < -re "$p_prompt" { send "$userpswd\r" } > --- > > -re "$p_prompt" { send "$userpswd\r" > > expect { > > eof > { > send_user "\nError: Couldn't login\n"; wait; return 1 } > > -re "$u_prompt" > { send > "$user\r" } > > "$prompt" > { set > in_proc 0; return 0 } > > } > > } > 394d399 > < "$prompt" { break; } > 449c454,455 > < regsub -all "\[)(]" $prompt {\\&} reprompt > --- > > regsub -all {\[} $prompt {\\&} reprompt > > regsub -all {\]} $reprompt {\\&} reprompt > > > The following diff against rancid should fix handling of special > characters in the prompt. > > 1131c1131,1134 > < if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } > --- > > if (!defined($prompt)) { > > $prompt = ($_ =~ /^([^#]+#)/)[0]; > > $prompt =~ s/([][])/\\$1/g; > > } > > > The following diff against blogin should fix problems with there being a > banner on a > nortel. > > 367c367,373 > < -re "$p_prompt" { send "$userpswd\r" } > --- > > -re "$p_prompt" { send "$userpswd\r" > > expect { > > eof > { > send_user "\nError: Couldn't login\n"; wait; return 1 } > > -re "$u_prompt" > { send > "$user\r" } > > "$prompt" > { set > in_proc 0; return 0 } > > } > > } > 385d390 > < "$prompt" { break; } > > > BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid > patches installed. > I obviously > really need to provide these as full context diffs against 2.2b8....d'oh > > HTH > > Mark From owner-rancid-discuss@shrubbery.net Mon Dec 3 18:59:22 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB3IxMm26370 for ; Mon, 3 Dec 2001 18:59:22 GMT Received: from localhost (localhost [[UNIX: localhost]]) by guelah.shrubbery.net (8.11.4/8.11.1) id fB3IxO821428 for rancid-discuss-outgoing; Mon, 3 Dec 2001 18:59:24 GMT Received: from netservice.netcom.utah.edu (netservice.netcom.utah.edu [155.99.46.16]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id fB3IxGi21420; Mon, 3 Dec 2001 18:59:16 GMT X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: specify the router you want to diff on Date: Mon, 3 Dec 2001 11:58:08 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: specify the router you want to diff on Thread-Index: AcF8Ku9GinZOBj7qQI6HgsfuFbICLgAAP95g From: "Dave Packham" To: "john heasley" Cc: "Mark Cooper" , , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id fB3IxHi21421 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thanks for that start We are currently doing immediate diffs when the user makes the change and syslog notices the exit from config mode. That way the user that made the change and the managers know when and what the person just did. We don't do hourly/daily diffs. So some way to pass (do-diffs -r "some-router") and have that pass that info along to the control_rancid and allow control_rancid to do all its normal housekeeping would be the best way. Dave Packham University of Utah Netcom Manager Network Engineering, Advanced Projects ISO Office member DSO   c. 718-7777@801 w. 585.6043@801 Dave.Packham@Utah.edu ICQ#:45818442 Current ICQ status: 45818442@pager.icq.com SMS: (Send an SMS message to my ICQ): +278314245818442 More ways to contact me: http://wwp.icq.com/45818442   http://www.netcom.utah.edu/network/engineering.html http://www.map.utah.edu/umaplink/0893.html   -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Monday, December 03, 2001 11:48 AM To: Dave Packham Cc: Mark Cooper; rancid-discuss@shrubbery.net; rancid@shrubbery.net Subject: Re: specify the router you want to diff on control_rancid will also need to be modified. i'd suggest that a better way to acheive this would be; given username and router % cd /sometmpdir % touch router.lock % type = `grep ^fqdn /usr/local/rancid/*/router.db | awk -F: 'print $2'` % bin/rancid-fe fqdn: % diff -c /usr/local/rancid//configs/fqdn fqdn > fqdn.diff % ucbmail -s "diffs" username < fqdn.diff or something to that effect, with error detection. the point is, do it outside of rancid. this way the group still gets the diffs when the hourly (or however often you run) diffs are run. Mon, Dec 03, 2001 at 10:36:27AM -0700, Dave Packham: > Is it possible to run do-diffs on a specific router/switch instead of > the whole group? We are using some homebrew scripts that watch the > Cisco syslog output looking for user's login off from the routers, I > want to be able to do a do-diffs for just this one router/switch and > send the email to only that person that made the change. I can get the > email addr of the person but it looks like I need to mod do-diffs to > allow passing of a specific router from a specific group. Any thoughts? > > Dave Packham > University of Utah Netcom > Manager Network Engineering, > Advanced Projects > ISO Office member > DSO >   > c. 718-7777@801 > w. 585.6043@801 > Dave.Packham@Utah.edu > > ICQ#:45818442 > Current ICQ status: > > 45818442@pager.icq.com > SMS: (Send an SMS message to my ICQ): +278314245818442 > More ways to contact me: http://wwp.icq.com/45818442 >   > http://www.netcom.utah.edu/network/engineering.html > http://www.map.utah.edu/umaplink/0893.html > >   > > > -----Original Message----- > From: Mark Cooper [mailto:mcooper@blueyonder.co.uk] > Sent: Friday, November 23, 2001 9:40 AM > To: rancid-discuss@shrubbery.net > Cc: rancid@shrubbery.net; asp@partan.com > Subject: fix for special character handling > > I have run into a few problems with 'special' characters within router > banners and/or > prompts. > > The following diff against clogin should fix the banner containing > expected prompt > character > and also any special characters in the prompt. > > 376c376,382 > < -re "$p_prompt" { send "$userpswd\r" } > --- > > -re "$p_prompt" { send "$userpswd\r" > > expect { > > eof > { > send_user "\nError: Couldn't login\n"; wait; return 1 } > > -re "$u_prompt" > { send > "$user\r" } > > "$prompt" > { set > in_proc 0; return 0 } > > } > > } > 394d399 > < "$prompt" { break; } > 449c454,455 > < regsub -all "\[)(]" $prompt {\\&} reprompt > --- > > regsub -all {\[} $prompt {\\&} reprompt > > regsub -all {\]} $reprompt {\\&} reprompt > > > The following diff against rancid should fix handling of special > characters in the prompt. > > 1131c1131,1134 > < if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; } > --- > > if (!defined($prompt)) { > > $prompt = ($_ =~ /^([^#]+#)/)[0]; > > $prompt =~ s/([][])/\\$1/g; > > } > > > The following diff against blogin should fix problems with there being a > banner on a > nortel. > > 367c367,373 > < -re "$p_prompt" { send "$userpswd\r" } > --- > > -re "$p_prompt" { send "$userpswd\r" > > expect { > > eof > { > send_user "\nError: Couldn't login\n"; wait; return 1 } > > -re "$u_prompt" > { send > "$user\r" } > > "$prompt" > { set > in_proc 0; return 0 } > > } > > } > 385d390 > < "$prompt" { break; } > > > BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid > patches installed. > I obviously > really need to provide these as full context diffs against 2.2b8....d'oh > > HTH > > Mark From owner-rancid-discuss@shrubbery.net Mon Dec 3 19:20:25 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB3JKOm26631 for ; Mon, 3 Dec 2001 19:20:24 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id fB3JKRo21655 for rancid-discuss-outgoing; Mon, 3 Dec 2001 19:20:27 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.4/8.11.1) id fB3JKAB21645; Mon, 3 Dec 2001 19:20:10 GMT Date: Mon, 3 Dec 2001 11:20:10 -0800 From: john heasley To: Dave Packham Cc: john heasley , Mark Cooper , rancid-discuss@shrubbery.net, rancid@shrubbery.net Subject: Re: specify the router you want to diff on Message-ID: <20011203112010.B20281@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from dave.packham@utah.edu on Mon, Dec 03, 2001 at 11:58:08AM -0700 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham: > Thanks for that start > > We are currently doing immediate diffs when the user makes the change > and syslog notices the exit from config mode. That way the user that > made the change and the managers know when and what the person just did. > We don't do hourly/daily diffs. So some way to pass (do-diffs -r > "some-router") and have that pass that info along to the control_rancid > and allow control_rancid to do all its normal housekeeping would be the > best way. then you do not get diffs resulting from such things as reloads or crashes until someone makes a change. my book would mark that undesirable. From owner-rancid-discuss@shrubbery.net Mon Dec 3 19:21:39 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB3JLdm26637 for ; Mon, 3 Dec 2001 19:21:39 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id fB3JLjD21696 for rancid-discuss-outgoing; Mon, 3 Dec 2001 19:21:45 GMT Received: from netservice.netcom.utah.edu (netservice.netcom.utah.edu [155.99.46.16]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id fB3JLci21689; Mon, 3 Dec 2001 19:21:38 GMT X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Subject: RE: specify the router you want to diff on Date: Mon, 3 Dec 2001 12:20:30 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: specify the router you want to diff on Thread-Index: AcF8L2DLz8ec5at7R+Wn/2tXCKVMHAAADQDQ From: "Dave Packham" To: "john heasley" Cc: "Mark Cooper" , , Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by guelah.shrubbery.net id fB3JLci21690 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk No the syslogger follows that to. With router AAA access turned on and all logging sent to local sysloggers we get it all Dave Packham University of Utah Netcom Manager Network Engineering, Advanced Projects ISO Office member DSO   c. 718-7777@801 w. 585.6043@801 Dave.Packham@Utah.edu ICQ#:45818442 Current ICQ status: 45818442@pager.icq.com SMS: (Send an SMS message to my ICQ): +278314245818442 More ways to contact me: http://wwp.icq.com/45818442   http://www.netcom.utah.edu/network/engineering.html http://www.map.utah.edu/umaplink/0893.html   -----Original Message----- From: john heasley [mailto:heas@shrubbery.net] Sent: Monday, December 03, 2001 12:20 PM To: Dave Packham Cc: john heasley; Mark Cooper; rancid-discuss@shrubbery.net; rancid@shrubbery.net Subject: Re: specify the router you want to diff on Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham: > Thanks for that start > > We are currently doing immediate diffs when the user makes the change > and syslog notices the exit from config mode. That way the user that > made the change and the managers know when and what the person just did. > We don't do hourly/daily diffs. So some way to pass (do-diffs -r > "some-router") and have that pass that info along to the control_rancid > and allow control_rancid to do all its normal housekeeping would be the > best way. then you do not get diffs resulting from such things as reloads or crashes until someone makes a change. my book would mark that undesirable. From owner-rancid-discuss@shrubbery.net Tue Dec 4 02:08:16 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fB428Fm07839 for ; Tue, 4 Dec 2001 02:08:15 GMT Received: by guelah.shrubbery.net (8.11.4/8.11.1) id fB427of24441 for rancid-discuss-outgoing; Tue, 4 Dec 2001 02:07:50 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.4/8.11.1) with ESMTP id fB427ii24434; Tue, 4 Dec 2001 02:07:45 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id VAA27335; Mon, 3 Dec 2001 21:07:43 -0500 (EST) Date: Mon, 3 Dec 2001 21:07:43 -0500 From: Andrew Partan To: john heasley Cc: Dave Packham , Mark Cooper , rancid-discuss@shrubbery.net Subject: Re: specify the router you want to diff on Message-ID: <20011203210743.A22385@partan.com> References: <20011203112010.B20281@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20011203112010.B20281@shrubbery.net>; from heas@shrubbery.net on Mon, Dec 03, 2001 at 11:20:10AM -0800 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, Dec 03, 2001 at 11:20:10AM -0800, john heasley wrote: > Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham: > > We are currently doing immediate diffs when the user makes the change > > and syslog notices the exit from config mode. That way the user that > > made the change and the managers know when and what the person just did. > > We don't do hourly/daily diffs. So some way to pass (do-diffs -r > > "some-router") and have that pass that info along to the control_rancid > > and allow control_rancid to do all its normal housekeeping would be the > > best way. > > then you do not get diffs resulting from such things as reloads or crashes > until someone makes a change. my book would mark that undesirable. belt & suspenders. i'd do 2 setups - one for diffs when triggered (by syslog or what have you) and one run every hour. what if the router you triggered on was not reachable? or if your collection machine could not log into it? unless you have something periodic going, you could loose that change & never catch it. --asp From owner-rancid-discuss@shrubbery.net Mon Dec 17 13:49:33 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBHDnXk28998 for ; Mon, 17 Dec 2001 13:49:33 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id fBHDkT019013 for rancid-discuss-outgoing; Mon, 17 Dec 2001 13:46:29 GMT Received: from mail2.rogers.com (mail2.rogers.com [142.146.31.22]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBHDkQE19009 for ; Mon, 17 Dec 2001 13:46:26 GMT Received: from rssrgesnxd.rogers.com (rssrgesnxd [209.112.33.10]) by mail2.rogers.com (smapd 2.1) with ESMTP id JAA18924 for ; Mon, 17 Dec 2001 09:00:41 -0500 (EST) Received: from mail1.rogers.com ([142.146.31.21]) by rssrgesnxd.rogers.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id ZBGV6WRY; Mon, 17 Dec 2001 08:46:18 -0500 Received: from koenig.oss.cantel.rogers.com (rc36200.net.rss.rogers.com [209.112.36.200]) by mail1.rogers.com (8.10.2+Sun/8.10.2) with ESMTP id fBHDkVF27852 for ; Mon, 17 Dec 2001 08:46:31 -0500 (EST) Received: from gaea.oss.cantel.rogers.com ([10.64.31.51]) by koenig.oss.cantel.rogers.com (Netscape Messaging Server 3.6) with ESMTP id AAA439F for ; Mon, 17 Dec 2001 08:46:18 -0500 Received: from oss.cantel.rogers.com ([10.64.31.186]) by gaea.oss.cantel.rogers.com (Netscape Messaging Server 3.6) with ESMTP id AAA4E7B for ; Mon, 17 Dec 2001 08:46:18 -0500 Message-ID: <3C1DF729.CE744CC1@oss.cantel.rogers.com> Date: Mon, 17 Dec 2001 08:46:17 -0500 From: Pierre Belanger Organization: Rogers AT&T X-Mailer: Mozilla 4.78 [en] (X11; U; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Extreme "bug"? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I have been running RANCID 2.2b8 on Extreme switches since a week. All Extreme switches run the same OS version. RANCID uses telnet to log. Last Friday for some reason, I noticed the following error from one Extreme switch, from the log file: ... Trying to get all of the configs. /* SomeExtreme:\d+ ?#\s*(show version|show memory|show diagnostics|show switch|show slot|show configuration)\s*$/: ?+*{} follows nothing in regexp at /usr/local/rancid/bin/xrancid line 421, chunk 32. ... In the lastest saved configuration file, there was this single line entry: hostname% cat SomeExtreme #RANCID-CONTENT-TYPE: extreme hostname% On the next do-diffs, things came back normal. Does someone have a clue on what happened? Thank you, Pierre B. From owner-rancid-discuss@shrubbery.net Mon Dec 17 17:16:26 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBHHGQk03980 for ; Mon, 17 Dec 2001 17:16:26 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id fBHHFZb20204 for rancid-discuss-outgoing; Mon, 17 Dec 2001 17:15:35 GMT Received: (from heas@localhost) by guelah.shrubbery.net (8.11.6/8.11.1) id fBHHFVx20199; Mon, 17 Dec 2001 17:15:31 GMT Date: Mon, 17 Dec 2001 09:15:31 -0800 From: john heasley To: Pierre Belanger Cc: rancid-discuss@shrubbery.net Subject: Re: Extreme "bug"? Message-ID: <20011217091530.E19978@shrubbery.net> References: <3C1DF729.CE744CC1@oss.cantel.rogers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C1DF729.CE744CC1@oss.cantel.rogers.com>; from pbelang1@oss.cantel.rogers.com on Mon, Dec 17, 2001 at 08:46:17AM -0500 X-note: live free, or die! X-homer: mmmm, forbidden doughnut. Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Dec 17, 2001 at 08:46:17AM -0500, Pierre Belanger: > Hi, > > I have been running RANCID 2.2b8 on Extreme switches since a week. > All Extreme switches run the same OS version. RANCID uses telnet > to log. > > Last Friday for some reason, I noticed the following error from > one Extreme switch, from the log file: > > ... > Trying to get all of the configs. > /* SomeExtreme:\d+ ?#\s*(show version|show memory|show diagnostics|show > switch|show slot|show configuration)\s*$/: ?+*{} follows nothing in > regexp at /usr/local/rancid/bin/xrancid line 421, chunk 32. > ... > > In the lastest saved configuration file, there was this single > line entry: > > hostname% cat SomeExtreme > #RANCID-CONTENT-TYPE: extreme > hostname% > > On the next do-diffs, things came back normal. > > Does someone have a clue on what happened? it looks as if someone changed the configuration on the extreme and rancid went to do it's collection (most likely the collection and the change occured concurrently). when it grabbed the full prompt from the o/p, '*' is the leading character and /*/ is an illegal regexp since * is a range operator. in the Todo file that came with the distribution, you'll note that dealing with the * of non-saved configurations is an outstanding bug/todo. From owner-rancid-discuss@shrubbery.net Sun Dec 30 07:58:58 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBU7wvF12636 for ; Sun, 30 Dec 2001 07:58:57 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id fBU7tLk18572 for rancid-discuss-outgoing; Sun, 30 Dec 2001 07:55:21 GMT Received: from berkeley.ragingnet.com (dnai-216-15-40-244.cust.dnai.com [216.15.40.244]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBU7tIE18568 for ; Sun, 30 Dec 2001 07:55:18 GMT Received: from ragingnet.com ([172.27.1.14]) by berkeley.ragingnet.com with Microsoft SMTPSVC(5.0.2195.2966); Sat, 29 Dec 2001 23:55:12 -0800 Message-ID: <3C2EC6F2.8020706@ragingnet.com> Date: Sat, 29 Dec 2001 23:49:06 -0800 From: Romildo Wildgrube Reply-To: romi@ragingnet.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: SSH Authentication Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Dec 2001 07:55:12.0440 (UTC) FILETIME=[4F4E1380:01C19107] Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I have rancid running and collecting the configs without problems but I don't like the idea of having the cleartext password stored in the .cloginrc file. Is there another way to get the configs without having the clear text password? If so, how can it be inplemented? Any help will be much appreciated. Romi From owner-rancid-discuss@shrubbery.net Sun Dec 30 17:06:39 2001 Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBUH6dF24036 for ; Sun, 30 Dec 2001 17:06:39 GMT Received: by guelah.shrubbery.net (8.11.6/8.11.1) id fBUH4d521176 for rancid-discuss-outgoing; Sun, 30 Dec 2001 17:04:39 GMT Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (8.11.6/8.11.1) with ESMTP id fBUH4WE21172 for ; Sun, 30 Dec 2001 17:04:33 GMT Received: (from asp@localhost) by tower.partan.com (8.9.3/8.9.3) id MAA26206; Sun, 30 Dec 2001 12:04:21 -0500 (EST) Date: Sun, 30 Dec 2001 12:04:21 -0500 From: Andrew Partan To: Romildo Wildgrube Cc: rancid-discuss@shrubbery.net Subject: Re: SSH Authentication Message-ID: <20011230120421.A12623@partan.com> References: <3C2EC6F2.8020706@ragingnet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <3C2EC6F2.8020706@ragingnet.com>; from romi@ragingnet.com on Sat, Dec 29, 2001 at 11:49:06PM -0800 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Sat, Dec 29, 2001 at 11:49:06PM -0800, Romildo Wildgrube wrote: > I have rancid running and collecting the configs without problems but I > don't like the idea of having the cleartext password stored in the > .cloginrc file. Is there another way to get the configs without having > the clear text password? If so, how can it be inplemented? > Any help will be much appreciated. Junipers do this just fine - add your ssh keys to your user authentication. Then, if the ssh key itself does not need a password, you have pasword-less logins. [Juniper does this with a per-user ssh authorized_keys file.] As far as I know, no other router has the ability to have per user ssh authorized keys. So every other box requires a user & a password to log in - and that password has to be kept somewhere. We could keep the passwords in a person's head, but that is not useful for automated tools. We could keep them in an encrypted file, but then rancid would need to know the password to decrypt that file, so we are back to where we started - using a mode 600 file to keep the passwords in and relying on Unix security to protect these secrets. If anyone has thoughts on how to do this better, please let us know. So far I haven't thought of anything useful. Some folks have tried to set up their router configs so that the rancid user has read-only perms on the router (it can only run its commands & can't change anything). If folks have any configs to do this, we could add these notes to rancid. --asp