From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 2 12:30:27 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4656FC67EB for ; Fri, 2 Jan 2004 12:30:27 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9C92917CFCE; Fri, 2 Jan 2004 12:30:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7EC6417CFD0; Fri, 2 Jan 2004 12:30:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id CB37217CFCE for ; Fri, 2 Jan 2004 12:30:23 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 2 Jan 2004 14:29:50 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: clogin with CatOS + autoenable Date: Fri, 2 Jan 2004 14:29:26 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: clogin with CatOS + autoenable Thread-Index: AcPRLC6+bFrG0UbTQSaXyoE1nbddEg== From: "Yuval Ben-Ari" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, Been using rancid with CatOS that required login password and then manually enable with enable password, it was working fine. We changed the CatOS switch (5500) to use aaa server which enters user directly to enable mode and the clogin seems to be unable to deal with that: $clogin cat55 spawn telnet cat55 Cisco Systems Console Username: rancid Password: cat55-u-b> (enable) Error: TIMEOUT reached $ the login succeeds but seems the clogin will not recognize the enable prompt and expecting the # sign. the .cloginrc config is: add user cat55 rancid add password cat55 {rancidpassword} add autoenable cat55 1 before I go hacking the clogin, is this really not supported or am I missing something ? Thanks Yuval From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 2 16:24:07 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0EF7AC67E8 for ; Fri, 2 Jan 2004 16:24:07 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 65AC417CFCE; Fri, 2 Jan 2004 16:24:06 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 4760917CFD0; Fri, 2 Jan 2004 16:24:06 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id A2CC717CFCF; Fri, 2 Jan 2004 16:24:05 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mailrelay.todo.de (mailrelay.todo.de [62.169.0.10]) by guelah.shrubbery.net (Postfix) with ESMTP id C4A7217CFD0 for ; Fri, 2 Jan 2004 14:26:02 +0000 (UTC) Received: from hendrix.code.de (pD9E0F46D.dip.t-dialin.net [217.224.244.109]) by mailrelay.todo.de (8.12.9p2/8.12.9) with ESMTP id i02EPtbl054696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 2 Jan 2004 15:25:56 +0100 (CET) (envelope-from erik@code.de) From: erik@code.de Received: by hendrix.code.de (Postfix, from userid 1000) id 687A8C005; Fri, 2 Jan 2004 15:17:36 +0100 (CET) Date: Mon, 22 Dec 2003 18:20:45 +0100 To: rancid-discuss@shrubbery.net Subject: integration of security enhancement patch Message-ID: <20031222172045.GA17908@hendrix.code.de> Mail-Followup-To: rancid-discuss@shrubbery.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi List, I red a mail from Janos Mohacsi[1] about a more secure way of getting config files, he wrote 1 1/2 years ago. His patch is 62139 Bytes long mainly to introduce a new mrancid.in with autoconf and so on. An integration of the patch he was sending is not nessesary, if the author/community decides to change a single command in two lines of bin/rancid.in. Is there a reason why the running-config of a cisco is gathered by rancid? If not, is there any reason not to change that command to "show config" which is taking the startup-config? This change is needed to enable the great feature, of getting configs from a cisco without granting "privilege 15" access to a cisco device. I just want to throw that request to the list for discussion. [1] http://www.shrubbery.net/rancid/maillist/rancid-discuss.200206.txt -- erik@code.de "I am not a Geek! I shower." From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 2 16:28:01 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 96E56C67E8 for ; Fri, 2 Jan 2004 16:28:01 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id DCCDF17CFD0; Fri, 2 Jan 2004 16:27:58 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BE77F17D07D; Fri, 2 Jan 2004 16:27:58 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id D183317D07C; Fri, 2 Jan 2004 16:27:57 +0000 (UTC) Date: Fri, 2 Jan 2004 08:27:57 -0800 From: john heasley To: Yuval Ben-Ari Cc: rancid-discuss@shrubbery.net Subject: Re: clogin with CatOS + autoenable Message-ID: <20040102162757.GF29302@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, Jan 02, 2004 at 02:29:26PM +0200, Yuval Ben-Ari: > Hi, > > Been using rancid with CatOS that required login password and then > manually enable with enable password, it was working fine. > We changed the CatOS switch (5500) to use aaa server which enters user > directly to enable mode and the clogin seems to be unable to deal with > that: > > $clogin cat55 > spawn telnet cat55 > > Cisco Systems Console > > Username: rancid > > Password: > cat55-u-b> (enable) > Error: TIMEOUT reached > $ > > > the login succeeds but seems the clogin will not recognize the enable > prompt and expecting the # sign. > > the .cloginrc config is: > > add user cat55 rancid > add password cat55 {rancidpassword} > add autoenable cat55 1 > > before I go hacking the clogin, is this really not supported or am I > missing something ? this (clogin + autoenable + catos) does not work properly, ATM. I have a patch for the next release, but nothing to test it on. please contact me directly if you're willing to debug with me or provide access to one remotely. From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 3 18:50:56 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4E735C67A8 for ; Sat, 3 Jan 2004 18:50:56 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 8E2F317CFCE; Sat, 3 Jan 2004 18:50:55 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 6AAC417CFD0; Sat, 3 Jan 2004 18:50:55 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id B61B917CFCF; Sat, 3 Jan 2004 18:50:54 +0000 (UTC) X-Original-To: rancid-discuss@guelah.shrubbery.net Received: from msgsf.sf1.corp.dealtime.com (h-64-95-118-32.epinions.com [64.95.118.32]) by guelah.shrubbery.net (Postfix) with ESMTP id 37D7717CFCF for ; Sat, 3 Jan 2004 18:27:50 +0000 (UTC) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message Subject: Cisco CSS rancid script... MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Sat, 3 Jan 2004 10:27:43 -0800 Message-ID: <0F8C9793B7D3D74CAAA29BAFD3C704D4379D71@msgsf.sf1.corp.dealtime.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Cisco CSS rancid script... Thread-Index: AcPSJ0RGLSIpyqvxTg+ybK1tJfq/iA== From: "Wedge Martin" To: , Cc: , Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I call this 'cssrancid' and use the vendor type of 'css' to differentiate it. It's a total hack on the standard rancid script, but it has all the functional differences, including one that was super hard to track down... The user profile, when the term length is changed to 65535 ( css handles term len 0 stupidly and gives you a term len of 24 ) it prompts you when you log out to commit or discard user profile changes, screwing up the session by hanging indefinitely... so the trick is to copy the profile to user-profile; i found this _buried_ in cisco documentation.. goofy voodoo.. but it works. i threw in a couple of other little hacks to make this functional, and it's working nicely.. feel free to put this in the next distribution... i'll clean it up a bit too and send you any changes i make. #!/bin/perl ## ## ## Copyright (C) 1997-2001 by Henry Kilmer. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed without ## fee for non-commerical purposes provided that this copyright notice is ## preserved intact on all copies and modified copies. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-d] [-l] [-f filename | $host] # use Getopt::Std; getopts('dflm'); $log =3D $opt_l; $debug =3D $opt_d; $debug =3D "true"; $file =3D $opt_f; $host =3D $ARGV[0]; $clean_run =3D 0; $found_end =3D 0; $timeo =3D 90; # clogin timeout in seconds my(%filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string,@string)=3D(@_); if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} =3D "$history{$command_string}@string"; } else { $history{$command_string} =3D "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} =3D "@string"; } else { print "@string"; } $hist_tag =3D $new_hist_tag; $command =3D $new_command; 1; } sub numerically { $a <=3D> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines)=3D@_; local($i) =3D 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] =3D $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines)=3D@_; local($i) =3D 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] =3D $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines)=3D@_; local($i) =3D 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] =3D $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines)=3D@_; local($i) =3D 0; local(@sorted_lines); foreach $num (sort {$a <=3D> $b} keys %lines) { $sorted_lines[$i] =3D $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines)=3D@_; local($i) =3D 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] =3D $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) =3D ($_[0] =3D~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); } sub sortbyipaddr { &ipaddrval($a) <=3D> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); while () { tr/\015//d; study; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); if (/^Slave in slot (\d+) is running/) { $slave =3D " Slave:"; next; } /^Cisco Secure PIX /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $1, $2\n") && next; /^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ && ProcessHistory("COMMENTS","keysort","F2", "!Image:$slave $1 Synced to mainline version: $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; /^ROM: (System )?Bootstrap.*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G1", "!ROM Bootstrap: $2\n") && next; if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) { ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1 - a PIX\n"); ProcessHistory("COMMENTS","keysort","A2", "!CPU: $3\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory: $2\n"); } /^Serial Number:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; /^Activation Key:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^ROM: \d+ Bootstrap .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G2", "!ROM Image: Bootstrap $1\n!\n") && next; /^ROM: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G3","!ROM Image: $1\n") && next; /^BOOTFLASH: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTFLASH: $1\n") && next; /^BOOTLDR: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTLDR: $1\n") && next; /^System image file is "([^\"]*)", booted via (\S*)/ && ProcessHistory("COMMENTS","keysort","F4","!Image: booted $1\n") && next; /^System image file is "([^\"]*)"$/ && ProcessHistory("COMMENTS","keysort","F5","!Image: $1\n") && next; if (/(\S+)\s+\((\S+)\)\s+processor.*with (\S+[kK]) bytes/) { my($proc) =3D $1; my($cpu) =3D $2; my($mem) =3D $3; my($device) =3D "router"; $type =3D "CSS"; print STDERR "TYPE =3D $type\n" if ($debug); ProcessHistory("COMMENTS","keysort","A1", "!Chassis type:$slave $proc - a $type $device\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory:$slave main $mem\n"); ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu\n"); next; } if (/(\S+) Silicon\s*Switch Processor/) { if (!defined($C0)) { $C0=3D1; = ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C2","!SSP: $1\n"); $ssp =3D 1; $sspmem =3D $1; next; } /^(\d+[kK]) bytes of multibus/ && ProcessHistory("COMMENTS","keysort","B2", "!Memory: multibus $1\n") && next; /^(\d+[kK]) bytes of non-volatile/ && ProcessHistory("COMMENTS","keysort","B3", "!Memory: nvram $1\n") && next; /^(\d+[kK]) bytes of flash memory/ && ProcessHistory("COMMENTS","keysort","B5","!Memory: flash $1\n") && next; /^(\d+[kK]) bytes of .*flash partition/ && ProcessHistory("COMMENTS","keysort","B6", "!Memory: flash partition $1\n") && next; /^(\d+[kK]) bytes of Flash internal/ && ProcessHistory("COMMENTS","keysort","B4", "!Memory: bootflash $1\n") && next; if(/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i) { ProcessHistory("COMMENTS","keysort","B7", "!Memory: pcmcia $2 $3$4 $1\n"); next; } if(/^WARNING/) { if (!defined($I0)) { $I0=3D1; ProcessHistory("COMMENTS","keysort","I0","!\n"); } ProcessHistory("COMMENTS","keysort","I1","! $_"); # The line after the WARNING is what to do about it. $_ =3D ; tr/\015//d; ProcessHistory("COMMENTS","keysort","I1","! $_"); } if (/^Configuration register is (.*)$/) { $config_register=3D$1; next; } } return(0); } # Dummy routine to set term length.... sub TermLength { # Dummy subroutine.. need to set term length differently for CSS # boxes as term length 0 doesnt work correctly. POS. return(0); } # Dummy routine to copy profile... sub CopyProfile { ## Because the term length gets changed twice, the stupid ## box will ask you to save or discard changes. This prompt ## of couse breaks the interaction... strangely enough tho ## in a failover environment, only the secondary behaves this ## way.. the primary lets you log out and does not complain. return(0); } # This routine parses "show boot" sub ShowBoot { # Pick up boot variables if 7000/7200/7500/12000/2900/3500; # otherwise pick up bootflash. print STDERR " In ShowBoot: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(-1) if (/command authorization failed/i); return(1) if /Ambiguous command/i; # return(1) if /(Invalid input detected|Type help or )/; return(1) if /(Open device \S+ failed|Error opening \S+:)/; next if /CONFGEN variable/; if (!defined($H0)) { $H0=3D1; ProcessHistory("COMMENTS","keysort","H0","!\n"); } if ($type !~ /^(12[04]|7)/) { if ($type !~ /^(29|35)00/) { ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_"); } else { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } elsif (/variable/) { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine processes a "show run" sub ShowRun { print STDERR " In ShowRun: $_" if ($debug); my($lineauto) =3D 0; while () { tr/\015//d; study; last if(/^$prompt/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked $lineauto =3D 0 if (/^[^ ]/); # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { next if (/^Current configuration\s*:/i); next if (/^:/); next if (/^([%!].*|\s*)$/); next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S last; } if (defined($config_register)) { ProcessHistory("","","","!\nconfig-register $config_register\n"); } tr/\015//d; } # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; ## CSS specific.... /Generated on/ && next; # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines $lineauto =3D 1 if /^ modem auto/; /^ speed / && $lineauto && next; # kill speed on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable )?(password|passwd) / && $filter_pwds >=3D 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); next; } if (/^(enable secret) / && $filter_pwds >=3D 2) { ProcessHistory("ENABLE","","","!$1 \n"); next; } if (/^username (\S+)(\s.*)? secret /) { if ($filter_pwds >=3D 2) { ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds =3D=3D 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } elsif ($filter_pwds =3D=3D 1 && $4 ne "5"){ ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^(\s*)password / && $filter_pwds >=3D 1) { ProcessHistory("LINE-PASS","","","!$1password \n"); next; } if (/^\s*neighbor (\S*) password / && $filter_pwds >=3D 1) { ProcessHistory("","","","! neighbor $1 password \n"); next; } if (/^(ppp .* password) 7 .*/ && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^(ip ftp password) / && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 \n"); next; } # isis passwords appear to be completely plain-text if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >=3D 1) { ProcessHistory("","","","!isis password $2\n"); next; } if (/^\s+(domain-password|area-password) (\S+)( .*)?/ && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 $2\n"); next; } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds = >=3D 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 $'"); next; } # i am told these are plain-text on the PIX if (/^(vpdn username \S+ password)/ && $filter_pwds >=3D 1) { ProcessHistory("","","","!$1 \n"); next; } /fair-queue individual-limit/ && next; # sort ip explicit-paths. if (/^ip explicit-path name (\S+)/) { my($key) =3D $1; my($expath) =3D $_; while () { tr/\015//d; last if (/^$prompt/); last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); if (/^ip explicit-path name (\S+)/) { ProcessHistory("EXPATH","keysort","$key","$expath"); $key =3D $1; $expath =3D $_; } else { $expath .=3D $_; } } ProcessHistory("EXPATH","keysort","$key","$expath"); } # sort route-maps if (/^route-map (\S+)/) { my($key) =3D $1; my($routemap) =3D $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { =20 ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key =3D $1; $routemap =3D $_; } else { $routemap .=3D $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; # order arp lists /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && ProcessHistory("ARP","ipsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # order logging statements /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order/prune snmp-server host statements # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if (defined($ENV{'NOCOMMSTR'})) { my($ip) =3D $1; my($line) =3D "snmp-server host $ip"; my(@tokens) =3D split(' ', $'); my($token); while ($token =3D shift(@tokens)) { if ($token eq 'version') { $line .=3D " " . join(' ', ($token, shift(@tokens))); } elsif ($token =3D~ = /^(informs?|traps?|(no)?auth)$/) { $line .=3D " " . $token; } else { $line =3D "!$line " . join(' ', ("", join(' ',@tokens))); last; } } =20 ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } if (/^(snmp-server community) (\S+)/) { if (defined($ENV{'NOCOMMSTR'})) { ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # order/prune tacacs/radius server statements if (/^(tacacs-server|radius-server) key / && $filter_pwds >=3D = 1) { ProcessHistory("","","","!$1 key \n"); next; } # order clns host statements /^clns host \S+ (\S+)/ && ProcessHistory("CLNS","keysort","$1","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password - this md5 is a reversable too if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >=3D 1) = { ProcessHistory("","","","!$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey =3D sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host line statements /^ip host line(\d+)/ && ProcessHistory("IPHOST","numsort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order atm map-list statements /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # system controller /^syscon address (\S*) (\S*)/ && ProcessHistory("","","","!syscon address $1 \n") && next; if (/^syscon password (\S*)/ && $filter_pwds >=3D 1) { ProcessHistory("","","","!syscon password \n"); next; } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. the ": " game is for the PIX if (/^(: +)?end$/ || /CSS.*#/ || /$prompt/ ) { $found_end =3D 1; return(1); } } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=3D( 'term length 65535' =3D> "TermLength", 'copy profile user-profile' =3D> "CopyProfile", 'show version' =3D> "ShowVersion", 'show boot' =3D> "ShowBoot", 'show run' =3D> "ShowRun" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and show run last). pita @commands=3D( "term length 65535", "copy profile user-profile", "show version", "show boot", "show run" ); $cisco_cmds=3Djoin(";",@commands); $cmds_regexp=3Djoin("|",@commands); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| =3D 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; # if (/\#\s?exit$/) { if (/\#\s?exit/) { $clean_run=3D1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=3D0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd =3D $1; if (!defined($prompt)) {$prompt =3D ($_ =3D~ /^([^#]+#)/)[0]; } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; # $clean_run =3D 0; i'll track down why this is necessary, but=20 # last TOP; the bottom line is this gets stuck in a loop.. next TOP; } else { $rval =3D &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval =3D=3D -1) { $clean_run =3D 0; last TOP; } } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } From owner-rancid-discuss-outgoing@shrubbery.net Sun Jan 4 13:58:33 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7725CC67C8 for ; Sun, 4 Jan 2004 13:58:33 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id D46BE17CFCF; Sun, 4 Jan 2004 13:58:32 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BD6CD17D07C; Sun, 4 Jan 2004 13:58:32 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id B345417CFCF for ; Sun, 4 Jan 2004 13:58:29 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 4 Jan 2004 15:57:55 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: "show ver" output changes in recent IOS Date: Sun, 4 Jan 2004 15:59:23 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: "show ver" output changes in recent IOS Thread-Index: AcPSyvVcJSPcwka1SGq8Ij0rotAFOw== From: "Yuval Ben-Ari" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, Lately after upgrading some routers to 12.3(4)T code I noticed rancid is no longer able to determine Memory/nvram memory size and Image/Software info. I found this is caused due to changes in the "show ver" command's output. relevant changed output lines: Old output: IOS (tm) 7400 Software (C7400-JS-M), Experimental Version 12.3(20030813:213719) [REL-v123_1_b_throttle.ios-weekly 120] 509K bytes of non-volatile configuration memory. New output: Cisco IOS Software, 7400 Software (C7400-IK9S-M), Version 12.3(4)T, RELEASE SOFTWARE (fc1) 509K bytes of NVRAM. it can be solved easily by adjusting the regexp in bin/rancid (line numbers relevant to rancid-2.2.2) line 151: - /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && + /IOS .* Software.* \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && line 252: - /^(\d+[kK]) bytes of non-volatile/ && + /^(\d+[kK]) bytes of non-volatile/ && We are still using 2.2.2 so if it is already fixed in 2.3* just ignore my message :-) The problem is that syntax is prone to change in the future again without any notice. I guess this is the price for fetching data from parsing CLI output. On the other hand I see that sysDescr.0 OID is inconsistent in the same way. I saw recent IOS has some XML support but did not really looked into it ..... Yuval From owner-rancid-discuss-outgoing@shrubbery.net Sun Jan 4 22:30:22 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7E916C67C6 for ; Sun, 4 Jan 2004 22:30:22 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id EA6AF17CFCE; Sun, 4 Jan 2004 22:30:21 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CA7C917CFD0; Sun, 4 Jan 2004 22:30:21 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id EAABE17CFCE for ; Sun, 4 Jan 2004 22:30:19 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 5 Jan 2004 00:29:46 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: "show ver" output changes in recent IOS Date: Mon, 5 Jan 2004 00:31:14 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: "show ver" output changes in recent IOS Thread-Index: AcPSyvVcJSPcwka1SGq8Ij0rotAFOwARvUuQ From: "Yuval Ben-Ari" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > -----Original Message----- > From: owner-rancid-discuss@shrubbery.net=20 > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Yuval Ben-Ari > Sent: Sunday, January 04, 2004 15:59 > To: rancid-discuss@shrubbery.net > Subject: "show ver" output changes in recent IOS >=20 >=20 > Hi, >=20 > Lately after upgrading some routers to 12.3(4)T code I=20 > noticed rancid is > no longer able to determine Memory/nvram memory size and=20 > Image/Software > info. > I found this is caused due to changes in the "show ver" command's > output. >=20 > relevant changed output lines: >=20 > Old output: > IOS (tm) 7400 Software (C7400-JS-M), Experimental Version > 12.3(20030813:213719) [REL-v123_1_b_throttle.ios-weekly 120] > 509K bytes of non-volatile configuration memory. >=20 > New output: > Cisco IOS Software, 7400 Software (C7400-IK9S-M), Version 12.3(4)T, > RELEASE SOFTWARE (fc1) > 509K bytes of NVRAM. >=20 > it can be solved easily by adjusting the regexp in bin/rancid >=20 > (line numbers relevant to rancid-2.2.2) > line 151: > - /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && > + /IOS .* Software.* \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && >=20 > line 252: > - /^(\d+[kK]) bytes of non-volatile/ && > + /^(\d+[kK]) bytes of non-volatile/ && I pasted the same line twice, should have been: + /^(\d+[kK]) bytes of (non-volatile|NVRAM)/ &&=20 =20 > We are still using 2.2.2 so if it is already fixed in 2.3* just ignore > my message :-) >=20 > The problem is that syntax is prone to change in the future again > without any notice. > I guess this is the price for fetching data from parsing CLI output. > On the other hand I see that sysDescr.0 OID is inconsistent=20 > in the same > way. > I saw recent IOS has some XML support but did not really=20 > looked into it > ..... >=20 > Yuval >=20 From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 10:20:53 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5ED67C699F for ; Mon, 5 Jan 2004 10:20:53 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9E86017CFCF; Mon, 5 Jan 2004 10:20:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7D9E917D07C; Mon, 5 Jan 2004 10:20:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mailrelay.todo.de (mailrelay.todo.de [62.169.0.10]) by guelah.shrubbery.net (Postfix) with ESMTP id 71DAF17CFCF for ; Mon, 5 Jan 2004 10:20:50 +0000 (UTC) Received: from hendrix.code.de (pD9E6F3BC.dip.t-dialin.net [217.230.243.188]) by mailrelay.todo.de (8.12.9p2/8.12.9) with ESMTP id i05AKgbl028925 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 5 Jan 2004 11:20:44 +0100 (CET) (envelope-from erik@code.de) Received: by hendrix.code.de (Postfix, from userid 1000) id CA1C6C00E; Mon, 5 Jan 2004 11:20:40 +0100 (CET) Date: Mon, 5 Jan 2004 11:20:40 +0100 From: Erik Wenzel To: Joshua Wright , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch Message-ID: <20040105102040.GA5597@hendrix.code.de> Mail-Followup-To: Joshua Wright , rancid-discuss@shrubbery.net References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Fri, Jan 02, 2004 at 01:34:56PM -0500, Joshua Wright wrote: [...] > Why wouldn't you just grant a similar AAA configuration entry for > "show running-config" for privilege 2 (or whatever privilege level you > assign this user)? Did you tried that, ever? Because even if I grant access to "show running-config" you will get an answer with some comments and nothing else. Not a single configuration line. I tested that without enabling "aaa new-model". So there is no alternative in using "show startup-config" > Changing RANCID to perform "show startup-config" instead of a running > configuration is "a bad idea" (tm). If an attacker were able to > compromise your router and make changes to the configuration, RANCID > in its current state will identify the changes and let you know about > it. If RANCID used "show startup-config" instead, you would be > unaware of the changes until they were saved. The running > configuration is a better reflection of the state of the router. Using Rancid to check if an attacker is compromising your routers is only possible if only one person is having write access. If you have a colleague you are not able to distinguish configuration changes coming from your colleague or an attacker. So, using RANCID for that purpose is one thing. On the other Hand is the purpose of having backups for desaster recovery and for that I can't see a reason to prefer one of the other. In a production environment I concider it "a bad idea (TM)" to have a difference between both configurations. > Also, consider the case when someone makes a change to the router and > doesn't save the configuration changes. Next time the router reboots, > something breaks because the configuration change was lost. With > RANCID monitoring the running configuration file, it would alert you > when the router came back online since the new running configuration > reflects the previously saved startup config file. So you blame "someone" for not saving the configuration. In that case, you see the big backdraw on not saving the running-config. You can't do a simple reboot. That "is bad style (TM)", generally. That's an argument pro saving "startup-config". -- erik@code.de "I am not a Geek! I shower." From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 15:41:40 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1E9B5C6A5F for ; Mon, 5 Jan 2004 15:41:40 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id A203617CFCF; Mon, 5 Jan 2004 15:41:39 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 860A817D07C; Mon, 5 Jan 2004 15:41:39 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from web41108.mail.yahoo.com (web41108.mail.yahoo.com [66.218.93.24]) by guelah.shrubbery.net (Postfix) with SMTP id 5211117CFCF for ; Mon, 5 Jan 2004 15:41:38 +0000 (UTC) Message-ID: <20040105154137.50820.qmail@web41108.mail.yahoo.com> Received: from [64.60.80.220] by web41108.mail.yahoo.com via HTTP; Mon, 05 Jan 2004 07:41:37 PST Date: Mon, 5 Jan 2004 07:41:37 -0800 (PST) From: funraps too Subject: Cipher not supported? To: rancid-discuss@shrubbery.net In-Reply-To: MIME-Version: 1.0 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello everyone, I wonder if you can help... des is not working for me and telnet was not called as a secondary.. .cloginrc: #add method * {telnet}{ssh}{rsh} add method * ssh telnet add cyphertype des Then trying ./clogin x.x.x.x spawn ssh -c 3des -x -l rancid x.x.x.x Selected cipher type 3des not supported by server. From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 16:45:41 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BA10BC6A9E for ; Mon, 5 Jan 2004 16:45:41 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1330417D07C; Mon, 5 Jan 2004 16:45:41 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id F2C8617D0A9; Mon, 5 Jan 2004 16:45:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 110AF17D07D; Mon, 5 Jan 2004 16:45:40 +0000 (UTC) Date: Mon, 5 Jan 2004 08:45:39 -0800 From: john heasley To: funraps too Cc: rancid-discuss@shrubbery.net Subject: Re: Cipher not supported? Message-ID: <20040105164539.GG23740@shrubbery.net> References: <20040105154137.50820.qmail@web41108.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040105154137.50820.qmail@web41108.mail.yahoo.com> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Jan 05, 2004 at 07:41:37AM -0800, funraps too: > > Hello everyone, I wonder if you can help... > > des is not working for me and telnet was not called as a secondary.. > > .cloginrc: > > #add method * {telnet}{ssh}{rsh} > add method * ssh telnet It should have been; try {}'ing the arguments. > add cyphertype des you need to have a host glob here; like add cyphertype * {des} > > Then trying ./clogin x.x.x.x > > spawn ssh -c 3des -x -l rancid x.x.x.x > > Selected cipher type 3des not supported by server. > > > > --------------------------------- > Do you Yahoo!? > Find out what made the Top Yahoo! Searches of 2003 From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 17:14:03 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5CDD4C6ABD for ; Mon, 5 Jan 2004 17:14:03 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id B296A17D0A9; Mon, 5 Jan 2004 17:14:02 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9445317D30B; Mon, 5 Jan 2004 17:14:02 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 00BC317D0AA; Mon, 5 Jan 2004 17:14:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from phenix.rootshell.be (phenix.rootshell.be [217.22.55.50]) by guelah.shrubbery.net (Postfix) with ESMTP id 65C4117CFCF for ; Mon, 5 Jan 2004 09:24:24 +0000 (UTC) Received: from phenix.rootshell.be (phenix [127.0.0.1]) by phenix.rootshell.be (8.12.8/8.12.8) with ESMTP id i059NnjO032079 for ; Mon, 5 Jan 2004 10:23:49 +0100 Received: from localhost (alastair@localhost) by phenix.rootshell.be (8.12.8/8.12.8/Submit) with ESMTP id i059Nl8g014235 for ; Mon, 5 Jan 2004 10:23:49 +0100 X-Authentication-Warning: phenix.rootshell.be: alastair owned process doing -bs Date: Mon, 5 Jan 2004 10:23:47 +0100 (CET) From: Alastair Galloway X-X-Sender: alastair@phenix.rootshell.be To: rancid-discuss@shrubbery.net Subject: Adding "show chassis alarms" to jrancid Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, Has anyone out there added "show chassis alarms" to jrancid? If not I think that I will as it'd be handy to see. Cheers, Alastair From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 20:23:37 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id A3FB3C67E5 for ; Mon, 5 Jan 2004 20:23:37 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0F6B517CFD0; Mon, 5 Jan 2004 20:23:37 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E73A317D0A9; Mon, 5 Jan 2004 20:23:36 +0000 (UTC) X-Original-To: rancid-discuss Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 0644517D07D; Mon, 5 Jan 2004 20:23:35 +0000 (UTC) Date: Mon, 5 Jan 2004 12:23:35 -0800 From: john heasley To: rancid-discuss@shrubbery.net Subject: clogin changes for cat19k Message-ID: <20040105202335.GB23740@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk A user reported that the cat19k requires that upon connection both a key be pressed to proceed and a 'K' be entered to start the command-line interface. I have changes to clogin to deal with both of these, but lack a cat19k on which to test. If anyone has one and is willing to test these changes, please contact me off-list. tia. From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 5 23:16:43 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 47AFDC6833 for ; Mon, 5 Jan 2004 23:16:43 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id ADF2C17D0A9; Mon, 5 Jan 2004 23:16:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8F72217D335; Mon, 5 Jan 2004 23:16:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by guelah.shrubbery.net (Postfix) with ESMTP id 71BDD17D0A9 for ; Mon, 5 Jan 2004 23:16:41 +0000 (UTC) Received: from kevinomalley.net ([68.55.255.172]) by comcast.net (rwcrmhc12) with SMTP id <200401052316340140063aove>; Mon, 5 Jan 2004 23:16:35 +0000 Received: (qmail 10207 invoked from network); 6 Jan 2004 00:22:50 -0000 Received: from localhost (HELO finalstate.com) (127.0.0.1) by localhost with SMTP; 6 Jan 2004 00:22:50 -0000 Message-ID: <3FF9F011.80800@finalstate.com> Date: Mon, 05 Jan 2004 18:15:29 -0500 From: Kevin O'Malley User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: rancid-discuss@shrubbery.net Subject: Newbie Problem Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Greetings All, I seem to be missing something basic with rancid 2.2.2 . I don't seem to be saving the configurations.... Any clogin and rancid seem to work fine. When I run do-diff however, I never save a config file, or get a config.new file. Subsequent runs with small changes to the router do not generate mail, because the checked in config seems to be zero length. Putting a NOPIPE=YES; export NOPIPE into the env file lets me see the .raw file get bigger with each iteration of rancid... but I don't see the config changing anywhere or being saved. The routername and routername.new are of zero length. This is the log file from do-diffs .... starting: Mon Jan 5 16:20:25 EST 2004 Trying to get all of the configs. ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus ===================================== Getting missed routers: round 1. ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus ===================================== Getting missed routers: round 2. ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus ===================================== Getting missed routers: round 3. ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus ===================================== Getting missed routers: round 4. ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus /usr/local/net/rancid/bin/rename: *.new: No such file or directory cvs diff: Diffing . cvs diff: Diffing configs cvs commit: Examining . cvs commit: Examining configs ending: Mon Jan 5 16:23:18 EST 2004 From rancid [rancid@localhost rancid]$ rancid -d -l ROUTERNAME executing clogin -t 90 -c"show version;show install active;show env all;show gsr chassis;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all sup-bootflash:;dir /all sup-microcode:;show controllers;show controllers cbus;show diagbus;show diag;show module;show c7200;show vtp status;show vlan;write term" ROUTERNAME executing clogin -t 90 -c"show version;show install active;show env all;show gsr chassis;show boot;show bootvar;show variables boot;show flash;dir /all nvram:;dir /all bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all disk1:;dir /all slot2:;dir /all disk2:;dir /all sup-bootflash:;dir /all sup-microcode:;show controllers;show controllers cbus;show diagbus;show diag;show module;show c7200;show vtp status;show vlan;write term" ROUTERNAME HIT COMMAND:ROUTERNAME#show version In ShowVersion: ROUTERNAME#show version TYPE = 3660 HIT COMMAND:ROUTERNAME#show env all In ShowEnv: ROUTERNAME#show env all HIT COMMAND:ROUTERNAME#show gsr chassis In ShowGSR: ROUTERNAME#show gsr chassis HIT COMMAND:ROUTERNAME#show boot In ShowBoot: ROUTERNAME#show boot HIT COMMAND:ROUTERNAME#show bootvar In ShowBoot: ROUTERNAME#show bootvar HIT COMMAND:ROUTERNAME#show variables boot In ShowBoot: ROUTERNAME#show variables boot HIT COMMAND:ROUTERNAME#show flash In ShowFlash: ROUTERNAME#show flash HIT COMMAND:ROUTERNAME#dir /all nvram: In DirSlotN: ROUTERNAME#dir /all nvram: HIT COMMAND:ROUTERNAME#dir /all bootflash: In DirSlotN: ROUTERNAME#dir /all bootflash: HIT COMMAND:ROUTERNAME#dir /all slot0: In DirSlotN: ROUTERNAME#dir /all slot0: HIT COMMAND:ROUTERNAME#dir /all disk0: In DirSlotN: ROUTERNAME#dir /all disk0: HIT COMMAND:ROUTERNAME#dir /all slot1: In DirSlotN: ROUTERNAME#dir /all slot1: HIT COMMAND:ROUTERNAME#dir /all disk1: In DirSlotN: ROUTERNAME#dir /all disk1: HIT COMMAND:ROUTERNAME#dir /all slot2: In DirSlotN: ROUTERNAME#dir /all slot2: HIT COMMAND:ROUTERNAME#dir /all disk2: In DirSlotN: ROUTERNAME#dir /all disk2: HIT COMMAND:ROUTERNAME#dir /all sup-bootflash: In DirSlotN: ROUTERNAME#dir /all sup-bootflash: HIT COMMAND:ROUTERNAME#dir /all sup-microcode: In DirSlotN: ROUTERNAME#dir /all sup-microcode: HIT COMMAND:ROUTERNAME#show controllers In ShowContAll: ROUTERNAME#show controllers HIT COMMAND:ROUTERNAME#show diagbus In ShowDiagbus: ROUTERNAME#show diagbus HIT COMMAND:ROUTERNAME#show module In ShowModule: ROUTERNAME#show module HIT COMMAND:ROUTERNAME#show c7200 In ShowC7200: ROUTERNAME#show c7200 HIT COMMAND:ROUTERNAME#show vtp status In ShowVTP: ROUTERNAME#show vtp status HIT COMMAND:ROUTERNAME#show vlan In ShowVLAN: ROUTERNAME#show vlan HIT COMMAND:ROUTERNAME#write term In WriteTerm: ROUTERNAME#write term Done : ROUTERNAME#exit ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus ROUTERNAME: missed cmd(s): show diag,show install active,show controllers cbus Which looks good, and makes a .new file, but it still runs all 4 times. I am looking at the rancid code but I fear I am not man enough. Any help would be appriciated. From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 6 05:23:00 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4EE17C67C8 for ; Tue, 6 Jan 2004 05:23:00 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id C43D817CFCF; Tue, 6 Jan 2004 05:22:59 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A882817D07C; Tue, 6 Jan 2004 05:22:59 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id 8D73E17CFCF for ; Tue, 6 Jan 2004 05:22:57 +0000 (UTC) Received: from choqolat.org (uec-gw.uecomm.net.au [203.94.134.236] (may be forged)) by mel1.unite.net.au (8.12.10/8.12.10) with ESMTP id i065MI8N000572; Tue, 6 Jan 2004 16:22:20 +1100 (EST) Message-ID: <3FFA460A.1060203@choqolat.org> Date: Tue, 06 Jan 2004 16:22:18 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Erik Wenzel Cc: Joshua Wright , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> In-Reply-To: <20040105102040.GA5597@hendrix.code.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 5/01/2004 9:20 PM, Erik Wenzel wrote: >On Fri, Jan 02, 2004 at 01:34:56PM -0500, Joshua Wright wrote: >[...] > > >>Changing RANCID to perform "show startup-config" instead of a running >>configuration is "a bad idea" (tm). If an attacker were able to >>compromise your router and make changes to the configuration, RANCID >>in its current state will identify the changes and let you know about >>it. If RANCID used "show startup-config" instead, you would be >>unaware of the changes until they were saved. The running >>configuration is a better reflection of the state of the router. >> >> >Using Rancid to check if an attacker is compromising your routers is >only possible if only one person is having write access. If you have >a colleague you are not able to distinguish configuration changes coming >from your colleague or an attacker. So, using RANCID for that purpose is >one thing. On the other Hand is the purpose of having backups for desaster >recovery and for that I can't see a reason to prefer one of the other. >In a production environment I concider it "a bad idea (TM)" to have a >difference between both configurations. > > > I think you both have a point worthy of argument, but noone wins arguments. There's no reason why the site administrator can't do this locally, nor why it could not be a configuration (bin/env) variable. The quick hack I just did to do this is kinda ugly (rewrite both the %commands and @commands variables _entirely_, based on whether a ENV variable is set one way or another), so I wont submit it if there's a cleaner way to just re-write that last line. Can someone submit a cleaner method? (Default behaviour remains the same, i.e., if there's no variable in the bin/env file). What do other people think? I've often had people ask me "oh, why doesn't RANCID look at the startup config", and I've explained it as Joshua has, above, but Erik makes a good point, and this seems like something that should be decided by the administrator. -afort From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 6 05:30:27 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 04AF4C67C8 for ; Tue, 6 Jan 2004 05:30:27 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 8842D17CFD0; Tue, 6 Jan 2004 05:30:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 6705317D0A9; Tue, 6 Jan 2004 05:30:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id 8B79417CFD0 for ; Tue, 6 Jan 2004 05:30:24 +0000 (UTC) Received: from choqolat.org (uec-gw.uecomm.net.au [203.94.134.236] (may be forged)) by mel1.unite.net.au (8.12.10/8.12.10) with ESMTP id i065To8N001025; Tue, 6 Jan 2004 16:29:51 +1100 (EST) Message-ID: <3FFA47CE.7000400@choqolat.org> Date: Tue, 06 Jan 2004 16:29:50 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Kevin O'Malley" Cc: rancid-discuss@shrubbery.net Subject: Re: Newbie Problem References: <3FF9F011.80800@finalstate.com> In-Reply-To: <3FF9F011.80800@finalstate.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 6/01/2004 10:15 AM, Kevin O'Malley wrote: > Greetings All, > > [rancid@localhost rancid]$ rancid -d -l ROUTERNAME [snip] > Done : ROUTERNAME#exit > > ROUTERNAME: missed cmd(s): show diag,show install active,show > controllers cbus > ROUTERNAME: missed cmd(s): show diag,show install active,show > controllers cbus > > Which looks good, and makes a .new file, but it still runs all 4 > times. I am looking at the rancid code but I fear I am not man enough. > Any help would be appriciated. Check the .new file for the exchange between expect and the router's output around the command 'show diag', 'show install active', and 'show controllers cbus'. If you have output and it all looks like it should be OK, then the "rancid" program (parser) is missing those bits for whatever reason. If this is so, try upgrading to 2.3beta first off as some similar sounding parser bugs have been cleaned up recently (check the recent list archives for occurances of "ftp.shrubbery.net" to get the link). -afort From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 6 10:35:25 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BAF9AC67C8 for ; Tue, 6 Jan 2004 10:35:25 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id EF6FA17CFCF; Tue, 6 Jan 2004 10:35:25 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C6DDD17D07C; Tue, 6 Jan 2004 10:35:24 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by guelah.shrubbery.net (Postfix) with ESMTP id D5D0C17CFCF for ; Tue, 6 Jan 2004 10:35:22 +0000 (UTC) Received: from kevinomalley.net ([68.55.255.172]) by comcast.net (sccrmhc11) with SMTP id <20040106103520011006cd80e>; Tue, 6 Jan 2004 10:35:20 +0000 Received: (qmail 13197 invoked from network); 6 Jan 2004 11:34:46 -0000 Received: from localhost (HELO finalstate.com) (127.0.0.1) by localhost with SMTP; 6 Jan 2004 11:34:46 -0000 Message-ID: <3FFA8D9C.8010602@finalstate.com> Date: Tue, 06 Jan 2004 05:27:40 -0500 From: Kevin O'Malley User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Fort Cc: rancid-discuss@shrubbery.net Subject: Re: Newbie Problem References: <3FF9F011.80800@finalstate.com> <3FFA47CE.7000400@choqolat.org> In-Reply-To: <3FFA47CE.7000400@choqolat.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Ahh... Much better. 2.3beta resolved the issue. Thank you very much. KO'M Andrew Fort wrote: > On 6/01/2004 10:15 AM, Kevin O'Malley wrote: > >> Greetings All, >> >> [rancid@localhost rancid]$ rancid -d -l ROUTERNAME > > > [snip] > >> Done : ROUTERNAME#exit >> >> ROUTERNAME: missed cmd(s): show diag,show install active,show >> controllers cbus >> ROUTERNAME: missed cmd(s): show diag,show install active,show >> controllers cbus >> >> Which looks good, and makes a .new file, but it still runs all 4 >> times. I am looking at the rancid code but I fear I am not man >> enough. Any help would be appriciated. > > > > Check the .new file for the exchange between expect and the router's > output around the command 'show diag', 'show install active', and > 'show controllers cbus'. > If you have output and it all looks like it should be OK, then the > "rancid" program (parser) is missing those bits for whatever reason. > If this is so, try upgrading to 2.3beta first off as some similar > sounding parser bugs have been cleaned up recently (check the recent > list archives for occurances of "ftp.shrubbery.net" to get the link). > > -afort > > > > From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 6 13:11:25 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1DC1FC67D3 for ; Tue, 6 Jan 2004 13:11:25 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 943CD17CFCF; Tue, 6 Jan 2004 13:11:24 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7641917D07C; Tue, 6 Jan 2004 13:11:24 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id 3057317CFCF for ; Tue, 6 Jan 2004 13:11:22 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 6 Jan 2004 15:10:48 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: ignoring some changes Date: Tue, 6 Jan 2004 15:12:17 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: ignoring some changes Thread-Index: AcPUVmwiRWl3iNqJS82amTOaC7WEPw== From: "Yuval Ben-Ari" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, I would like to have the option to ignore certain lines that keep changing every time "write mem" is done on the router. like "config.text" files on IOS Catalyst's or local user passwords on certain IOS's. currently it is done by hack to bin/rancid itself which filters these lines altogether but I would rather just ignore it during the cvs diff operation. Is there an easy place to add regexp of lines that should be ignored during the diff operation ? example of unwanted diffs: @@ -26,9 +26,9 @@ ! !Flash: Directory of flash:/ !Flash: 7 drwx 320 Mar 01 1993 20:17:06 c1100-k9w7-mx.122-13.JA1 +!Flash: 2 -rwx 1951 Mar 01 1993 23:47:13 private-config !Flash: 3 -rwx 212 Mar 01 1993 00:10:06 env_vars -!Flash: 4 -rwx 2589 Mar 01 1993 17:47:38 config.txt -!Flash: 5 -rwx 1951 Mar 01 1993 17:47:38 private-config +!Flash: 5 -rwx 2589 Mar 01 1993 23:47:13 config.txt !Flash: 7741440 bytes total (4176384 bytes free) ! ! Thanks Yuval From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 6 17:20:17 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 2F57FC67DB for ; Tue, 6 Jan 2004 17:20:17 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id B7D8717CFCF; Tue, 6 Jan 2004 17:20:16 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9FE4517D07C; Tue, 6 Jan 2004 17:20:16 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id ABEAC17CFD0; Tue, 6 Jan 2004 17:20:15 +0000 (UTC) Date: Tue, 6 Jan 2004 09:20:15 -0800 From: john heasley To: Yuval Ben-Ari Cc: rancid-discuss@shrubbery.net Subject: Re: ignoring some changes Message-ID: <20040106172015.GC3502@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Jan 06, 2004 at 03:12:17PM +0200, Yuval Ben-Ari: > Hi, > > I would like to have the option to ignore certain lines that keep > changing every time "write mem" is done on the router. > like "config.text" files on IOS Catalyst's or local user passwords on > certain IOS's. > currently it is done by hack to bin/rancid itself which filters these > lines altogether but I would rather just ignore it during the cvs diff > operation. > Is there an easy place to add regexp of lines that should be ignored > during the diff operation ? not ATM. we have discussed this a bit and plan to add something after the next release (ie: after 2.3). > example of unwanted diffs: > > @@ -26,9 +26,9 @@ > ! > !Flash: Directory of flash:/ > !Flash: 7 drwx 320 Mar 01 1993 20:17:06 > c1100-k9w7-mx.122-13.JA1 > +!Flash: 2 -rwx 1951 Mar 01 1993 23:47:13 private-config > !Flash: 3 -rwx 212 Mar 01 1993 00:10:06 env_vars > -!Flash: 4 -rwx 2589 Mar 01 1993 17:47:38 config.txt > -!Flash: 5 -rwx 1951 Mar 01 1993 17:47:38 private-config > +!Flash: 5 -rwx 2589 Mar 01 1993 23:47:13 config.txt > !Flash: 7741440 bytes total (4176384 bytes free) > ! > ! > > > Thanks > Yuval From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 03:01:48 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 624C9C67DB for ; Wed, 7 Jan 2004 03:01:48 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id EF9F217CFCF; Wed, 7 Jan 2004 03:01:47 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D14A517D07C; Wed, 7 Jan 2004 03:01:47 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id D79EF17CFD0; Wed, 7 Jan 2004 03:01:46 +0000 (UTC) Date: Tue, 6 Jan 2004 19:01:46 -0800 From: 'john heasley' To: Alexander Voropay Cc: rancid-discuss@shrubbery.net Subject: Re: Riverstones and RANCID Message-ID: <20040107030146.GK3502@shrubbery.net> References: <20031205175015.GP13880@shrubbery.net> <00d901c3bd6f$e11eaf90$1701a8c0@ALEC> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00d901c3bd6f$e11eaf90$1701a8c0@ALEC> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Dec 08, 2003 at 12:44:31PM +0300, Alexander Voropay: > Hi! > > >It is (will be) included in rancid 2-3. you are welcome to try the EFT > image here: > > ftp://ftp.shrubbery.net/outgoing/rancid-2.3.eft5.tar.gz > > Could you rename the RANCID's 'rename' utility too ? > > It conflicts with RedHat's '/usr/bin/rename' from the "util-linux" > package (system). > This "util-linux" also includes "/bin/login" "/sbin/clock" e.t.c. so, it > is very hard > to recompile/remove this package. So, RANCID incompatible with > RedHat-based > systems... we're not sure which solution we'll choose, but 'rename' will not appear in 2.3. > P.S. I'm trying to create a ~good~ "rancid.spec" file to build RANCID as > RPM. > I've renamed 'rename' to 'rancid-rename' now. > > P.P.S. Will you update rancid's web-page > http://www.shrubbery.net/rancid/ to new version ? it current points to 2.2.2 & patches; when 2.3 is released, it will be updated. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 04:03:18 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 424D6C67DF for ; Wed, 7 Jan 2004 04:03:18 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 4ADD817CFCF; Wed, 7 Jan 2004 04:03:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2E87A17D07C; Wed, 7 Jan 2004 04:03:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 1F77E17CFD0; Wed, 7 Jan 2004 04:03:16 +0000 (UTC) Date: Tue, 6 Jan 2004 20:03:16 -0800 From: john heasley To: Andrew Fort Cc: Erik Wenzel , Joshua Wright , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch Message-ID: <20040107040315.GO3502@shrubbery.net> References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> <3FFA460A.1060203@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FFA460A.1060203@choqolat.org> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Jan 06, 2004 at 04:22:18PM +1100, Andrew Fort: > On 5/01/2004 9:20 PM, Erik Wenzel wrote: > > >On Fri, Jan 02, 2004 at 01:34:56PM -0500, Joshua Wright wrote: > >[...] > > > > > >>Changing RANCID to perform "show startup-config" instead of a running > >>configuration is "a bad idea" (tm). If an attacker were able to > >>compromise your router and make changes to the configuration, RANCID > >>in its current state will identify the changes and let you know about > >>it. If RANCID used "show startup-config" instead, you would be > >>unaware of the changes until they were saved. The running > >>configuration is a better reflection of the state of the router. > >> > >> > >Using Rancid to check if an attacker is compromising your routers is > >only possible if only one person is having write access. If you have > >a colleague you are not able to distinguish configuration changes coming > >from your colleague or an attacker. So, using RANCID for that purpose is > >one thing. On the other Hand is the purpose of having backups for desaster > >recovery and for that I can't see a reason to prefer one of the other. > >In a production environment I concider it "a bad idea (TM)" to have a > >difference between both configurations. > > > > > > > > I think you both have a point worthy of argument, but noone wins > arguments. There's no reason why the site administrator can't do this > locally, nor why it could not be a configuration (bin/env) variable. > The quick hack I just did to do this is kinda ugly (rewrite both the > %commands and @commands variables _entirely_, based on whether a ENV > variable is set one way or another), so I wont submit it if there's a > cleaner way to just re-write that last line. Can someone submit a > cleaner method? (Default behaviour remains the same, i.e., if there's > no variable in the bin/env file). > > What do other people think? I've often had people ask me "oh, why > doesn't RANCID look at the startup config", and I've explained it as > Joshua has, above, but Erik makes a good point, and this seems like > something that should be decided by the administrator. just want to add two bits to this. 1) "router has the canonical config", ie: what's in nvram is authoritative, is a practice that most folks grow out of. you will eventually begin to generate your configs and load those into nvram. 2) what i'd like to add for rancid 3.0 (or whatever) are boiler-plate device types. for example, type "cisco" runs commands x, y, & z. but, a user can define their own type, cisco-startup which might run x, y, z, & show startup-config. not quite sure how to do that yet. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 05:28:53 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C07B9C67D8 for ; Wed, 7 Jan 2004 05:28:52 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3699F17CFCF; Wed, 7 Jan 2004 05:28:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2137B17D0A9; Wed, 7 Jan 2004 05:28:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id 12C2117CFCF; Wed, 7 Jan 2004 05:28:50 +0000 (UTC) Received: from choqolat.org (uec-gw.uecomm.net.au [203.94.134.236] (may be forged)) by mel1.unite.net.au (8.12.10/8.12.10) with ESMTP id i075Sm8N011602; Wed, 7 Jan 2004 16:28:48 +1100 (EST) Message-ID: <3FFB9910.8010901@choqolat.org> Date: Wed, 07 Jan 2004 16:28:48 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> <3FFA460A.1060203@choqolat.org> <20040107040315.GO3502@shrubbery.net> In-Reply-To: <20040107040315.GO3502@shrubbery.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 7/01/2004 3:03 PM, john heasley wrote: >2) what i'd like to add for rancid 3.0 (or whatever) are boiler-plate device > types. for example, type "cisco" runs commands x, y, & z. but, a user > can define their own type, cisco-startup which might run x, y, z, & show > startup-config. not quite sure how to do that yet. > > Thinking out loud here, but... How about merging the concept covered in 'rancid-fe' with this, so you have a device type which nominates a given *rancid script to execute and also a file which has the commands for that script to run, along with the function names to parse them. The parsers commands are split out into a perl module or similar, with examples on how to write your own and what inputs to expect and outputs to provide. -afort From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 06:25:28 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 2575CC67D8 for ; Wed, 7 Jan 2004 06:25:28 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9B19717CFCF; Wed, 7 Jan 2004 06:25:27 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 84BAC17D0A9; Wed, 7 Jan 2004 06:25:27 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 5782717D07D; Wed, 7 Jan 2004 06:25:26 +0000 (UTC) Date: Tue, 6 Jan 2004 22:25:26 -0800 From: john heasley To: Andrew Fort Cc: john heasley , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch Message-ID: <20040107062526.GJ8088@shrubbery.net> References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> <3FFA460A.1060203@choqolat.org> <20040107040315.GO3502@shrubbery.net> <3FFB9910.8010901@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FFB9910.8010901@choqolat.org> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jan 07, 2004 at 04:28:48PM +1100, Andrew Fort: > On 7/01/2004 3:03 PM, john heasley wrote: > > >2) what i'd like to add for rancid 3.0 (or whatever) are boiler-plate > >device > > types. for example, type "cisco" runs commands x, y, & z. but, a user > > can define their own type, cisco-startup which might run x, y, z, & show > > startup-config. not quite sure how to do that yet. > > > > > > Thinking out loud here, but... > How about merging the concept covered in 'rancid-fe' with this, so you > have a device type which nominates a given *rancid script to execute and > also a file which has the commands for that script to run, along with > the function names to parse them. The parsers commands are split out > into a perl module or similar, with examples on how to write your own > and what inputs to expect and outputs to provide. that is what i had in mind. plus some default device "types". From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 11:04:30 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 9A6C8C67D8 for ; Wed, 7 Jan 2004 11:04:30 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0031E17CFCF; Wed, 7 Jan 2004 11:04:30 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D7C2D17D0A9; Wed, 7 Jan 2004 11:04:29 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mx1.ip.tiscali.net (mx1.ip.tiscali.net [213.200.88.213]) by guelah.shrubbery.net (Postfix) with SMTP id F0B9C17CFCF for ; Wed, 7 Jan 2004 11:04:27 +0000 (UTC) Received: (qmail 74957 invoked from network); 7 Jan 2004 11:04:25 -0000 Received: from unknown (HELO shekinah.ip.tiscali.net) (213.200.88.76) by smtp.ip.tiscali.net with SMTP; 7 Jan 2004 11:04:25 -0000 Received: from ako by shekinah.ip.tiscali.net with local (Exim 4.24 #1) id 1AeBUA-0005FM-4e; Wed, 07 Jan 2004 12:04:26 +0100 Date: Wed, 7 Jan 2004 12:04:26 +0100 From: Alexander Koch To: Alastair Galloway Cc: rancid-discuss@shrubbery.net Subject: Re: Adding "show chassis alarms" to jrancid Message-ID: <20040107110426.GF20019@shekinah.ip.tiscali.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: Tiscali International Network B.V. X-NCC-RegID: eu.nacnet User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, 5 January 2004 10:23:47 +0100, Alastair Galloway wrote: > Has anyone out there added "show chassis alarms" to jrancid? If not I think > that I will as it'd be handy to see. It is very handy, indeed! We added it and it helps us when our NOC does not see these &&%$§&%)&§"= Juniper power supplies breaking every some months. All these fan failures are really nasty. Also 'fxp0 down' is handy to see in rancid, would not have been spotted that easily otherwise... our NOC is our NOC, and we are we, sort of. I do not reply on some SNMP crab to tell me so... Regards, Alexander -- Alexander Koch / ako4-ripe IP Engineering, Tiscali International Network Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany Phone +49 6103 916 480, Fax +49 6103 916 464 From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 20:26:37 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 534BFC67DF for ; Wed, 7 Jan 2004 20:26:37 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id DD9C117CF9E; Wed, 7 Jan 2004 20:26:36 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id BF55017CF9F; Wed, 7 Jan 2004 20:26:36 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 53FC417CFA9; Wed, 7 Jan 2004 20:26:35 +0000 (UTC) Date: Wed, 7 Jan 2004 12:26:35 -0800 From: john heasley To: Alexander Koch Cc: Alastair Galloway , rancid-discuss@shrubbery.net Subject: Re: Adding "show chassis alarms" to jrancid Message-ID: <20040107202635.GE8088@shrubbery.net> References: <20040107110426.GF20019@shekinah.ip.tiscali.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040107110426.GF20019@shekinah.ip.tiscali.net> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Wed, Jan 07, 2004 at 12:04:26PM +0100, Alexander Koch: > On Mon, 5 January 2004 10:23:47 +0100, Alastair Galloway wrote: > > Has anyone out there added "show chassis alarms" to jrancid? If not I think > > that I will as it'd be handy to see. > > It is very handy, indeed! We added it and it helps us when > our NOC does not see these &&%$?&%)&?"= Juniper power > supplies breaking every some months. All these fan failures > are really nasty. > > Also 'fxp0 down' is handy to see in rancid, would not have > been spotted that easily otherwise... our NOC is our NOC, > and we are we, sort of. I do not reply on some SNMP crab to > tell me so... > > Regards, > Alexander > > -- > Alexander Koch / ako4-ripe > IP Engineering, Tiscali International Network > Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany > Phone +49 6103 916 480, Fax +49 6103 916 464 could some provide an example of this command's output? I dont seem to have any alarms ATM. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 7 23:40:27 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 6ADB8C67E2 for ; Wed, 7 Jan 2004 23:40:27 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id E742D17CF9E; Wed, 7 Jan 2004 23:40:26 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C8F3117CFA2; Wed, 7 Jan 2004 23:40:26 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from og.latency.net (og.latency.net [209.123.200.27]) by guelah.shrubbery.net (Postfix) with ESMTP id 7926517CF9E; Wed, 7 Jan 2004 23:40:25 +0000 (UTC) Received: by og.latency.net (Postfix, from userid 1000) id 1F08713FC0A; Wed, 7 Jan 2004 18:40:09 -0500 (EST) Date: Wed, 7 Jan 2004 18:40:09 -0500 From: Adam Rothschild To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: Adding "show chassis alarms" to jrancid Message-ID: <20040107234008.GH16787@latency.net> References: <20040107110426.GF20019@shekinah.ip.tiscali.net> <20040107202635.GE8088@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040107202635.GE8088@shrubbery.net> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 2004-01-07-15:26:35, john heasley wrote: > could some provide an example of this command's output? I dont seem > to have any alarms ATM. asr@jewnipper.lab> show chassis alarms 1 alarms currently active Alarm time Class Description 2004-01-07 18:38:31 EST Major fxp0: ethernet link down Hope this helps, -a From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 8 08:08:11 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 28279C67E8 for ; Thu, 8 Jan 2004 08:08:11 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9920917CF9E; Thu, 8 Jan 2004 08:08:10 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 78CF917CFA2; Thu, 8 Jan 2004 08:08:10 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mignon.ki.iif.hu (rt.ki.iif.hu [193.6.222.240]) by guelah.shrubbery.net (Postfix) with ESMTP id 4C71717CF9E; Thu, 8 Jan 2004 08:08:08 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mignon.ki.iif.hu (Postfix) with ESMTP id 9EB9D5557; Thu, 8 Jan 2004 09:08:05 +0100 (CET) Received: from mignon.ki.iif.hu ([127.0.0.1]) by localhost (mignon.ki.iif.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 79169-03-2; Thu, 8 Jan 2004 09:08:04 +0100 (CET) Received: by mignon.ki.iif.hu (Postfix, from userid 1003) id D97F85543; Thu, 8 Jan 2004 09:08:04 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mignon.ki.iif.hu (Postfix) with ESMTP id D77BF553F; Thu, 8 Jan 2004 09:08:04 +0100 (CET) Date: Thu, 8 Jan 2004 09:08:04 +0100 (CET) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: john heasley Cc: Alexander Koch , Alastair Galloway , rancid-discuss@shrubbery.net Subject: Re: Adding "show chassis alarms" to jrancid In-Reply-To: <20040107202635.GE8088@shrubbery.net> Message-ID: <20040108090449.S73143@mignon.ki.iif.hu> References: <20040107110426.GF20019@shekinah.ip.tiscali.net> <20040107202635.GE8088@shrubbery.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Wed, 7 Jan 2004, john heasley wrote: > Wed, Jan 07, 2004 at 12:04:26PM +0100, Alexander Koch: > > On Mon, 5 January 2004 10:23:47 +0100, Alastair Galloway wrote: > > > Has anyone out there added "show chassis alarms" to jrancid? If not I think > > > that I will as it'd be handy to see. > > > > It is very handy, indeed! We added it and it helps us when > > our NOC does not see these &&%$?&%)&?"= Juniper power > > supplies breaking every some months. All these fan failures > > are really nasty. > > > > Also 'fxp0 down' is handy to see in rancid, would not have > > been spotted that easily otherwise... our NOC is our NOC, > > and we are we, sort of. I do not reply on some SNMP crab to > > tell me so... > > > > Regards, > > Alexander > > > > -- > > Alexander Koch / ako4-ripe > > IP Engineering, Tiscali International Network > > Robert-Bosch-Strasse 32, D-63303 Dreieich, Germany > > Phone +49 6103 916 480, Fax +49 6103 916 464 > > could some provide an example of this command's output? I dont seem > to have any alarms ATM. If there is no alarm you see: >show chassis alarms No alarms currently active If there are some alarms: user@host> show chassis alarms 3 alarms are currently active Alarm time Class Description 2000-02-07 10:12:22 UTC Major fxp0: ethernet link down 2000-02-07 10:11:54 UTC Minor YELLOW ALARM - PEM 1 Removed 2000-02-07 10:11:03 UTC Minor YELLOW ALARM - Lower Fan Tray Removed The last was taken from the Juniper documentation. Regards, Janos Mohacsi From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 07:03:02 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 186A1C67EE for ; Fri, 9 Jan 2004 07:03:02 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 75BB717CF9E; Fri, 9 Jan 2004 07:03:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 53A6917CFA2; Fri, 9 Jan 2004 07:03:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mail.padfoot.com (mail.PADFOOT.COM [198.137.194.43]) by guelah.shrubbery.net (Postfix) with ESMTP id 51D3617CF9E for ; Fri, 9 Jan 2004 07:03:00 +0000 (UTC) Received: by mail.padfoot.com (Postfix, from userid 102) id 574A24F5A3; Fri, 9 Jan 2004 02:02:44 -0500 (EST) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <16382.21012.43804.773588@durmstrang.padfoot.com> Date: Fri, 9 Jan 2004 02:02:44 -0500 From: Henry Kilmer To: Andrew Fort Cc: Erik Wenzel , Joshua Wright , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch In-Reply-To: <3FFA460A.1060203@choqolat.org> References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> <3FFA460A.1060203@choqolat.org> X-Mailer: VM 7.14 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Rancid's original goal was to track the changes in the running network. That meant grabbing the running configs since they might have changed from the startup config (people forget/don't want to save configs all the time). It is useful to track on-going changes too if you work in a NOC. If changes are made and a save isn't done, the configs rancid stores (if using the startup configs) would not restore the router as well. It was always my opinion when this topic got brought up that it was trivial for a site to make the change to grab the startup config if they really wanted but that rancid's default should be the running config. -Hank Andrew Fort writes: >On 5/01/2004 9:20 PM, Erik Wenzel wrote: > >>On Fri, Jan 02, 2004 at 01:34:56PM -0500, Joshua Wright wrote: >>[...] >> >> >>>Changing RANCID to perform "show startup-config" instead of a running >>>configuration is "a bad idea" (tm). If an attacker were able to >>>compromise your router and make changes to the configuration, RANCID >>>in its current state will identify the changes and let you know about >>>it. If RANCID used "show startup-config" instead, you would be >>>unaware of the changes until they were saved. The running >>>configuration is a better reflection of the state of the router. >>> >>> >>Using Rancid to check if an attacker is compromising your routers is >>only possible if only one person is having write access. If you have >>a colleague you are not able to distinguish configuration changes coming >>from your colleague or an attacker. So, using RANCID for that purpose is >>one thing. On the other Hand is the purpose of having backups for desaster >>recovery and for that I can't see a reason to prefer one of the other. >>In a production environment I concider it "a bad idea (TM)" to have a >>difference between both configurations. >> >> >> > >I think you both have a point worthy of argument, but noone wins >arguments. There's no reason why the site administrator can't do this >locally, nor why it could not be a configuration (bin/env) variable. >The quick hack I just did to do this is kinda ugly (rewrite both the >%commands and @commands variables _entirely_, based on whether a ENV >variable is set one way or another), so I wont submit it if there's a >cleaner way to just re-write that last line. Can someone submit a >cleaner method? (Default behaviour remains the same, i.e., if there's >no variable in the bin/env file). > >What do other people think? I've often had people ask me "oh, why >doesn't RANCID look at the startup config", and I've explained it as >Joshua has, above, but Erik makes a good point, and this seems like >something that should be decided by the administrator. > >-afort From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 08:20:38 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7EC84C67EE for ; Fri, 9 Jan 2004 08:20:38 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 68EEB17CF9F; Fri, 9 Jan 2004 08:20:37 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 41CF717CFA9; Fri, 9 Jan 2004 08:20:37 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mignon.ki.iif.hu (mignon.ki.iif.hu [193.6.222.240]) by guelah.shrubbery.net (Postfix) with ESMTP id 0E70B17CF9F for ; Fri, 9 Jan 2004 08:20:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mignon.ki.iif.hu (Postfix) with ESMTP id 17B175582; Fri, 9 Jan 2004 09:20:32 +0100 (CET) Received: from mignon.ki.iif.hu ([127.0.0.1]) by localhost (mignon.ki.iif.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 91403-02-7; Fri, 9 Jan 2004 09:20:31 +0100 (CET) Received: by mignon.ki.iif.hu (Postfix, from userid 1003) id 0D5E455A0; Fri, 9 Jan 2004 09:20:31 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by mignon.ki.iif.hu (Postfix) with ESMTP id 0B297559F; Fri, 9 Jan 2004 09:20:31 +0100 (CET) Date: Fri, 9 Jan 2004 09:20:30 +0100 (CET) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: Henry Kilmer Cc: Andrew Fort , Erik Wenzel , Joshua Wright , rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch In-Reply-To: <16382.21012.43804.773588@durmstrang.padfoot.com> Message-ID: <20040109090404.H91437@mignon.ki.iif.hu> References: <946FD6186E8D4E46AB4F6FDD23AAE864015A00FC@pvdexc02.jwu.edu> <20040105102040.GA5597@hendrix.code.de> <3FFA460A.1060203@choqolat.org> <16382.21012.43804.773588@durmstrang.padfoot.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Fri, 9 Jan 2004, Henry Kilmer wrote: > > Rancid's original goal was to track the changes in the running > network. That meant grabbing the running configs since they might > have changed from the startup config (people forget/don't want to save > configs all the time). It is useful to track on-going changes too if > you work in a NOC. If changes are made and a save isn't done, the > configs rancid stores (if using the startup configs) would not restore > the router as well. > > It was always my opinion when this topic got brought up that it was > trivial for a site to make the change to grab the startup config if > they really wanted but that rancid's default should be the running > config. > > -Hank I would like to start with the broader view. I think CVS of rancid should reflect the stable and working configuration. I am usually not interested in the transient state of the router. In my opinion the running config is only interesting if: - You are actually configuring something - You are running a certain test, - the result are not sure. If you look at another type of router. For example Juniper router. You can always see the the "startup config". You can see the transient config only if you are in the config mode.... So my vote would be default to startup config, and possible option for running config. Best Regards, Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98 > > Andrew Fort writes: > >On 5/01/2004 9:20 PM, Erik Wenzel wrote: > > > >>On Fri, Jan 02, 2004 at 01:34:56PM -0500, Joshua Wright wrote: > >>[...] > >> > >> > >>>Changing RANCID to perform "show startup-config" instead of a running > >>>configuration is "a bad idea" (tm). If an attacker were able to > >>>compromise your router and make changes to the configuration, RANCID > >>>in its current state will identify the changes and let you know about > >>>it. If RANCID used "show startup-config" instead, you would be > >>>unaware of the changes until they were saved. The running > >>>configuration is a better reflection of the state of the router. > >>> > >>> > >>Using Rancid to check if an attacker is compromising your routers is > >>only possible if only one person is having write access. If you have > >>a colleague you are not able to distinguish configuration changes coming > >>from your colleague or an attacker. So, using RANCID for that purpose is > >>one thing. On the other Hand is the purpose of having backups for desaster > >>recovery and for that I can't see a reason to prefer one of the other. > >>In a production environment I concider it "a bad idea (TM)" to have a > >>difference between both configurations. > >> > >> > >> > > > >I think you both have a point worthy of argument, but noone wins > >arguments. There's no reason why the site administrator can't do this > >locally, nor why it could not be a configuration (bin/env) variable. > >The quick hack I just did to do this is kinda ugly (rewrite both the > >%commands and @commands variables _entirely_, based on whether a ENV > >variable is set one way or another), so I wont submit it if there's a > >cleaner way to just re-write that last line. Can someone submit a > >cleaner method? (Default behaviour remains the same, i.e., if there's > >no variable in the bin/env file). > > > >What do other people think? I've often had people ask me "oh, why > >doesn't RANCID look at the startup config", and I've explained it as > >Joshua has, above, but Erik makes a good point, and this seems like > >something that should be decided by the administrator. > > > >-afort > From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 10:48:20 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 51020C67ED for ; Fri, 9 Jan 2004 10:48:20 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id A32D317CF9E; Fri, 9 Jan 2004 10:48:19 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 8553917CFA2; Fri, 9 Jan 2004 10:48:19 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ns3.vmb-service.ru (ns3.vmb-service.ru [80.73.194.253]) by guelah.shrubbery.net (Postfix) with ESMTP id 22B3E17CF9E for ; Fri, 9 Jan 2004 10:48:17 +0000 (UTC) Received: from office.vmb-service.ru ([80.73.192.47]:18963 "EHLO ALEC") by Altair with ESMTP id ; Fri, 9 Jan 2004 13:48:03 +0300 Reply-To: From: "Alexander Voropay" To: Subject: vcware and modemware Versions on AS5300 Date: Fri, 9 Jan 2004 13:48:47 +0300 Organization: VMB-Service Message-ID: <09c801c3d69e$29127c40$1701a8c0@ALEC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi! Does anyone have an idea how to add a monitoring of vcware and modemware versions on CISCOs AS5300 ? Gate#show vfc 1 version dspware Version of Dspware in VFC slot 1 is 3.6.15L Gate#show vfc 1 version vcware Voice Feature Card in Slot 1: VCware Version : 9.19 ROM Monitor Version: 1.3 DSPware Version : 3.6.15L Technology : C549 Caller#show modem version Codes: d - DSP software download is required for achieving K56flex connections Modem module Firmware Boot DSP Mdm Number Rev Rev Rev 2/0 0 2.9.4.0 2/1 0 2.9.4.0 2/2 0 2.9.4.0 2/3 0 2.9.4.0 2/4 0 2.9.4.0 2/5 0 2.9.4.0 2/6 0 2.9.4.0 2/7 0 2.9.4.0 2/8 0 2.9.4.0 2/9 0 2.9.4.0 ... -- -=AV=- From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 14:55:49 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BEC33C67F2 for ; Fri, 9 Jan 2004 14:55:49 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 47A0017CF9E; Fri, 9 Jan 2004 14:55:49 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2798917CFA2; Fri, 9 Jan 2004 14:55:49 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from skwire.net (skwire.dsl.xmission.com [166.70.28.117]) by guelah.shrubbery.net (Postfix) with ESMTP id 5880917CF9E for ; Fri, 9 Jan 2004 14:55:47 +0000 (UTC) Received: from 166.102.0.152 ([166.102.0.152]) (authenticated user zpiggy1@skwire.net) by skwire.net (skwire.net [166.70.28.117]) (MDaemon.PRO.v6.8.5.R) with ESMTP id 44-md50000000105.tmp for ; Fri, 09 Jan 2004 07:55:41 -0700 Date: Fri, 09 Jan 2004 08:56:02 -0600 From: Daniel Evans To: RANCID Subject: Pushing config changes Message-Id: <20040109084202.2A5C.ZPIGGY1@skwire.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.07.02 X-Authenticated-Sender: zpiggy1@skwire.net X-Spam-Processed: skwire.net, Fri, 09 Jan 2004 07:55:41 -0700 (not processed: message from valid local sender) X-MDRemoteIP: 166.102.0.152 X-Return-Path: zpiggy1@skwire.net X-MDaemon-Deliver-To: rancid-discuss@shrubbery.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk All, I'm new to RANCID (and UNIX for that matter) and need help with RANCID. I have successfully issued the following command to add a configuration change to a single Juniper router: $ jlogin -x ./Update_File/Policy_1 192.168.100.1 What I need to do is push this file to ~80 additional devices. Is there a way to have a host list used rather than just the single host of 192.168.100.1? Thanks for any help you can offer! -- Daniel Evans From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 15:02:52 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id A8AACC67F3 for ; Fri, 9 Jan 2004 15:02:52 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 324B117CFA2; Fri, 9 Jan 2004 15:02:52 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 15F7217CFA9; Fri, 9 Jan 2004 15:02:52 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from nt_exchange.fusiontel.com (216-199-153-34.ftl.fdn.com [216.199.153.34]) by guelah.shrubbery.net (Postfix) with ESMTP id 1532D17CFA2 for ; Fri, 9 Jan 2004 15:02:50 +0000 (UTC) Received: by exchange.fusiontel.com with Internet Mail Service (5.5.2657.72) id ; Fri, 9 Jan 2004 10:02:33 -0500 Message-ID: From: Joshua Sahala To: 'Daniel Evans' , RANCID Subject: RE: Pushing config changes Date: Fri, 9 Jan 2004 10:02:29 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 it isn't pretty (mostly because my scripting is limited), but it works: - - create a file with a list of all the ip addresses - - have your ready-made config changes in a file for routers in `cat /rancid/router.list` do jlogin -x /Update_File/Policy_1 $routers done hth /joshua > >-----Original Message----- > >From: Daniel Evans [mailto:zpiggy1@skwire.net] > >Sent: Friday, January 09, 2004 09:56 > >To: RANCID > >Subject: Pushing config changes > > > > > >All, > > > >I'm new to RANCID (and UNIX for that matter) and need help > >with RANCID. > >I have successfully issued the following command to add a > >configuration > >change to a single Juniper router: > > > >$ jlogin -x ./Update_File/Policy_1 192.168.100.1 > > > >What I need to do is push this file to ~80 additional > >devices. Is there > >a way to have a host list used rather than just the single host of > >192.168.100.1? > > > >Thanks for any help you can offer! > > > >-- > >Daniel Evans > > > > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBP/7Che4482rKSzocEQJvfwCfX6G7iXzXwImDe1nlhe8+1oSTmkYAn375 w8bYnhp8u+QGv12mWDsrrzcN =s+Yx -----END PGP SIGNATURE----- From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 15:25:15 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7920AC67F2 for ; Fri, 9 Jan 2004 15:25:15 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id EEAC217CFCF; Fri, 9 Jan 2004 15:25:14 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D2DD117D0A9; Fri, 9 Jan 2004 15:25:14 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from skwire.net (skwire.dsl.xmission.com [166.70.28.117]) by guelah.shrubbery.net (Postfix) with ESMTP id A4A7B17CFCF for ; Fri, 9 Jan 2004 15:25:12 +0000 (UTC) Received: from 166.102.0.152 ([166.102.0.152]) (authenticated user zpiggy1@skwire.net) by skwire.net (skwire.net [166.70.28.117]) (MDaemon.PRO.v6.8.5.R) with ESMTP id 64-md50000000105.tmp for ; Fri, 09 Jan 2004 08:25:09 -0700 Date: Fri, 09 Jan 2004 09:25:29 -0600 From: Daniel Evans To: Joshua Sahala Subject: Re: Pushing config changes Cc: RANCID In-Reply-To: References: Message-Id: <20040109092500.2A5F.ZPIGGY1@skwire.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.07.02 X-Authenticated-Sender: zpiggy1@skwire.net X-Spam-Processed: skwire.net, Fri, 09 Jan 2004 08:25:09 -0700 (not processed: message from valid local sender) X-MDRemoteIP: 166.102.0.152 X-Return-Path: zpiggy1@skwire.net X-MDaemon-Deliver-To: rancid-discuss@shrubbery.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Thanks for the quick help. I'll give this a shot... On Fri, 9 Jan 2004 10:02:29 -0500 Joshua Sahala wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > it isn't pretty (mostly because my scripting is limited), but it > works: > > - - create a file with a list of all the ip addresses > - - have your ready-made config changes in a file > > for routers in `cat /rancid/router.list` > do > jlogin -x /Update_File/Policy_1 $routers > done > > hth > > /joshua > > > >-----Original Message----- > > >From: Daniel Evans [mailto:zpiggy1@skwire.net] > > >Sent: Friday, January 09, 2004 09:56 > > >To: RANCID > > >Subject: Pushing config changes > > > > > > > > >All, > > > > > >I'm new to RANCID (and UNIX for that matter) and need help > > >with RANCID. > > >I have successfully issued the following command to add a > > >configuration > > >change to a single Juniper router: > > > > > >$ jlogin -x ./Update_File/Policy_1 192.168.100.1 > > > > > >What I need to do is push this file to ~80 additional > > >devices. Is there > > >a way to have a host list used rather than just the single host of > > >192.168.100.1? > > > > > >Thanks for any help you can offer! > > > > > >-- > > >Daniel Evans > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.8 for non-commercial use > > iQA/AwUBP/7Che4482rKSzocEQJvfwCfX6G7iXzXwImDe1nlhe8+1oSTmkYAn375 > w8bYnhp8u+QGv12mWDsrrzcN > =s+Yx > -----END PGP SIGNATURE----- -- Daniel Evans From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 15:36:42 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D2FEAC67F2 for ; Fri, 9 Jan 2004 15:36:42 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3279617D0A9; Fri, 9 Jan 2004 15:36:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1737A17D30B; Fri, 9 Jan 2004 15:36:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 6B24517D0AA; Fri, 9 Jan 2004 15:36:41 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from phenix.rootshell.be (phenix.rootshell.be [217.22.55.50]) by guelah.shrubbery.net (Postfix) with ESMTP id 8B3F317CFCF for ; Fri, 9 Jan 2004 15:21:51 +0000 (UTC) Received: from phenix.rootshell.be (phenix [127.0.0.1]) by phenix.rootshell.be (8.12.8/8.12.8) with ESMTP id i09FLEjO017188; Fri, 9 Jan 2004 16:21:14 +0100 Received: from localhost (alastair@localhost) by phenix.rootshell.be (8.12.8/8.12.8/Submit) with ESMTP id i09FLBCa009069; Fri, 9 Jan 2004 16:21:13 +0100 X-Authentication-Warning: phenix.rootshell.be: alastair owned process doing -bs Date: Fri, 9 Jan 2004 16:21:11 +0100 (CET) From: "Alastair (Alex) Galloway" X-X-Sender: alastair@phenix.rootshell.be To: rancid-discuss@shrubbery.net Cc: Joshua Sahala Subject: Re: Pushing config changes Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, Joshua Sahala writes: > it isn't pretty (mostly because my scripting is limited), but it > works: > > for routers in `cat /rancid/router.list` > do > jlogin -x /Update_File/Policy_1 $routers > done I just keep it all on the command line, and also pipe it to tee so that I can go back and see what happened if something goes wrong. $ jlogin -x ./Update_File/Policy_1 `cat /rancid/router.list` | tee Policy_1-output Cheers, Alastair From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 15:47:08 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id B1FE4C67F2 for ; Fri, 9 Jan 2004 15:47:08 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 2B1BE17D0A9; Fri, 9 Jan 2004 15:47:08 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1006C17D30B; Fri, 9 Jan 2004 15:47:08 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 7152A17D0AA; Fri, 9 Jan 2004 15:47:07 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id D58A617D0A9 for ; Fri, 9 Jan 2004 15:46:44 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 9 Jan 2004 17:46:10 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: vcware and modemware Versions on AS5300 Date: Fri, 9 Jan 2004 17:47:42 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: vcware and modemware Versions on AS5300 Thread-Index: AcPWnkP+BHOwvit1QfyML/S4zxgB4wAKOo8w From: "Yuval Ben-Ari" To: , Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk show modem version seems too long, you might want to monitor "show spe version" this routine will do it: sub ShowSpeVersion { print STDERR " In ShowSpeVersion: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); ProcessHistory("MODEM","","","!Modem: $_") && next; } ProcessHistory("MODEM","","","!\n"); return(0); } also need to add the commands to trigger it in the right place: 'show spe version' =3D> "ShowSpeVersion", 'show spe version', > -----Original Message----- > From: owner-rancid-discuss@shrubbery.net=20 > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of=20 > Alexander Voropay > Sent: Friday, January 09, 2004 12:49 > To: rancid-discuss@shrubbery.net > Subject: vcware and modemware Versions on AS5300 >=20 >=20 > Hi! >=20 > Does anyone have an idea how to add a monitoring of > vcware and modemware versions on CISCOs AS5300 ? >=20 >=20 > Gate#show vfc 1 version dspware > Version of Dspware in VFC slot 1 is 3.6.15L >=20 > Gate#show vfc 1 version vcware >=20 > Voice Feature Card in Slot 1: > VCware Version : 9.19 > ROM Monitor Version: 1.3 > DSPware Version : 3.6.15L > Technology : C549 >=20 > Caller#show modem version >=20 > Codes: > d - DSP software download is required for achieving K56flex > connections >=20 > Modem module Firmware Boot DSP > Mdm Number Rev Rev Rev > 2/0 0 2.9.4.0 > 2/1 0 2.9.4.0 > 2/2 0 2.9.4.0 > 2/3 0 2.9.4.0 > 2/4 0 2.9.4.0 > 2/5 0 2.9.4.0 > 2/6 0 2.9.4.0 > 2/7 0 2.9.4.0 > 2/8 0 2.9.4.0 > 2/9 0 2.9.4.0 > ... > >=20 > -- > -=3DAV=3D- >=20 >=20 From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 15:52:48 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5BBCEC67E5 for ; Fri, 9 Jan 2004 15:52:48 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id D85B917D0AA; Fri, 9 Jan 2004 15:52:47 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C238417D32E; Fri, 9 Jan 2004 15:52:47 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id DA26B17D0AA for ; Fri, 9 Jan 2004 15:52:45 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 9 Jan 2004 17:52:12 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Pushing config changes Date: Fri, 9 Jan 2004 17:53:44 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Pushing config changes Thread-Index: AcPWwNp3BxTLjekjSzWcT2iwDvwCVAABzJCA From: "Yuval Ben-Ari" To: "Daniel Evans" , "RANCID" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk under bash: $ clogin -x config_file $(cat routers_list_file) > -----Original Message----- > From: owner-rancid-discuss@shrubbery.net=20 > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Daniel Evans > Sent: Friday, January 09, 2004 16:56 > To: RANCID > Subject: Pushing config changes >=20 >=20 > All, >=20 > I'm new to RANCID (and UNIX for that matter) and need help=20 > with RANCID. > I have successfully issued the following command to add a=20 > configuration > change to a single Juniper router: >=20 > $ jlogin -x ./Update_File/Policy_1 192.168.100.1 >=20 > What I need to do is push this file to ~80 additional=20 > devices. Is there > a way to have a host list used rather than just the single host of > 192.168.100.1?=20 >=20 > Thanks for any help you can offer! >=20 > --=20 > Daniel Evans >=20 >=20 >=20 From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 16:14:31 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BCFF7C67F3 for ; Fri, 9 Jan 2004 16:14:31 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 53C2117CF9F; Fri, 9 Jan 2004 16:14:31 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3565717D330; Fri, 9 Jan 2004 16:14:31 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 2876F17D32E; Fri, 9 Jan 2004 16:14:30 +0000 (UTC) Date: Fri, 9 Jan 2004 08:14:30 -0800 From: john heasley To: Joshua Sahala Cc: 'Daniel Evans' , RANCID Subject: Re: Pushing config changes Message-ID: <20040109161430.GS22884@shrubbery.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Fri, Jan 09, 2004 at 10:02:29AM -0500, Joshua Sahala: > it isn't pretty (mostly because my scripting is limited), but it > works: > > - create a file with a list of all the ip addresses > - have your ready-made config changes in a file > > for routers in `cat /rancid/router.list` > do > jlogin -x /Update_File/Policy_1 $routers > done or for routers in `cat /usr/local/rancid/*/router.db | grep :rancid:up | cut -d' ' -f 1` do echo $routers >> log jlogin ... $routers >> log done From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 16:16:09 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 761C1C67F5 for ; Fri, 9 Jan 2004 16:16:09 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1119917D330; Fri, 9 Jan 2004 16:16:09 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id EBC9717D338; Fri, 9 Jan 2004 16:16:08 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from skwire.net (skwire.dsl.xmission.com [166.70.28.117]) by guelah.shrubbery.net (Postfix) with ESMTP id 87BB017D330 for ; Fri, 9 Jan 2004 16:16:07 +0000 (UTC) Received: from 166.102.0.152 ([166.102.0.152]) (authenticated user zpiggy1@skwire.net) by skwire.net (skwire.net [166.70.28.117]) (MDaemon.PRO.v6.8.5.R) with ESMTP id 35-md50000000106.tmp for ; Fri, 09 Jan 2004 09:16:02 -0700 Date: Fri, 09 Jan 2004 10:16:23 -0600 From: Daniel Evans To: "RANCID" Subject: Re: Pushing config changes In-Reply-To: References: Message-Id: <20040109101448.2A62.ZPIGGY1@skwire.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.07.02 X-Authenticated-Sender: zpiggy1@skwire.net X-Spam-Processed: skwire.net, Fri, 09 Jan 2004 09:16:02 -0700 (not processed: message from valid local sender) X-MDRemoteIP: 166.102.0.152 X-Return-Path: zpiggy1@skwire.net X-MDaemon-Deliver-To: rancid-discuss@shrubbery.net Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk All, Thanks! It's working exactly like I need it to! -Daniel On Fri, 9 Jan 2004 17:53:44 +0200 "Yuval Ben-Ari" wrote: > under bash: > > $ clogin -x config_file $(cat routers_list_file) > > > -----Original Message----- > > From: owner-rancid-discuss@shrubbery.net > > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Daniel Evans > > Sent: Friday, January 09, 2004 16:56 > > To: RANCID > > Subject: Pushing config changes > > > > > > All, > > > > I'm new to RANCID (and UNIX for that matter) and need help > > with RANCID. > > I have successfully issued the following command to add a > > configuration > > change to a single Juniper router: > > > > $ jlogin -x ./Update_File/Policy_1 192.168.100.1 > > > > What I need to do is push this file to ~80 additional > > devices. Is there > > a way to have a host list used rather than just the single host of > > 192.168.100.1? > > > > Thanks for any help you can offer! > > > > -- > > Daniel Evans > > > > > > -- Daniel Evans From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 9 21:41:09 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id E8521C67F5 for ; Fri, 9 Jan 2004 21:41:08 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id BE60017CF9E; Fri, 9 Jan 2004 21:41:08 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9C54617CFA2; Fri, 9 Jan 2004 21:41:07 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from redhat1.mmaero.com (redhat1.mmaero.com [208.152.224.2]) by guelah.shrubbery.net (Postfix) with ESMTP id EA85A17CF9E for ; Fri, 9 Jan 2004 21:41:05 +0000 (UTC) Received: from redhat1.mmaero.com (localhost.localdomain [127.0.0.1]) by redhat1.mmaero.com (8.12.8/8.12.8) with ESMTP id i09Lf1xo024592; Fri, 9 Jan 2004 16:41:01 -0500 Received: from localhost (jlewis@localhost) by redhat1.mmaero.com (8.12.8/8.12.8/Submit) with ESMTP id i09Lf08P024588; Fri, 9 Jan 2004 16:41:01 -0500 X-Authentication-Warning: redhat1.mmaero.com: jlewis owned process doing -bs Date: Fri, 9 Jan 2004 16:41:00 -0500 (EST) From: jlewis@lewis.org X-X-Sender: jlewis@redhat1.mmaero.com To: Mohacsi Janos Cc: rancid-discuss@shrubbery.net Subject: Re: integration of security enhancement patch In-Reply-To: <20040109090404.H91437@mignon.ki.iif.hu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Fri, 9 Jan 2004, Mohacsi Janos wrote: > I would like to start with the broader view. I think CVS of rancid should > reflect the stable and working configuration. I am usually not interested > in the transient state of the router. In my opinion the running config is > only interesting if: > > - You are actually configuring something > - You are running a certain test, - the result are not sure. Or someone makes changes and neglects to write mem. There are other odd (beneficial) side effects of having rancid get the running config. Cisco as5200's, when low on memory, show a partial running config. The rancid email serves as an early warning system, telling us it's time to reboot an as5200. > So my vote would be default to startup config, and possible option for > running config. I'd vote the other way :) Keep it as is, and maybe make it an easily configured option to look at startup configs. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 10 02:41:18 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 8E7E8C6932 for ; Sat, 10 Jan 2004 02:41:18 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id DED1617CFA2; Sat, 10 Jan 2004 02:41:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C07A217CFCF; Sat, 10 Jan 2004 02:41:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 981D617CFCD; Sat, 10 Jan 2004 02:41:16 +0000 (UTC) Date: Fri, 9 Jan 2004 18:41:16 -0800 From: 'john heasley' To: "Gee-clough, Aaron (NIH/CIT)" Cc: 'john heasley' , "'rancid-discuss@shrubbery.net'" Subject: Re: Cloginvs dollar signs Message-ID: <20040110024116.GY22884@shrubbery.net> References: <64BC9A2B18FC5843BA0DE93548F745F3236F4C99@nihexchange3.nih.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64BC9A2B18FC5843BA0DE93548F745F3236F4C99@nihexchange3.nih.gov> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Dec 30, 2003 at 11:13:26AM -0500, Gee-clough, Aaron (NIH/CIT): > > please provide an example of your .cloginrc entry. afaik, > > what you've tried should have worked. I think that I have this one nailed. I believe that what happens is proc find() actually returns a list. because one of the values, your password, contains a meta-character ($), tcl decides that it should protect us by deferring (or is it protecting) the eval/expansion of what would be a variable (ie: $net). That may not be exactly correct, but... join()'ing the value seems to fix this; Which i've wrapped around all the find() calls which return a string that may include a meta-character or a non-integer. That is, "password" and "user", but not "autoenable" or "method". Please try ftp://ftp.shrubbery.net/outgoing/clogin.in [ i happened across this while googling for answers... After a duel with TCL, I return triumphant (but seriously injured; I took a blow to the head that may never heal...). - Daniel Jacobowitz ] From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 10 09:52:49 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5B010C693A for ; Sat, 10 Jan 2004 09:52:49 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9E4A517CFA2; Sat, 10 Jan 2004 09:52:48 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7F12A17CFCF; Sat, 10 Jan 2004 09:52:48 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from gizmo05bw.bigpond.com (gizmo05bw.bigpond.com [144.140.70.15]) by guelah.shrubbery.net (Postfix) with SMTP id C808E17CFA2 for ; Sat, 10 Jan 2004 09:52:45 +0000 (UTC) Received: (qmail 19086 invoked from network); 10 Jan 2004 09:54:38 -0000 Received: from unknown (HELO bwmam01.bigpond.com) (144.135.24.69) by gizmo05bw.bigpond.com with SMTP; 10 Jan 2004 09:54:38 -0000 Received: from cpe-144-132-104-134.vic.bigpond.net.au ([144.132.104.134]) by bwmam01.bigpond.com(MAM REL_3_4_2 8/17095287) with SMTP id 17095287; Sat, 10 Jan 2004 19:52:41 +1000 Message-ID: <3FFFCB67.2020605@choqolat.org> Date: Sat, 10 Jan 2004 20:52:39 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3 X-Accept-Language: en-us, en MIME-Version: 1.0 To: 'john heasley' Cc: "'rancid-discuss@shrubbery.net'" Subject: *login in perl? (was Re: Cloginvs dollar signs) References: <64BC9A2B18FC5843BA0DE93548F745F3236F4C99@nihexchange3.nih.gov> <20040110024116.GY22884@shrubbery.net> In-Reply-To: <20040110024116.GY22884@shrubbery.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk 'john heasley' wrote: >[ i happened across this while googling for answers... > > After a duel with TCL, I return triumphant (but seriously injured; I took a > blow to the head that may never heal...). > - Daniel Jacobowitz >] > > and from the same post, " A friend of mine got so fed up with TCL that he rewrote DejaGNU in Perl, which he's planning to publish in the next couple of weeks. I can see why. - Daniel Jacobowitz " Has there been much discussion of rewriting *logins in perl? If so, is the main hurdle you see porting the -s functionality? -afort From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 10 18:49:40 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 31FC5C67F3 for ; Sat, 10 Jan 2004 18:49:40 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 98C3D17CFA2; Sat, 10 Jan 2004 18:49:39 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7A66917CFCF; Sat, 10 Jan 2004 18:49:39 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 4BE1217CFCD; Sat, 10 Jan 2004 18:49:38 +0000 (UTC) Date: Sat, 10 Jan 2004 10:49:38 -0800 From: 'john heasley' To: Andrew Fort Cc: 'john heasley' , "'rancid-discuss@shrubbery.net'" Subject: Re: *login in perl? (was Re: Cloginvs dollar signs) Message-ID: <20040110184938.GD22884@shrubbery.net> References: <64BC9A2B18FC5843BA0DE93548F745F3236F4C99@nihexchange3.nih.gov> <20040110024116.GY22884@shrubbery.net> <3FFFCB67.2020605@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FFFCB67.2020605@choqolat.org> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Sat, Jan 10, 2004 at 08:52:39PM +1100, Andrew Fort: > 'john heasley' wrote: > > >[ i happened across this while googling for answers... > > > > After a duel with TCL, I return triumphant (but seriously injured; I took > > a > > blow to the head that may never heal...). > > - Daniel Jacobowitz > >] > > > > > > and from the same post, > > " > A friend of mine got so fed up with TCL that he rewrote DejaGNU in Perl, > which he's planning to publish in the next couple of weeks. I can see why. > - Daniel Jacobowitz > " > > Has there been much discussion of rewriting *logins in perl? If so, is > the main hurdle you see porting the -s functionality? spot on. rewriting it in _something_ else, yes. and, yes, the -s option is the primary concern. From owner-rancid-discuss-outgoing@shrubbery.net Sun Jan 11 05:30:18 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 9F798C67E5 for ; Sun, 11 Jan 2004 05:30:18 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0264717CF9E; Sun, 11 Jan 2004 05:30:18 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id CE24517CFA2; Sun, 11 Jan 2004 05:30:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 0AC3617CF9E for ; Sun, 11 Jan 2004 05:30:16 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0B5UBnN020212; Sun, 11 Jan 2004 00:30:11 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0B5UAap020209; Sun, 11 Jan 2004 00:30:10 -0500 (EST) (envelope-from asp) Date: Sun, 11 Jan 2004 00:30:10 -0500 From: Andrew Partan To: Yuval Ben-Ari Cc: a.voropay@vmb-service.ru, rancid-discuss@shrubbery.net Subject: Re: vcware and modemware Versions on AS5300 *&* GSR FRU info Message-ID: <20040111053010.GA20163@partan.com> References: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jan 09, 2004 at 05:47:42PM +0200, Yuval Ben-Ari wrote: > show modem version seems too long, > you might want to monitor "show spe version" > > this routine will do it: On Fri, Jan 09, 2004 at 06:44:40PM +0200, Yuval Ben-Ari wrote: > I find it very useful for inventory purposes to include FRU information > on GSR routers. > I added the following to sub ShowDiag: I merged these into rancid.in; can you (or someone) do a check of these bits to make sure they still work & I didn't blow something? Thanks, --asp --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid.in" #! @PERLV_PATH@ ## ## $Id: rancid.in,v 1.167 2004/01/11 03:49:13 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-d] [-l] [-f filename | $host] # use Getopt::Std; getopts('dfl'); $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $timeo = 90; # clogin timeout in seconds my(%filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string,@string)=(@_); if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routing that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routing (ascending). sub numsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); my($slaveslot); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^Slave in slot (\d+) is running/) { $slave = " Slave:"; $slaveslot = ", slot $1"; next; } if (/^Application and Content Networking Software/) { $type="CE"; } /^Application and Content Networking Software Release /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; /^Cisco Secure PIX /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; # PIX fail-over license /^This PIX has an?\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; /^(Cisco )?IOS .* Software,? \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $2, $3\n") && next; /^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ && ProcessHistory("COMMENTS","keysort","F2", "!Image:$slave $1 Synced to mainline version: $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G1", "!ROM Bootstrap: $3\n") && next; if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) { ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1 - a PIX\n"); ProcessHistory("COMMENTS","keysort","A2", "!CPU: $3\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory: $2\n"); } /^Serial Number:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; # CatOS 3500xl stuff /^System serial number(:\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!Serial Number$1\n") && next; /^Model / && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^Motherboard / && ProcessHistory("COMMENTS","keysort","C3", "!$_") && next; /^Power supply / && ProcessHistory("COMMENTS","keysort","C4", "!$_") && next; /^Activation Key:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^ROM: \d+ Bootstrap .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G2", "!ROM Image: Bootstrap $1\n!\n") && next; /^ROM: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G3","!ROM Image: $1\n") && next; /^BOOTFLASH: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTFLASH: $1\n") && next; /^BOOTLDR: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTLDR: $1\n") && next; /^System image file is "([^\"]*)", booted via (\S*)/ && # removed the booted source due to # CSCdk28131: cycling info in 'sh ver' # ProcessHistory("COMMENTS","keysort","F4","!Image: booted via $2, $1\n") && ProcessHistory("COMMENTS","keysort","F4","!Image: booted $1\n") && next; /^System image file is "([^\"]*)"$/ && ProcessHistory("COMMENTS","keysort","F5","!Image: $1\n") && next; if (/(\S+)\s+\((\S+)\)\s+processor.*with (\S+[kK]) bytes/) { my($proc) = $1; my($cpu) = $2; my($mem) = $3; my($device) = "router"; # the next line ought to be the more specific cpu info, grab it. # yet, some boards/IOS vers have a processor ID line between these # two. grrr. make sure we dont grab the "software" junk that # follows these lines by looking for "CPU at " or the 2600s # "processor: " unique string. there are undoubtedly many other # incantations. for a slave, we dont get this info and its just a # blank line. $_ = ; $_ = if (/processor board id/i); $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i); tr/\015//d; s/implementation/impl/i; if ($_ !~ /^\s*$/) { chomp; s/^/, /; } if ( $proc eq "CSC") { $type = "AGS"; } elsif ( $proc eq "CSC4") { $type = "AGS+"; } elsif ( $proc =~ /^(AS)?25[12][12]/) { $type = "2500"; } elsif ( $proc =~ /261[01]/ || $proc =~ /262[01]/ ) { $type = "2600"; } elsif ( $proc =~ /^36[0246][0-9]/) { $type = "3600"; } elsif ( $proc =~ /^37/) { $type = "3700"; } elsif ( $proc eq "RSP7000") { $type = "7500"; } elsif ( $proc =~ /RSP\d/) { $type = "7500"; } elsif ( $proc eq "RP1") { $type = "7000"; } elsif ( $proc eq "RP") { $type = "7000"; } elsif ( $proc =~ /720[246]/) { $type = "7200"; } elsif ( $proc =~ /1200[48]\/GRP/ || $proc =~ /1201[26]\/GRP/) { $type = "12000"; } elsif ( $proc =~ /1201[26]-8R\/GRP/) { $type = "12000"; } elsif ( $proc =~ /WS-C29/) { $type = "2900XL"; $device = "switch"; } elsif ( $proc =~ /WS-C355/) { $type = "3550"; $device = "switch"; } elsif ( $proc =~ /WS-C35/) { $type = "3500XL"; $device = "switch"; } elsif ( $proc =~ /WS-C45/) { $type = "4500"; $device = "switch"; } elsif ( $proc =~ /6000/) { $type = "6000"; $device = "switch"; } elsif ( $proc =~ /CISCO76/) { $type = "7600"; $device = "router"; } elsif ( $proc =~ /1900/) { $type = "1900"; $device = "switch"; } else { $type = $proc; } print STDERR "TYPE = $type\n" if ($debug); ProcessHistory("COMMENTS","keysort","A1", "!Chassis type:$slave $proc - a $type $device\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory:$slave main $mem\n"); ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu$_$slaveslot\n"); next; } if (/(\S+) Silicon\s*Switch Processor/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C2","!SSP: $1\n"); $ssp = 1; $sspmem = $1; next; } /^(\d+[kK]) bytes of multibus/ && ProcessHistory("COMMENTS","keysort","B2", "!Memory: multibus $1\n") && next; /^(\d+[kK]) bytes of (non-volatile|NVRAM)/ && ProcessHistory("COMMENTS","keysort","B3", "!Memory: nvram $1\n") && next; /^(\d+[kK]) bytes of flash memory/ && ProcessHistory("COMMENTS","keysort","B5","!Memory: flash $1\n") && next; /^(\d+[kK]) bytes of .*flash partition/ && ProcessHistory("COMMENTS","keysort","B6", "!Memory: flash partition $1\n") && next; /^(\d+[kK]) bytes of Flash internal/ && ProcessHistory("COMMENTS","keysort","B4", "!Memory: bootflash $1\n") && next; if(/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i) { ProcessHistory("COMMENTS","keysort","B7", "!Memory: pcmcia $2 $3$4 $1\n"); next; } if(/^WARNING/) { if (!defined($I0)) { $I0=1; ProcessHistory("COMMENTS","keysort","I0","!\n"); } ProcessHistory("COMMENTS","keysort","I1","! $_"); } if (/^Configuration register is (.*)$/) { $config_register=$1; next; } } return(0); } # This routine parses "show redundancy" sub ShowRedundancy { print STDERR " In ShowRedundancy: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $1, $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; } return(0); } # This routine parses "show IDprom" sub ShowIDprom { my($tmp); print STDERR " In ShowIDprom: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /FRU is .(.*)\'/ && ($tmp = $1); /Product Number = .(.*)\'/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D0", "!Catalyst Chassis type: $1, $tmp\n"); /Serial Number = .([0-9A-Za-z]+)/ && ProcessHistory("COMMENTS","keysort","D1", "!Catalyst Chassis S/N: $1\n"); /Manufacturing Assembly Number = .([-0-9]+)/ && ($tmp = $1); /Manufacturing Assembly Revision = .(.*)\'/ && ($tmp .= ", rev " . $1); /Hardware Revision = ([0-9.]+)/ && ProcessHistory("COMMENTS","keysort","D2", "!Catalyst Chassis assembly: $tmp, ver $1\n"); } return(0); } # This routine parses "show install active" sub ShowInstallActive { print STDERR " In ShowInstallActive: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("COMMENTS","keysort","F5","!Image: $_") && next; } return(0); } # This routine parses "show env all" sub ShowEnv { # Skip if this is not a 7500, 7200, or 7000. print STDERR " In ShowEnv: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (!defined($E0)) { $E0=1; ProcessHistory("COMMENTS","keysort","E0","!\n"); } if (/^Arbiter type (\d), backplane type (\S+)/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C1", "!Enviromental Arbiter Type: $1\n"); ProcessHistory("COMMENTS","keysort","A2", "!Chassis type: $2 backplane\n"); next; } /^\s*(Power [^:\n]+)$/ && ProcessHistory("COMMENTS","keysort","E1","!Power: $1\n") && next; /^\s*(Lower Power .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(redundant .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(RPS is .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show rsp chassis-info" for the rsp # This will create arrays for hw info. sub ShowRSP { print STDERR " In ShowRSP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^$/ && next; /^\s+Chassis model: (\S+)/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D1", "!RSP Chassis model: $1\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!RSP Chassis S/N: $1\n") && next; } return(0); } # This routine parses "show gsr chassis-info" for the gsr # This will create arrays for hw info. sub ShowGSR { # Skip if this is not a 1200n. print STDERR " In ShowGSR: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^$/ && next; /^\s+Chassis: type (\S+) Fab Ver: (\S+)/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D1", "!GSR Chassis type: $1 Fab Ver: $2\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!GSR Chassis S/N: $1\n") && next; /^\s+PCA: (\S+)\s*rev: (\S+)\s*dev: \S+\s*HW ver: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D3", "!GSR Backplane PCA: $1, rev $2, ver $3\n") && next; /^\s+Backplane S\/N: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D4", "!GSR Backplane S/N: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show boot" sub ShowBoot { # Pick up boot variables if 7000/7200/7500/12000/2900/3500; # otherwise pick up bootflash. print STDERR " In ShowBoot: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(-1) if (/command authorization failed/i); return(1) if /Ambiguous command/i; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; next if /CONFGEN variable/; if (!defined($H0)) { $H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n"); } if ($type !~ /^(12[04]|7)/) { if ($type !~ /^(29|35)00/) { ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_"); } else { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } elsif (/variable/) { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show flash" sub ShowFlash { # skip if this is 7000, 7200, 7500, or 12000; else we end up with # redundant data from dir /all slot0: print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if ($type =~ /^(12[40]|7)/); return(-1) if (/command authorization failed/i); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); return; } # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { # Skip if this is not a 3600, 7000, 7200, 7500, or 12000. print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|7|36)/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(No such device|Error Sending Request)/i; return(1) if /\%Error: No such file or directory/; return(1) if /No space information available/; return(-1) if /\%Error calling/; return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("FLASH","","","!Flash: $dev: $_"); } ProcessHistory("","","","!\n"); return(0); } # This routine parses "show controllers" sub ShowContAll { # Skip if this is a 70[01]0, 7500, or 12000. print STDERR " In ShowContAll: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type =~ /^(12[40]|7[05])/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^Interface ([^ \n(]*)/) { $INT = "$1, "; next; } /^(BRI unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^LANCE unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^(LANCE unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /(Media Type is \S+),/ && ProcessHistory("INT","","","!\t$1\n"); if (/(M\dT[^ :]*:) show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr $_"); } if (/^(\S+) : show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr: $_"); } /^(HD unit \d), idb/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^HD unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ HD unit \d, (.*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^AM79970 / && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ (Universal Serial: .*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^Hardware is (.*)/ && ProcessHistory("INT","","","!Interface: $INT$1\n") && next; /^(QUICC Serial unit \d),/ && ProcessHistory("INT","","","!$1\n") && next; /^QUICC Ethernet .*/ && ProcessHistory("INT","","","!$_") && next; /^DTE .*\.$/ && ProcessHistory("INT","","","!\t$_") && next; /^(cable type :.*),/ && ProcessHistory("INT","","","!\t$1\n") && next; /^(.* cable.*), received clockrate \d+$/ && ProcessHistory("INT","","","!\t$1\n") && next; /^.* cable.*$/ && ProcessHistory("INT","","","!\t$_") && next; } return(0); } # This routine parses "show controllers cbus" # Some of this is printed out in ShowDiagbus. sub ShowContCbus { # Skip if this is not a 7000 or 7500. print STDERR " In ShowContCbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]0/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^\s*slot(\d+): ([^,]+), hw (\S+), sw (\S+), ccb/) { $slot = $1; $board{$slot} = $2; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/^\s*(\S+) (\d+), hardware version (\S+), microcode version (\S+)/) { $slot = $2; $board{$slot} = $1; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/(Microcode .*)/) { $ucode{$slot} = $1; } elsif (/(software loaded .*)/) { $ucode{$slot} = $1; } elsif (/(\d+) Kbytes of main memory, (\d+) Kbytes cache memory/) { $hwmemd{$slot} = $1; $hwmemc{$slot} = $2; } elsif (/byte buffers/) { chop; s/^\s*//; $hwbuf{$slot} = $_; } elsif (/Interface (\d+) - (\S+ \S+),/) { $interface = $1; ProcessHistory("HW","","", "!\n!Int $interface: in slot $slot, named $2\n"); next; } elsif (/(\d+) buffer RX queue threshold, (\d+) buffer TX queue limit, buffer size (\d+)/) { ProcessHistory("HW","","","!Int $interface: rxq $1, txq $2, bufsize $3\n"); next; } } return(0); } # This routine parses "show diagbus" # This will create arrarys for hw info. sub ShowDiagbus { # Skip if this is not a 7000, 70[01]0, or 7500. print STDERR " In ShowDiagbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^\s*Slot (\d+):/i) { $slot = $1; next; } elsif (/^\s*Slot (\d+) \(virtual\):/i) { $slot = $1; next; } elsif (/^\s*(.*Processor.*|.*controller|.*controler|.*Chassis Interface)(, FRU\s?:.*)?, HW rev (\S+), board revision (\S+)/i) { $board = $1; $hwver = $3; $boardrev = $4; if ($board =~ /Processor/) { if ($board =~ /7000 Route\/Switch/) { $board = "RSP7000"; } elsif ($board =~ /Route\/Switch Processor (\d)/) { $board = "RSP$1"; } elsif ($board =~ /Route/) { $board = "RP"; } elsif ($board =~ /Silicon Switch/) { $board = "SSP"; } elsif ($board =~ /Switch/) { $board = "SP"; $board = "SSP $sspmem" if $ssp; } elsif ($board =~ /ATM/) { $board = "AIP"; } } elsif ($board =~ /(.*) controller/i) { $board = $1; } # hwucode{$slot} defined in ShowContCbus if (defined $hwucode{$slot}) { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev ucode $hwucode{$slot}\n"); } else { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev\n"); } # These are also from the ShowContCbus ProcessHistory("SLOT","","","!Slot $slot/$board: $ucode{$slot}\n") if (defined $ucode{$slot}); ProcessHistory("SLOT","","","!Slot $slot/$board: memd $hwmemd{$slot}, cache $hwmemc{$slot}\n") if ((defined $hwmemd{$slot}) && (defined $hwmemc{$slot})); ProcessHistory("SLOT","","","!Slot $slot/$board: $hwbuf{$slot}\n") if (defined $hwbuf{$slot}); next; } /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","", "!Slot $slot/$board: part $2, serial $1\n") && next; /^\s*Controller Memory Size: (.*)$/ && ProcessHistory("SLOT","","","!Slot $slot/$board: $1\n") && next; if (/PA Bay (\d) Information/) { $pano = $1; if ("PA" =~ /$board/) { ($s,$c) = split(/\//,$board); $board = "$s/$c/PA $pano"; } else { $board =~ s/\/PA \d//; $board = "$board/PA $pano"; } next; } /\s+(.*) (IP|PA), (\d) ports?,( \S+,)? (FRU\s?: )?(\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $6, $3 ports\n") && next; /\s+(.*) (IP|PA)( \(\S+\))?, (\d) ports?/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $1$3, $4 ports\n") && next; /^\s*HW rev (\S+), Board revision (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: hvers $1 rev $2\n") && next; /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: part $2, serial $1\n") && next; } return(0); } # This routine parses "show diag" for the gsr, 7200, 3700, 3600, 2600. # This will create arrarys for hw info. sub ShowDiag { # Skip if this is not a 12000. print STDERR " In ShowDiag: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|720|36|26)/); return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; s/Port Packet Over SONET/POS/; if (/^\s*SLOT\s+(\d+)\s+\((.*)\): (.*)/) { $slot = $1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $3\n"); next; } if (/^\s+MAIN:\s* type \d+,\s+(.*)/) { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n"); next; } if (/^c3700\s+(io-board|mid-plane)/i) { $slot=$1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: part $1\n"); next; } if (/ Engine:\s+(.*)/) { ProcessHistory("SLOT","keysort","AE","!Slot $slot/Engine: $1\n"); } if (/^\s+PCA:\s+(.*)/) { local($part) = $1; $_ = ; /^\s+(HW version|design release) (\S+)\s+S\/N (\S+)/i && ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $3\n") && ProcessHistory("SLOT","keysort","C2","!Slot $slot/PCA: hvers $2\n"); next; } if (/^\s+MBUS: .*\)\s+(.*)/) { local($tmp) = "!Slot $slot/MBUS: part $1"; $_ = ; /^\s+HW version (\S+)\s+S\/N (\S+)/ && ProcessHistory("SLOT","keysort","MB1","$tmp, serial $2\n") && ProcessHistory("SLOT","keysort","MB2","!Slot $slot/MBUS: hvers $1\n"); next; } if (/^\s+MBUS Agent Software version (.*)/) { ProcessHistory("SLOT","keysort","MB3","!Slot $slot/MBUS: software $1\n"); next; } if (/^\s+ROM Monitor version (.*)/) { ProcessHistory("SLOT","keysort","R","!Slot $slot/ROM Monitor: version $1\n"); next; } if (/^\s+Fabric Downloader version used (.*)/) { ProcessHistory("SLOT","keysort","Z","!Slot $slot/Fabric Downloader: version $1\n"); next; } if (/^\s+DRAM size: (\d+)/) { local($dram) = $1 / 1048576; $_ = ; if (/^\s+FrFab SDRAM size: (\d+)/) { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM, " . $1 / 1024 . " Kbytes SDRAM\n"); } else { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM\n"); } next; } if (/FRU:\s+Linecard\/Module:\s+(\S+)/) { ProcessHistory("SLOT","","","!Slot $slot/FRU: Linecard/Module: $1\n") next; } # 7200, 3600, 2600, and 1700 stuff if (/^(Slot)\s+(\d+(\/\d+)?):/ || /^\s+(WIC|VIC|WIC\/VIC) Slot (\d):/ || /^(Encryption AIM) (\d):/) { if ($1 eq "WIC") { $WIC = "/$2"; } elsif ($1 eq "VIC") { $WIC = "/$2"; } elsif ($1 eq "WIC/VIC") { $WIC = "/$2"; } elsif ($1 eq "Encryption AIM") { $slot = "$2"; undef($WIC); ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1\n"); next; } else { $slot = $2; undef($WIC); } $_ = ; tr/\015//d; # clean up hideous 7200/etc formats to look more like 7500 output s/Fast-ethernet on C7200 I\/O card/FE-IO/; s/ with MII or RJ45/-TX/; s/Fast-ethernet /100Base/; s/[)(]//g; s/intermediate reach/IR/i; ProcessHistory("SLOT","","","!\n"); /\s+(.*) port adapter,?\s+(\d+)\s+/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n") && next; # I/O controller with no interfaces /\s+(.*)\s+port adapter\s*$/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n") && next; /\s+(.*)\s+daughter card(.*)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n") && next; /\s+(FT1)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n") && next; # handle WICs lacking "daughter card" in the 2nd line of their # show diag o/p if (defined($WIC)) { s/^\s+//; ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $_"); } next; } # yet another format. seen on 2600s w/ 12.1, but appears to be all # 12.1, including 7200s & 3700s. Sometimes the PCB serial appears # before the hardware revision. if (/(pcb serial number|hardware revision)\s+:\s+(\S+)$/i) { my($hw, $pn, $rev, $sn); if ($1 =~ /^pcb/i) { $sn = $2; } else { $hw = $2; } while () { tr/\015//d; if (/0x..: /) { # no effing idea why break does not work there goto PerlSucks; } if (/hardware revision\s+:\s+(\S+)/i) { $hw = $1; } if (/part number\s+:\s+(\S+)/i) { $pn = $1; } if (/board revision\s+:\s+(\S+)/i) { $rev = $1; } if (/pcb serial number\s+:\s+(\S+)/i) { $sn = $1; } } PerlSucks: ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: hvers $hw rev $rev\n"); ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: part $pn, serial $sn\n"); } /revision\s+(\S+).*revision\s+(\S+)/ && ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: hvers $1 rev $2\n") && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ProcessHistory("SLOT","keysort","D","!Slot $slot$WIC: part $2, serial $1\n") && next; } ProcessHistory("SLOT","","","!\n"); return(0); } # This routine parses "show module". sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); my(@lines); my($slot); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; # match slot/card info line if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) { $lines[$1] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; $lines[$1] =~ s/\s+,/,/g; } # now match the Revs in the second paragraph of o/p and stick it in # the array with the previous bits...grumble. if (/^ *(\d+)\s+\S+\s+to\s+\S+\s+(\S+)\s+(\S*)\s+(\S+)(\s+\S+)?\s*$/) { $lines[$1] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; $lines[$1] =~ s/\s+,/,/g; } } foreach $slot (@lines) { next if ($slot =~ /^\s*$/); ProcessHistory("Module","","","$slot!\n"); } return(0); } # This routine parses "show spe version". sub ShowSpeVersion { print STDERR " In ShowSpeVersion: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); ProcessHistory("MODEM","","","!Modem: $_") && next; } ProcessHistory("MODEM","","","!\n"); return(0); } # This routine parses "show c7200" for the 7200 # This will create arrays for hw info. sub ShowC7200 { # Skip if this is not a 7200. print STDERR " In ShowC7200: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^72/); return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^(C7200 )?Midplane EEPROM:/) { $_ = ; /revision\s+(\S+).*revision\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: hvers $1 rev $2\n"); $_ = ; /number\s+(\S+)\s+Part number\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: part $2, serial $1\n!\n"); next; } if (/C720\d(VXR)? CPU EEPROM:/) { my ($hvers,$rev,$part,$serial); # npe400s report their cpu eeprom info differently w/ 12.0.21S while () { /Hardware Revision\s+: (\S+)/ && ($hvers = $1) && next; /Board Revision\s+: (\S+)/ && ($rev = $1) && next; /Part Number\s+: (\S+)/ && ($part = $1) && next; /Serial Number\s+: (\S+)/ && ($serial = $1) && next; /revision\s+(\S+).*revision\s+(\S+)/ && ($hvers = $1, $rev = $2) && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ($serial = $1, $part = $2) && next; /^\s*$/ && last; } ProcessHistory("SLOT","","","!Slot CPU: hvers $hvers rev $rev\n"); ProcessHistory("SLOT","","","!Slot CPU: part $part, serial $serial\n!\n"); next; } } return(0); } # This routine parses "show vtp status" sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); ($_=,return(1)) if (!$DO_SHOW_VLAN); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /(Invalid input detected|Type help or )/; # newer releases (~12.1(9)) place the vlan config in the normal # configuration (write term). return(1) if ($type =~ /^(3550|4500|7600)$/); #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } ProcessHistory("COMMENTS","keysort","IO","!\n"); return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); my($lineauto,$comment,$linecnt) = (0,0,0); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked return(0) if ($found_end); # Only do this routine once $linecnt++; $lineauto = 0 if (/^[^ ]/); # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { next if (/^Current configuration\s*:/i); next if (/^:/); next if (/^([%!].*|\s*)$/); next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S last; } if (defined($config_register)) { ProcessHistory("","","","!\nconfig-register $config_register\n"); } tr/\015//d; } # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. if (/^!/) { next if ($comment); ProcessHistory("","","",$_); $comment++; next; } $comment = 0; # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines $lineauto = 1 if /^ modem auto/; /^ speed / && $lineauto && next; # kill speed on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); next; } if (/^(enable secret) / && $filter_pwds >= 2) { ProcessHistory("ENABLE","","","!$1 \n"); next; } if (/^username (\S+)(\s.*)? secret /) { if ($filter_pwds >= 2) { ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds == 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } elsif ($filter_pwds == 1 && $4 ne "5"){ ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^( set session-key (in|out)bound esp \d+ (authenticator|cypher) )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^(\s*)password / && $filter_pwds >= 1) { ProcessHistory("LINE-PASS","","","!$1password \n"); next; } if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { ProcessHistory("","","","! neighbor $1 password \n"); next; } if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^(ip ftp password) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # isis passwords appear to be completely plain-text if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!isis password $2\n"); next; } if (/^\s+(domain-password|area-password) (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $3\n"); next; } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } # filter HSRP passwords if (/^(\s+standby \d authentication) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this appears in "measurement/sla" images if (/^(\s+key-string \d?)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( l2tp tunnel \S+ password)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # i am told these are plain-text on the PIX if (/^(vpdn username \S+ password)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( cable shared-secret ) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } /fair-queue individual-limit/ && next; # sort ip explicit-paths. if (/^ip explicit-path name (\S+)/) { my($key) = $1; my($expath) = $_; while () { tr/\015//d; last if (/^$prompt/); last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); if (/^ip explicit-path name (\S+)/) { ProcessHistory("EXPATH","keysort","$key","$expath"); $key = $1; $expath = $_; } else { $expath .= $_; } } ProcessHistory("EXPATH","keysort","$key","$expath"); } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; # order arp lists /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && ProcessHistory("ARP","ipsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # order logging statements /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order/prune snmp-server host statements # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if (defined($ENV{'NOCOMMSTR'})) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = "!$line " . join(' ', ("", join(' ',@tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } if (/^(snmp-server community) (\S+)/) { if (defined($ENV{'NOCOMMSTR'})) { ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # prune tacacs/radius server keys if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 key \n"); next; } if (/^((tacacs-server|radius-server) host \S+ key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order clns host statements /^clns host \S+ (\S+)/ && ProcessHistory("CLNS","keysort","$1","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password - this md5 is a reversable too if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host statements /^ip host (\S+) / && ProcessHistory("IPHOST","keysort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order atm map-list statements /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # system controller /^syscon address (\S*) (\S*)/ && ProcessHistory("","","","!syscon address $1 \n") && next; if (/^syscon password (\S*)/ && $filter_pwds >= 1) { ProcessHistory("","","","!syscon password \n"); next; } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. the ": " game is for the PIX if (/^(: +)?end$/) { $found_end = 1; return(1); } } # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE and we have seen at least 5 lines of write term # o/p, we can be reasonably sure that we got the config. if ($type =~ /^CE$/ && $linecnt > 5) { $found_end = 1; return(1); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=( 'show version' => "ShowVersion", 'show redundancy secondary' => "ShowRedundancy", 'show idprom backplane', => "ShowIDprom", 'show install active' => "ShowInstallActive", 'show env all' => "ShowEnv", 'show rsp chassis-info',=> "ShowRSP", 'show gsr chassis' => "ShowGSR", 'show boot' => "ShowBoot", 'show bootvar' => "ShowBoot", 'show variables boot' => "ShowBoot", 'show flash' => "ShowFlash", 'dir /all nvram:' => "DirSlotN", 'dir /all bootflash:' => "DirSlotN", 'dir /all slot0:' => "DirSlotN", 'dir /all disk0:' => "DirSlotN", 'dir /all slot1:' => "DirSlotN", 'dir /all disk1:' => "DirSlotN", 'dir /all slot2:' => "DirSlotN", 'dir /all disk2:' => "DirSlotN", "dir /all sup-bootflash:"=> "DirSlotN", # cat 6500-ios "dir /all sup-microcode:"=> "DirSlotN", # cat 6500-ios 'dir /all slavenvram:' => "DirSlotN", 'dir /all slavebootflash:' => "DirSlotN", 'dir /all slaveslot0:' => "DirSlotN", 'dir /all slavedisk0:' => "DirSlotN", 'dir /all slaveslot1:' => "DirSlotN", 'dir /all slavedisk1:' => "DirSlotN", 'dir /all slaveslot2:' => "DirSlotN", 'dir /all slavedisk2:' => "DirSlotN", "dir /all slavesup-bootflash:"=> "DirSlotN", # cat 7609 'dir /all sec-nvram:' => "DirSlotN", 'dir /all sec-bootflash:' => "DirSlotN", 'dir /all sec-slot0:' => "DirSlotN", 'dir /all sec-disk0:' => "DirSlotN", 'dir /all sec-slot1:' => "DirSlotN", 'dir /all sec-disk1:' => "DirSlotN", 'dir /all sec-slot2:' => "DirSlotN", 'dir /all sec-disk2:' => "DirSlotN", 'show controllers' => "ShowContAll", 'show controllers cbus' => "ShowContCbus", 'show diagbus' => "ShowDiagbus", 'show diag' => "ShowDiag", 'show module' => "ShowModule", # cat 6500-ios 'show spe version' => "ShowSpeVersion", 'show c7200' => "ShowC7200", 'show vtp status' => "ShowVTP", 'show vlan' => "ShowVLAN", 'show running-config' => "WriteTerm", 'write term' => "WriteTerm" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( "show version", "show redundancy secondary", "show idprom backplane", "show install active", "show env all", "show rsp chassis-info", "show gsr chassis", "show boot", "show bootvar", "show variables boot", "show flash", "dir /all nvram:", "dir /all bootflash:", "dir /all slot0:", "dir /all disk0:", "dir /all slot1:", "dir /all disk1:", "dir /all slot2:", "dir /all disk2:", "dir /all sup-bootflash:", "dir /all sup-microcode:", "dir /all slavenvram:", "dir /all slavebootflash:", "dir /all slaveslot0:", "dir /all slavedisk0:", "dir /all slaveslot1:", "dir /all slavedisk1:", "dir /all slaveslot2:", "dir /all slavedisk2:", "dir /all slavesup-bootflash:", "dir /all sec-nvram:", "dir /all sec-bootflash:", "dir /all sec-slot0:", "dir /all sec-disk0:", "dir /all sec-slot1:", "dir /all sec-disk1:", "dir /all sec-slot2:", "dir /all sec-disk2:", "show controllers", "show controllers cbus", "show diagbus", "show diag", "show module", "show spe version", "show c7200", "show vtp status", "show vlan", "show running-config", "write term" ); $cisco_cmds=join(";",@commands); $cmds_regexp=join("|",@commands); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/[>#]\s?exit$/) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } --VS++wcV0S1rZb1Fb-- From owner-rancid-discuss-outgoing@shrubbery.net Sun Jan 11 05:38:16 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 647C4C67E5 for ; Sun, 11 Jan 2004 05:38:16 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id D560017CFA2; Sun, 11 Jan 2004 05:38:15 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id A4F6117CFCD; Sun, 11 Jan 2004 05:38:15 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id D633217CFA2 for ; Sun, 11 Jan 2004 05:38:13 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0B5cAnN021499; Sun, 11 Jan 2004 00:38:10 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0B5cAq9021496; Sun, 11 Jan 2004 00:38:10 -0500 (EST) (envelope-from asp) Date: Sun, 11 Jan 2004 00:38:10 -0500 From: Andrew Partan To: Yuval Ben-Ari Cc: a.voropay@vmb-service.ru, rancid-discuss@shrubbery.net Subject: Re: vcware and modemware Versions on AS5300 *&* GSR FRU info Message-ID: <20040111053810.GA21458@partan.com> References: <20040111053010.GA20163@partan.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="zhXaljGHf11kAtnf" Content-Disposition: inline In-Reply-To: <20040111053010.GA20163@partan.com> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Jan 11, 2004 at 12:30:10AM -0500, Andrew Partan wrote: > On Fri, Jan 09, 2004 at 05:47:42PM +0200, Yuval Ben-Ari wrote: > > show modem version seems too long, > > you might want to monitor "show spe version" > > > > this routine will do it: > > On Fri, Jan 09, 2004 at 06:44:40PM +0200, Yuval Ben-Ari wrote: > > I find it very useful for inventory purposes to include FRU information > > on GSR routers. > > I added the following to sub ShowDiag: > > I merged these into rancid.in; can you (or someone) do a check of > these bits to make sure they still work & I didn't blow something? Bletch; I should have know better; I sent bad bits. Try these instead. --asp --zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="rancid.in" #! @PERLV_PATH@ ## ## $Id: rancid.in,v 1.167 2004/01/11 03:49:13 heas Exp $ ## ## Copyright (C) 1997-2004 by Terrapin Communications, Inc. ## All rights reserved. ## ## This software may be freely copied, modified and redistributed ## without fee for non-commerical purposes provided that this license ## remains intact and unmodified with any RANCID distribution. ## ## There is no warranty or other guarantee of fitness of this software. ## It is provided solely "as is". The author(s) disclaim(s) all ## responsibility and liability with respect to this software's usage ## or its effect upon hardware, computer systems, other software, or ## anything else. ## ## Except where noted otherwise, rancid was written by and is maintained by ## Henry Kilmer, John Heasley, Andrew Partan, Pete Whiting, and Austin Schutz. ## # # RANCID - Really Awesome New Cisco confIg Differ # # usage: rancid [-d] [-l] [-f filename | $host] # use Getopt::Std; getopts('dfl'); $log = $opt_l; $debug = $opt_d; $file = $opt_f; $host = $ARGV[0]; $clean_run = 0; $found_end = 0; $timeo = 90; # clogin timeout in seconds my(%filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string,@string)=(@_); if((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && defined %history) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routing that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routing that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routing (ascending). sub numsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines)=@_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3]+256*($a[2]+256*($a[1]+256*$a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "show version" sub ShowVersion { print STDERR " In ShowVersion: $_" if ($debug); my($slaveslot); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^Slave in slot (\d+) is running/) { $slave = " Slave:"; $slaveslot = ", slot $1"; next; } if (/^Application and Content Networking Software/) { $type="CE"; } /^Application and Content Networking Software Release /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; /^Cisco Secure PIX /i && ProcessHistory("COMMENTS","keysort","F1", "!Image: $_") && next; # PIX fail-over license /^This PIX has an?\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; /^(Cisco )?IOS .* Software,? \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $2, $3\n") && next; /^([A-Za-z-0-9_]*) Synced to mainline version: (.*)$/ && ProcessHistory("COMMENTS","keysort","F2", "!Image:$slave $1 Synced to mainline version: $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; /^ROM: (IOS \S+ )?(System )?Bootstrap.*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G1", "!ROM Bootstrap: $3\n") && next; if (/^Hardware:\s+(.*), (.* RAM), CPU (.*)$/) { ProcessHistory("COMMENTS","keysort","A1", "!Chassis type: $1 - a PIX\n"); ProcessHistory("COMMENTS","keysort","A2", "!CPU: $3\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory: $2\n"); } /^Serial Number:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!$_") && next; # CatOS 3500xl stuff /^System serial number(:\s+.*)$/ && ProcessHistory("COMMENTS","keysort","C1", "!Serial Number$1\n") && next; /^Model / && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^Motherboard / && ProcessHistory("COMMENTS","keysort","C3", "!$_") && next; /^Power supply / && ProcessHistory("COMMENTS","keysort","C4", "!$_") && next; /^Activation Key:\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","C2", "!$_") && next; /^ROM: \d+ Bootstrap .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G2", "!ROM Image: Bootstrap $1\n!\n") && next; /^ROM: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G3","!ROM Image: $1\n") && next; /^BOOTFLASH: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTFLASH: $1\n") && next; /^BOOTLDR: .*(Version.*)$/ && ProcessHistory("COMMENTS","keysort","G4","!BOOTLDR: $1\n") && next; /^System image file is "([^\"]*)", booted via (\S*)/ && # removed the booted source due to # CSCdk28131: cycling info in 'sh ver' # ProcessHistory("COMMENTS","keysort","F4","!Image: booted via $2, $1\n") && ProcessHistory("COMMENTS","keysort","F4","!Image: booted $1\n") && next; /^System image file is "([^\"]*)"$/ && ProcessHistory("COMMENTS","keysort","F5","!Image: $1\n") && next; if (/(\S+)\s+\((\S+)\)\s+processor.*with (\S+[kK]) bytes/) { my($proc) = $1; my($cpu) = $2; my($mem) = $3; my($device) = "router"; # the next line ought to be the more specific cpu info, grab it. # yet, some boards/IOS vers have a processor ID line between these # two. grrr. make sure we dont grab the "software" junk that # follows these lines by looking for "CPU at " or the 2600s # "processor: " unique string. there are undoubtedly many other # incantations. for a slave, we dont get this info and its just a # blank line. $_ = ; $_ = if (/processor board id/i); $_ = "" if (! /(cpu at |processor: |$cpu processor,)/i); tr/\015//d; s/implementation/impl/i; if ($_ !~ /^\s*$/) { chomp; s/^/, /; } if ( $proc eq "CSC") { $type = "AGS"; } elsif ( $proc eq "CSC4") { $type = "AGS+"; } elsif ( $proc =~ /^(AS)?25[12][12]/) { $type = "2500"; } elsif ( $proc =~ /261[01]/ || $proc =~ /262[01]/ ) { $type = "2600"; } elsif ( $proc =~ /^36[0246][0-9]/) { $type = "3600"; } elsif ( $proc =~ /^37/) { $type = "3700"; } elsif ( $proc eq "RSP7000") { $type = "7500"; } elsif ( $proc =~ /RSP\d/) { $type = "7500"; } elsif ( $proc eq "RP1") { $type = "7000"; } elsif ( $proc eq "RP") { $type = "7000"; } elsif ( $proc =~ /720[246]/) { $type = "7200"; } elsif ( $proc =~ /1200[48]\/GRP/ || $proc =~ /1201[26]\/GRP/) { $type = "12000"; } elsif ( $proc =~ /1201[26]-8R\/GRP/) { $type = "12000"; } elsif ( $proc =~ /WS-C29/) { $type = "2900XL"; $device = "switch"; } elsif ( $proc =~ /WS-C355/) { $type = "3550"; $device = "switch"; } elsif ( $proc =~ /WS-C35/) { $type = "3500XL"; $device = "switch"; } elsif ( $proc =~ /WS-C45/) { $type = "4500"; $device = "switch"; } elsif ( $proc =~ /6000/) { $type = "6000"; $device = "switch"; } elsif ( $proc =~ /CISCO76/) { $type = "7600"; $device = "router"; } elsif ( $proc =~ /1900/) { $type = "1900"; $device = "switch"; } else { $type = $proc; } print STDERR "TYPE = $type\n" if ($debug); ProcessHistory("COMMENTS","keysort","A1", "!Chassis type:$slave $proc - a $type $device\n"); ProcessHistory("COMMENTS","keysort","B1", "!Memory:$slave main $mem\n"); ProcessHistory("COMMENTS","keysort","A3","!CPU:$slave $cpu$_$slaveslot\n"); next; } if (/(\S+) Silicon\s*Switch Processor/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C2","!SSP: $1\n"); $ssp = 1; $sspmem = $1; next; } /^(\d+[kK]) bytes of multibus/ && ProcessHistory("COMMENTS","keysort","B2", "!Memory: multibus $1\n") && next; /^(\d+[kK]) bytes of (non-volatile|NVRAM)/ && ProcessHistory("COMMENTS","keysort","B3", "!Memory: nvram $1\n") && next; /^(\d+[kK]) bytes of flash memory/ && ProcessHistory("COMMENTS","keysort","B5","!Memory: flash $1\n") && next; /^(\d+[kK]) bytes of .*flash partition/ && ProcessHistory("COMMENTS","keysort","B6", "!Memory: flash partition $1\n") && next; /^(\d+[kK]) bytes of Flash internal/ && ProcessHistory("COMMENTS","keysort","B4", "!Memory: bootflash $1\n") && next; if(/^(\d+[kK]) bytes of (Flash|ATA)?.*PCMCIA .*(slot|disk) ?(\d)/i) { ProcessHistory("COMMENTS","keysort","B7", "!Memory: pcmcia $2 $3$4 $1\n"); next; } if(/^WARNING/) { if (!defined($I0)) { $I0=1; ProcessHistory("COMMENTS","keysort","I0","!\n"); } ProcessHistory("COMMENTS","keysort","I1","! $_"); } if (/^Configuration register is (.*)$/) { $config_register=$1; next; } } return(0); } # This routine parses "show redundancy" sub ShowRedundancy { print STDERR " In ShowRedundancy: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^IOS .* Software \(([A-Za-z-0-9]*)\), .*Version\s+(.*)$/ && ProcessHistory("COMMENTS","keysort","F1", "!Image:$slave Software: $1, $2\n") && next; /^Compiled (.*)$/ && ProcessHistory("COMMENTS","keysort","F3", "!Image:$slave Compiled: $1\n") && next; } return(0); } # This routine parses "show IDprom" sub ShowIDprom { my($tmp); print STDERR " In ShowIDprom: $_" if ($debug); while () { tr/\015//d; last if(/^$prompt/); next if(/^(\s*|\s*$cmd\s*)$/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /FRU is .(.*)\'/ && ($tmp = $1); /Product Number = .(.*)\'/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D0", "!Catalyst Chassis type: $1, $tmp\n"); /Serial Number = .([0-9A-Za-z]+)/ && ProcessHistory("COMMENTS","keysort","D1", "!Catalyst Chassis S/N: $1\n"); /Manufacturing Assembly Number = .([-0-9]+)/ && ($tmp = $1); /Manufacturing Assembly Revision = .(.*)\'/ && ($tmp .= ", rev " . $1); /Hardware Revision = ([0-9.]+)/ && ProcessHistory("COMMENTS","keysort","D2", "!Catalyst Chassis assembly: $tmp, ver $1\n"); } return(0); } # This routine parses "show install active" sub ShowInstallActive { print STDERR " In ShowInstallActive: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("COMMENTS","keysort","F5","!Image: $_") && next; } return(0); } # This routine parses "show env all" sub ShowEnv { # Skip if this is not a 7500, 7200, or 7000. print STDERR " In ShowEnv: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (!defined($E0)) { $E0=1; ProcessHistory("COMMENTS","keysort","E0","!\n"); } if (/^Arbiter type (\d), backplane type (\S+)/) { if (!defined($C0)) { $C0=1; ProcessHistory("COMMENTS","keysort","C0","!\n"); } ProcessHistory("COMMENTS","keysort","C1", "!Enviromental Arbiter Type: $1\n"); ProcessHistory("COMMENTS","keysort","A2", "!Chassis type: $2 backplane\n"); next; } /^\s*(Power [^:\n]+)$/ && ProcessHistory("COMMENTS","keysort","E1","!Power: $1\n") && next; /^\s*(Lower Power .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(redundant .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; /^\s*(RPS is .*)/i && ProcessHistory("COMMENTS","keysort","E2","!Power: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show rsp chassis-info" for the rsp # This will create arrays for hw info. sub ShowRSP { print STDERR " In ShowRSP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^$/ && next; /^\s+Chassis model: (\S+)/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D1", "!RSP Chassis model: $1\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!RSP Chassis S/N: $1\n") && next; } return(0); } # This routine parses "show gsr chassis-info" for the gsr # This will create arrays for hw info. sub ShowGSR { # Skip if this is not a 1200n. print STDERR " In ShowGSR: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # return(1) if ($type !~ /^12[40]/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /^$/ && next; /^\s+Chassis: type (\S+) Fab Ver: (\S+)/ && ProcessHistory("COMMENTS","keysort","D0","!\n") && ProcessHistory("COMMENTS","keysort","D1", "!GSR Chassis type: $1 Fab Ver: $2\n") && next; /^\s+Chassis S\/N: (.*)$/ && ProcessHistory("COMMENTS","keysort","D2", "!GSR Chassis S/N: $1\n") && next; /^\s+PCA: (\S+)\s*rev: (\S+)\s*dev: \S+\s*HW ver: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D3", "!GSR Backplane PCA: $1, rev $2, ver $3\n") && next; /^\s+Backplane S\/N: (\S+)$/ && ProcessHistory("COMMENTS","keysort","D4", "!GSR Backplane S/N: $1\n") && next; } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show boot" sub ShowBoot { # Pick up boot variables if 7000/7200/7500/12000/2900/3500; # otherwise pick up bootflash. print STDERR " In ShowBoot: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(-1) if (/command authorization failed/i); return(1) if /Ambiguous command/i; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; next if /CONFGEN variable/; if (!defined($H0)) { $H0=1; ProcessHistory("COMMENTS","keysort","H0","!\n"); } if ($type !~ /^(12[04]|7)/) { if ($type !~ /^(29|35)00/) { ProcessHistory("COMMENTS","keysort","H2","!BootFlash: $_"); } else { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } elsif (/variable/) { ProcessHistory("COMMENTS","keysort","H1","!Variable: $_"); } } ProcessHistory("COMMENTS","","","!\n"); return(0); } # This routine parses "show flash" sub ShowFlash { # skip if this is 7000, 7200, 7500, or 12000; else we end up with # redundant data from dir /all slot0: print STDERR " In ShowFlash: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if ($type =~ /^(12[40]|7)/); return(-1) if (/command authorization failed/i); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("FLASH","","","!Flash: $_"); } ProcessHistory("","","","!\n"); return; } # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { # Skip if this is not a 3600, 7000, 7200, 7500, or 12000. print STDERR " In DirSlotN: $_" if ($debug); my($dev) = (/\s([^\s]+):/); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|7|36)/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(1) if /(No such device|Error Sending Request)/i; return(1) if /\%Error: No such file or directory/; return(1) if /No space information available/; return(-1) if /\%Error calling/; return(-1) if /(: device being squeezed|ATA_Status time out)/i; # busy return(-1) if (/command authorization failed/i); return(1) if /(Open device \S+ failed|Error opening \S+:)/; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("FLASH","","","!Flash: $dev: $_"); } ProcessHistory("","","","!\n"); return(0); } # This routine parses "show controllers" sub ShowContAll { # Skip if this is a 70[01]0, 7500, or 12000. print STDERR " In ShowContAll: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type =~ /^(12[40]|7[05])/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^Interface ([^ \n(]*)/) { $INT = "$1, "; next; } /^(BRI unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^LANCE unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^(LANCE unit \d)/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /(Media Type is \S+),/ && ProcessHistory("INT","","","!\t$1\n"); if (/(M\dT[^ :]*:) show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr $_"); } if (/^(\S+) : show controller:$/) { my($ctlr) = $1; $_ = ; tr/\015//d; s/ subunit \d,//; ProcessHistory("INT","","","!Interface: $ctlr: $_"); } /^(HD unit \d), idb/ && ProcessHistory("INT","","","!Interface: $1\n") && next; /^HD unit \d, NIM/ && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ HD unit \d, (.*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^AM79970 / && ProcessHistory("INT","","","!Interface: $_") && next; /^buffer size \d+ (Universal Serial: .*)/ && ProcessHistory("INT","","","!\t$1\n") && next; /^Hardware is (.*)/ && ProcessHistory("INT","","","!Interface: $INT$1\n") && next; /^(QUICC Serial unit \d),/ && ProcessHistory("INT","","","!$1\n") && next; /^QUICC Ethernet .*/ && ProcessHistory("INT","","","!$_") && next; /^DTE .*\.$/ && ProcessHistory("INT","","","!\t$_") && next; /^(cable type :.*),/ && ProcessHistory("INT","","","!\t$1\n") && next; /^(.* cable.*), received clockrate \d+$/ && ProcessHistory("INT","","","!\t$1\n") && next; /^.* cable.*$/ && ProcessHistory("INT","","","!\t$_") && next; } return(0); } # This routine parses "show controllers cbus" # Some of this is printed out in ShowDiagbus. sub ShowContCbus { # Skip if this is not a 7000 or 7500. print STDERR " In ShowContCbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]0/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^\s*slot(\d+): ([^,]+), hw (\S+), sw (\S+), ccb/) { $slot = $1; $board{$slot} = $2; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/^\s*(\S+) (\d+), hardware version (\S+), microcode version (\S+)/) { $slot = $2; $board{$slot} = $1; $hwver{$slot} = $3; $hwucode{$slot} = $4; } elsif (/(Microcode .*)/) { $ucode{$slot} = $1; } elsif (/(software loaded .*)/) { $ucode{$slot} = $1; } elsif (/(\d+) Kbytes of main memory, (\d+) Kbytes cache memory/) { $hwmemd{$slot} = $1; $hwmemc{$slot} = $2; } elsif (/byte buffers/) { chop; s/^\s*//; $hwbuf{$slot} = $_; } elsif (/Interface (\d+) - (\S+ \S+),/) { $interface = $1; ProcessHistory("HW","","", "!\n!Int $interface: in slot $slot, named $2\n"); next; } elsif (/(\d+) buffer RX queue threshold, (\d+) buffer TX queue limit, buffer size (\d+)/) { ProcessHistory("HW","","","!Int $interface: rxq $1, txq $2, bufsize $3\n"); next; } } return(0); } # This routine parses "show diagbus" # This will create arrarys for hw info. sub ShowDiagbus { # Skip if this is not a 7000, 70[01]0, or 7500. print STDERR " In ShowDiagbus: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^7[05]/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^\s*Slot (\d+):/i) { $slot = $1; next; } elsif (/^\s*Slot (\d+) \(virtual\):/i) { $slot = $1; next; } elsif (/^\s*(.*Processor.*|.*controller|.*controler|.*Chassis Interface)(, FRU\s?:.*)?, HW rev (\S+), board revision (\S+)/i) { $board = $1; $hwver = $3; $boardrev = $4; if ($board =~ /Processor/) { if ($board =~ /7000 Route\/Switch/) { $board = "RSP7000"; } elsif ($board =~ /Route\/Switch Processor (\d)/) { $board = "RSP$1"; } elsif ($board =~ /Route/) { $board = "RP"; } elsif ($board =~ /Silicon Switch/) { $board = "SSP"; } elsif ($board =~ /Switch/) { $board = "SP"; $board = "SSP $sspmem" if $ssp; } elsif ($board =~ /ATM/) { $board = "AIP"; } } elsif ($board =~ /(.*) controller/i) { $board = $1; } # hwucode{$slot} defined in ShowContCbus if (defined $hwucode{$slot}) { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev ucode $hwucode{$slot}\n"); } else { ProcessHistory("SLOT","","","!\n!Slot $slot/$board: hvers $hwver rev $boardrev\n"); } # These are also from the ShowContCbus ProcessHistory("SLOT","","","!Slot $slot/$board: $ucode{$slot}\n") if (defined $ucode{$slot}); ProcessHistory("SLOT","","","!Slot $slot/$board: memd $hwmemd{$slot}, cache $hwmemc{$slot}\n") if ((defined $hwmemd{$slot}) && (defined $hwmemc{$slot})); ProcessHistory("SLOT","","","!Slot $slot/$board: $hwbuf{$slot}\n") if (defined $hwbuf{$slot}); next; } /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","", "!Slot $slot/$board: part $2, serial $1\n") && next; /^\s*Controller Memory Size: (.*)$/ && ProcessHistory("SLOT","","","!Slot $slot/$board: $1\n") && next; if (/PA Bay (\d) Information/) { $pano = $1; if ("PA" =~ /$board/) { ($s,$c) = split(/\//,$board); $board = "$s/$c/PA $pano"; } else { $board =~ s/\/PA \d//; $board = "$board/PA $pano"; } next; } /\s+(.*) (IP|PA), (\d) ports?,( \S+,)? (FRU\s?: )?(\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $6, $3 ports\n") && next; /\s+(.*) (IP|PA)( \(\S+\))?, (\d) ports?/ && ProcessHistory("SLOT","","","!Slot $slot/$board: type $1$3, $4 ports\n") && next; /^\s*HW rev (\S+), Board revision (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: hvers $1 rev $2\n") && next; /Serial number: (\S+)\s*Part number: (\S+)/ && ProcessHistory("SLOT","","","!Slot $slot/$board: part $2, serial $1\n") && next; } return(0); } # This routine parses "show diag" for the gsr, 7200, 3700, 3600, 2600. # This will create arrarys for hw info. sub ShowDiag { # Skip if this is not a 12000. print STDERR " In ShowDiag: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); # return(1) if ($type !~ /^(12[40]|720|36|26)/); return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; s/Port Packet Over SONET/POS/; if (/^\s*SLOT\s+(\d+)\s+\((.*)\): (.*)/) { $slot = $1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: $3\n"); next; } if (/^\s+MAIN:\s* type \d+,\s+(.*)/) { ProcessHistory("SLOT","keysort","AM","!Slot $slot/MAIN: part $1\n"); next; } if (/^c3700\s+(io-board|mid-plane)/i) { $slot=$1; ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","A","!Slot $slot: part $1\n"); next; } if (/ Engine:\s+(.*)/) { ProcessHistory("SLOT","keysort","AE","!Slot $slot/Engine: $1\n"); } if (/^\s+PCA:\s+(.*)/) { local($part) = $1; $_ = ; /^\s+(HW version|design release) (\S+)\s+S\/N (\S+)/i && ProcessHistory("SLOT","keysort","C1","!Slot $slot/PCA: part $part, serial $3\n") && ProcessHistory("SLOT","keysort","C2","!Slot $slot/PCA: hvers $2\n"); next; } if (/^\s+MBUS: .*\)\s+(.*)/) { local($tmp) = "!Slot $slot/MBUS: part $1"; $_ = ; /^\s+HW version (\S+)\s+S\/N (\S+)/ && ProcessHistory("SLOT","keysort","MB1","$tmp, serial $2\n") && ProcessHistory("SLOT","keysort","MB2","!Slot $slot/MBUS: hvers $1\n"); next; } if (/^\s+MBUS Agent Software version (.*)/) { ProcessHistory("SLOT","keysort","MB3","!Slot $slot/MBUS: software $1\n"); next; } if (/^\s+ROM Monitor version (.*)/) { ProcessHistory("SLOT","keysort","R","!Slot $slot/ROM Monitor: version $1\n"); next; } if (/^\s+Fabric Downloader version used (.*)/) { ProcessHistory("SLOT","keysort","Z","!Slot $slot/Fabric Downloader: version $1\n"); next; } if (/^\s+DRAM size: (\d+)/) { local($dram) = $1 / 1048576; $_ = ; if (/^\s+FrFab SDRAM size: (\d+)/) { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM, " . $1 / 1024 . " Kbytes SDRAM\n"); } else { ProcessHistory("SLOT","keysort","MB4","!Slot $slot/MBUS: $dram Mbytes DRAM\n"); } next; } if (/FRU:\s+Linecard\/Module:\s+(\S+)/) { ProcessHistory("SLOT","","","!Slot $slot/FRU: Linecard/Module: $1\n"); next; } # 7200, 3600, 2600, and 1700 stuff if (/^(Slot)\s+(\d+(\/\d+)?):/ || /^\s+(WIC|VIC|WIC\/VIC) Slot (\d):/ || /^(Encryption AIM) (\d):/) { if ($1 eq "WIC") { $WIC = "/$2"; } elsif ($1 eq "VIC") { $WIC = "/$2"; } elsif ($1 eq "WIC/VIC") { $WIC = "/$2"; } elsif ($1 eq "Encryption AIM") { $slot = "$2"; undef($WIC); ProcessHistory("SLOT","","","!\n"); ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1\n"); next; } else { $slot = $2; undef($WIC); } $_ = ; tr/\015//d; # clean up hideous 7200/etc formats to look more like 7500 output s/Fast-ethernet on C7200 I\/O card/FE-IO/; s/ with MII or RJ45/-TX/; s/Fast-ethernet /100Base/; s/[)(]//g; s/intermediate reach/IR/i; ProcessHistory("SLOT","","","!\n"); /\s+(.*) port adapter,?\s+(\d+)\s+/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, $2 ports\n") && next; # I/O controller with no interfaces /\s+(.*)\s+port adapter\s*$/i && ProcessHistory("SLOT","keysort","B","!Slot $slot: type $1, 0 ports\n") && next; /\s+(.*)\s+daughter card(.*)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1$2\n") && next; /\s+(FT1)$/ && ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $1\n") && next; # handle WICs lacking "daughter card" in the 2nd line of their # show diag o/p if (defined($WIC)) { s/^\s+//; ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: type $_"); } next; } # yet another format. seen on 2600s w/ 12.1, but appears to be all # 12.1, including 7200s & 3700s. Sometimes the PCB serial appears # before the hardware revision. if (/(pcb serial number|hardware revision)\s+:\s+(\S+)$/i) { my($hw, $pn, $rev, $sn); if ($1 =~ /^pcb/i) { $sn = $2; } else { $hw = $2; } while () { tr/\015//d; if (/0x..: /) { # no effing idea why break does not work there goto PerlSucks; } if (/hardware revision\s+:\s+(\S+)/i) { $hw = $1; } if (/part number\s+:\s+(\S+)/i) { $pn = $1; } if (/board revision\s+:\s+(\S+)/i) { $rev = $1; } if (/pcb serial number\s+:\s+(\S+)/i) { $sn = $1; } } PerlSucks: ProcessHistory("SLOT","keysort","B","!Slot $slot$WIC: hvers $hw rev $rev\n"); ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: part $pn, serial $sn\n"); } /revision\s+(\S+).*revision\s+(\S+)/ && ProcessHistory("SLOT","keysort","C","!Slot $slot$WIC: hvers $1 rev $2\n") && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ProcessHistory("SLOT","keysort","D","!Slot $slot$WIC: part $2, serial $1\n") && next; } ProcessHistory("SLOT","","","!\n"); return(0); } # This routine parses "show module". sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); my(@lines); my($slot); while () { tr/\015//d; return if (/^\s*\^$/); last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; # match slot/card info line if (/^ *(\d+)\s+(\d+)\s+(.*)\s+(\S+)\s+(\S+)\s*$/) { $lines[$1] .= "!Slot $1: type $3, $2 ports\n!Slot $1: part $4, serial $5\n"; $lines[$1] =~ s/\s+,/,/g; } # now match the Revs in the second paragraph of o/p and stick it in # the array with the previous bits...grumble. if (/^ *(\d+)\s+\S+\s+to\s+\S+\s+(\S+)\s+(\S*)\s+(\S+)(\s+\S+)?\s*$/) { $lines[$1] .= "!Slot $1: hvers $2, firmware $3, sw $4\n"; $lines[$1] =~ s/\s+,/,/g; } } foreach $slot (@lines) { next if ($slot =~ /^\s*$/); ProcessHistory("Module","","","$slot!\n"); } return(0); } # This routine parses "show spe version". sub ShowSpeVersion { print STDERR " In ShowSpeVersion: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); ProcessHistory("MODEM","","","!Modem: $_") && next; } ProcessHistory("MODEM","","","!\n"); return(0); } # This routine parses "show c7200" for the 7200 # This will create arrays for hw info. sub ShowC7200 { # Skip if this is not a 7200. print STDERR " In ShowC7200: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); #return(1) if ($type !~ /^72/); return(-1) if (/command authorization failed/i); /^$/ && next; # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^(C7200 )?Midplane EEPROM:/) { $_ = ; /revision\s+(\S+).*revision\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: hvers $1 rev $2\n"); $_ = ; /number\s+(\S+)\s+Part number\s+(\S+)/; ProcessHistory("SLOT","","","!Slot Midplane: part $2, serial $1\n!\n"); next; } if (/C720\d(VXR)? CPU EEPROM:/) { my ($hvers,$rev,$part,$serial); # npe400s report their cpu eeprom info differently w/ 12.0.21S while () { /Hardware Revision\s+: (\S+)/ && ($hvers = $1) && next; /Board Revision\s+: (\S+)/ && ($rev = $1) && next; /Part Number\s+: (\S+)/ && ($part = $1) && next; /Serial Number\s+: (\S+)/ && ($serial = $1) && next; /revision\s+(\S+).*revision\s+(\S+)/ && ($hvers = $1, $rev = $2) && next; /number\s+(\S+)\s+Part number\s+(\S+)/ && ($serial = $1, $part = $2) && next; /^\s*$/ && last; } ProcessHistory("SLOT","","","!Slot CPU: hvers $hvers rev $rev\n"); ProcessHistory("SLOT","","","!Slot CPU: part $part, serial $serial\n!\n"); next; } } return(0); } # This routine parses "show vtp status" sub ShowVTP { print STDERR " In ShowVTP: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); next if (/^Configuration last modified by/); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; if (/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 1; } ProcessHistory("COMMENTS","keysort","I0","!VTP: $_"); } ProcessHistory("COMMENTS","keysort","I0","!\n"); return(0); } # This routine parses "show vlan" sub ShowVLAN { print STDERR " In ShowVLAN: $_" if ($debug); ($_=,return(1)) if (!$DO_SHOW_VLAN); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /(Invalid input detected|Type help or )/; # newer releases (~12.1(9)) place the vlan config in the normal # configuration (write term). return(1) if ($type =~ /^(3550|4500|7600)$/); #return(1) if ($type !~ /^(2900XL|3500XL|6000)$/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; ProcessHistory("COMMENTS","keysort","IO","!VLAN: $_"); } ProcessHistory("COMMENTS","keysort","IO","!\n"); return(0); } # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); my($lineauto,$comment,$linecnt) = (0,0,0); while () { tr/\015//d; last if(/^$prompt/); return(-1) if (/command authorization failed/i); # the pager can not be disabled per-session on the PIX s/^<-+ More -+>\s*//; /Non-Volatile memory is in use/ && return(-1); # NvRAM is locked return(0) if ($found_end); # Only do this routine once $linecnt++; $lineauto = 0 if (/^[^ ]/); # skip the crap if (/^(##+$|(Building|Current) configuration)/i) { while () { next if (/^Current configuration\s*:/i); next if (/^:/); next if (/^([%!].*|\s*)$/); next if (/^ip add.*ipv4:/); # band-aid for 3620 12.0S last; } if (defined($config_register)) { ProcessHistory("","","","!\nconfig-register $config_register\n"); } tr/\015//d; } # some versions have other crap mixed in with the bits in the # block above /^! (Last configuration|NVRAM config last)/ && next; # skip consecutive comment lines to avoid oscillating extra comment # line on some access servers. grrr. if (/^!/) { next if ($comment); ProcessHistory("","","",$_); $comment++; next; } $comment = 0; # Dog gone Cool matches to process the rest of the config /^tftp-server flash / && next; # kill any tftp remains /^ntp clock-period / && next; # kill ntp clock-period /^ length / && next; # kill length on serial lines /^ width / && next; # kill width on serial lines $lineauto = 1 if /^ modem auto/; /^ speed / && $lineauto && next; # kill speed on serial lines /^ clockrate / && next; # kill clockrate on serial interfaces if (/^(enable )?(password|passwd) / && $filter_pwds >= 1) { ProcessHistory("ENABLE","","","!$1$2 \n"); next; } if (/^(enable secret) / && $filter_pwds >= 2) { ProcessHistory("ENABLE","","","!$1 \n"); next; } if (/^username (\S+)(\s.*)? secret /) { if ($filter_pwds >= 2) { ProcessHistory("USER","keysort","$1","!username $1$2 secret \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^username (\S+)(\s.*)? password ((\d) \S+|\S+)/) { if ($filter_pwds == 2) { ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } elsif ($filter_pwds == 1 && $4 ne "5"){ ProcessHistory("USER","keysort","$1","!username $1$2 password \n"); } else { ProcessHistory("USER","keysort","$1","$_"); } next; } if (/^( set session-key (in|out)bound ah \d+ )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^( set session-key (in|out)bound esp \d+ (authenticator|cypher) )/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1\n"); next; } if (/^(\s*)password / && $filter_pwds >= 1) { ProcessHistory("LINE-PASS","","","!$1password \n"); next; } if (/^\s*neighbor (\S*) password / && $filter_pwds >= 1) { ProcessHistory("","","","! neighbor $1 password \n"); next; } if (/^(ppp .* password) 7 .*/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^(ip ftp password) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( ip ospf authentication-key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # isis passwords appear to be completely plain-text if (/^\s+isis password (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!isis password $2\n"); next; } if (/^\s+(domain-password|area-password) (\S+)( .*)?/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $3\n"); next; } # this is reversable, despite 'md5' in the cmd if (/^( ip ospf message-digest-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^((crypto )?isakmp key) \S+ / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 $'"); next; } # filter HSRP passwords if (/^(\s+standby \d authentication) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # this appears in "measurement/sla" images if (/^(\s+key-string \d?)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( l2tp tunnel \S+ password)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # i am told these are plain-text on the PIX if (/^(vpdn username \S+ password)/ && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } if (/^( cable shared-secret ) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } /fair-queue individual-limit/ && next; # sort ip explicit-paths. if (/^ip explicit-path name (\S+)/) { my($key) = $1; my($expath) = $_; while () { tr/\015//d; last if (/^$prompt/); last if (/^$prompt/ || ! /^(ip explicit-path name |[ !])/); if (/^ip explicit-path name (\S+)/) { ProcessHistory("EXPATH","keysort","$key","$expath"); $key = $1; $expath = $_; } else { $expath .= $_; } } ProcessHistory("EXPATH","keysort","$key","$expath"); } # sort route-maps if (/^route-map (\S+)/) { my($key) = $1; my($routemap) = $_; while () { tr/\015//d; last if (/^$prompt/ || ! /^(route-map |[ !])/); if (/^route-map (\S+)/) { ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); $key = $1; $routemap = $_; } else { $routemap .= $_; } } ProcessHistory("ROUTEMAP","keysort","$key","$routemap"); } # filter out any RCS/CVS tags to avoid confusing local CVS storage s/\$(Revision|Id):/ $1:/; # order access-lists /^access-list\s+(\d\d?)\s+(\S+)\s+(\S+)/ && ProcessHistory("ACL $1 $2","ipsort","$3","$_") && next; # order extended access-lists /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+host\s+(\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+(\d\S+)/ && ProcessHistory("EACL $1 $2","ipsort","$3","$_") && next; /^access-list\s+(\d\d\d)\s+(\S+)\s+ip\s+any/ && ProcessHistory("EACL $1 $2","ipsort","0.0.0.0","$_") && next; # order arp lists /^arp\s+(\d+\.\d+\.\d+\.\d+)\s+/ && ProcessHistory("ARP","ipsort","$1","$_") && next; /^ip prefix-list\s+(\S+)\s+seq\s+(\d+)\s+(permit|deny)\s+(\d\S+)(\/.*)$/ && ProcessHistory("PACL $1 $3","ipsort","$4","ip prefix-list $1 $3 $4$5\n") && next; # order logging statements /^logging (\d+\.\d+\.\d+\.\d+)/ && ProcessHistory("LOGGING","ipsort","$1","$_") && next; # order/prune snmp-server host statements # we only prune lines of the form # snmp-server host a.b.c.d if (/^snmp-server host (\d+\.\d+\.\d+\.\d+) /) { if (defined($ENV{'NOCOMMSTR'})) { my($ip) = $1; my($line) = "snmp-server host $ip"; my(@tokens) = split(' ', $'); my($token); while ($token = shift(@tokens)) { if ($token eq 'version') { $line .= " " . join(' ', ($token, shift(@tokens))); } elsif ($token =~ /^(informs?|traps?|(no)?auth)$/) { $line .= " " . $token; } else { $line = "!$line " . join(' ', ("", join(' ',@tokens))); last; } } ProcessHistory("SNMPSERVERHOST","ipsort","$ip","$line\n"); } else { ProcessHistory("SNMPSERVERHOST","ipsort","$1","$_"); } next; } if (/^(snmp-server community) (\S+)/) { if (defined($ENV{'NOCOMMSTR'})) { ProcessHistory("SNMPSERVERCOMM","keysort","$_","!$1 $'") && next; } else { ProcessHistory("SNMPSERVERCOMM","keysort","$_","$_") && next; } } # prune tacacs/radius server keys if (/^(tacacs-server|radius-server) key / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 key \n"); next; } if (/^((tacacs-server|radius-server) host \S+ key) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order clns host statements /^clns host \S+ (\S+)/ && ProcessHistory("CLNS","keysort","$1","$_") && next; # order alias statements /^alias / && ProcessHistory("ALIAS","keysort","$_","$_") && next; # delete ntp auth password - this md5 is a reversable too if (/^(ntp authentication-key \d+ md5) / && $filter_pwds >= 1) { ProcessHistory("","","","!$1 \n"); next; } # order ntp peers/servers if (/^ntp (server|peer) (\d+)\.(\d+)\.(\d+)\.(\d+)/) { $sortkey = sprintf("$1 %03d%03d%03d%03d",$2,$3,$4,$5); ProcessHistory("NTP","keysort",$sortkey,"$_"); next; } # order ip host statements /^ip host (\S+) / && ProcessHistory("IPHOST","keysort","$1","$_") && next; # order ip nat source static statements /^ip nat (\S+) source static (\S+)/ && ProcessHistory("IP NAT $1","ipsort","$2","$_") && next; # order atm map-list statements /^\s+ip\s+(\d+\.\d+\.\d+\.\d+)\s+atm-vc/ && ProcessHistory("ATM map-list","ipsort","$1","$_") && next; # order ip rcmd lines /^ip rcmd/ && ProcessHistory("RCMD","keysort","$_","$_") && next; # system controller /^syscon address (\S*) (\S*)/ && ProcessHistory("","","","!syscon address $1 \n") && next; if (/^syscon password (\S*)/ && $filter_pwds >= 1) { ProcessHistory("","","","!syscon password \n"); next; } # catch anything that wasnt matched above. ProcessHistory("","","","$_"); # end of config. the ": " game is for the PIX if (/^(: +)?end$/) { $found_end = 1; return(1); } } # The ContentEngine lacks a definitive "end of config" marker. If we # know that it is a CE and we have seen at least 5 lines of write term # o/p, we can be reasonably sure that we got the config. if ($type =~ /^CE$/ && $linecnt > 5) { $found_end = 1; return(1); } return(0); } # dummy function sub DoNothing {print STDOUT;} # Main %commands=( 'show version' => "ShowVersion", 'show redundancy secondary' => "ShowRedundancy", 'show idprom backplane', => "ShowIDprom", 'show install active' => "ShowInstallActive", 'show env all' => "ShowEnv", 'show rsp chassis-info',=> "ShowRSP", 'show gsr chassis' => "ShowGSR", 'show boot' => "ShowBoot", 'show bootvar' => "ShowBoot", 'show variables boot' => "ShowBoot", 'show flash' => "ShowFlash", 'dir /all nvram:' => "DirSlotN", 'dir /all bootflash:' => "DirSlotN", 'dir /all slot0:' => "DirSlotN", 'dir /all disk0:' => "DirSlotN", 'dir /all slot1:' => "DirSlotN", 'dir /all disk1:' => "DirSlotN", 'dir /all slot2:' => "DirSlotN", 'dir /all disk2:' => "DirSlotN", "dir /all sup-bootflash:"=> "DirSlotN", # cat 6500-ios "dir /all sup-microcode:"=> "DirSlotN", # cat 6500-ios 'dir /all slavenvram:' => "DirSlotN", 'dir /all slavebootflash:' => "DirSlotN", 'dir /all slaveslot0:' => "DirSlotN", 'dir /all slavedisk0:' => "DirSlotN", 'dir /all slaveslot1:' => "DirSlotN", 'dir /all slavedisk1:' => "DirSlotN", 'dir /all slaveslot2:' => "DirSlotN", 'dir /all slavedisk2:' => "DirSlotN", "dir /all slavesup-bootflash:"=> "DirSlotN", # cat 7609 'dir /all sec-nvram:' => "DirSlotN", 'dir /all sec-bootflash:' => "DirSlotN", 'dir /all sec-slot0:' => "DirSlotN", 'dir /all sec-disk0:' => "DirSlotN", 'dir /all sec-slot1:' => "DirSlotN", 'dir /all sec-disk1:' => "DirSlotN", 'dir /all sec-slot2:' => "DirSlotN", 'dir /all sec-disk2:' => "DirSlotN", 'show controllers' => "ShowContAll", 'show controllers cbus' => "ShowContCbus", 'show diagbus' => "ShowDiagbus", 'show diag' => "ShowDiag", 'show module' => "ShowModule", # cat 6500-ios 'show spe version' => "ShowSpeVersion", 'show c7200' => "ShowC7200", 'show vtp status' => "ShowVTP", 'show vlan' => "ShowVLAN", 'show running-config' => "WriteTerm", 'write term' => "WriteTerm" ); # keys() doesnt return things in the order entered and the order of the # cmds is important (show version first and write term last). pita @commands=( "show version", "show redundancy secondary", "show idprom backplane", "show install active", "show env all", "show rsp chassis-info", "show gsr chassis", "show boot", "show bootvar", "show variables boot", "show flash", "dir /all nvram:", "dir /all bootflash:", "dir /all slot0:", "dir /all disk0:", "dir /all slot1:", "dir /all disk1:", "dir /all slot2:", "dir /all disk2:", "dir /all sup-bootflash:", "dir /all sup-microcode:", "dir /all slavenvram:", "dir /all slavebootflash:", "dir /all slaveslot0:", "dir /all slavedisk0:", "dir /all slaveslot1:", "dir /all slavedisk1:", "dir /all slaveslot2:", "dir /all slavedisk2:", "dir /all slavesup-bootflash:", "dir /all sec-nvram:", "dir /all sec-bootflash:", "dir /all sec-slot0:", "dir /all sec-disk0:", "dir /all sec-slot1:", "dir /all sec-disk1:", "dir /all sec-slot2:", "dir /all sec-disk2:", "show controllers", "show controllers cbus", "show diagbus", "show diag", "show module", "show spe version", "show c7200", "show vtp status", "show vlan", "show running-config", "write term" ); $cisco_cmds=join(";",@commands); $cmds_regexp=join("|",@commands); open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing clogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "clogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "clogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "clogin failed for $host: $!\n"; } else { open(INPUT,"clogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/[>#]\s?exit$/) { $clean_run=1; last; } if (/^Error:/) { print STDOUT ("$host clogin error: $_"); print STDERR ("$host clogin error: $_") if ($debug); $clean_run=0; last; } while (/#\s*($cmds_regexp)\s*$/) { $cmd = $1; if (!defined($prompt)) { $prompt = ($_ =~ /^([^#]+#)/)[0]; $prompt =~ s/([][}{)(\\])/\\$1/g; print STDERR ("PROMPT MATCH: $prompt\n") if ($debug); } print STDERR ("HIT COMMAND:$_") if ($debug); if (! defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; $clean_run = 0; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { $clean_run = 0; last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$clean_run || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$clean_run || !$found_end) { print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } --zhXaljGHf11kAtnf-- From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 03:52:25 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 90A7CC679F for ; Mon, 12 Jan 2004 03:52:25 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0074117CF9E; Mon, 12 Jan 2004 03:52:25 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id D20B017CFA2; Mon, 12 Jan 2004 03:52:24 +0000 (UTC) X-Original-To: rancid-discuss Received: by guelah.shrubbery.net (Postfix, from userid 7053) id D462217CF9F; Mon, 12 Jan 2004 03:52:23 +0000 (UTC) Date: Sun, 11 Jan 2004 19:52:23 -0800 From: john heasley To: rancid-discuss@shrubbery.net Subject: Rancid 2.3 RC1 Message-ID: <20040112035223.GI23852@shrubbery.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hello Rancid users, It has been quite some time since the release of 2.2.2. 2.3 is very close. We have a few more small bits on the to-do list before release. However, 2.3 represents some rather large changes and some new additions that we can not test ourselves. So, we thought that we'd make a RC1 (Release Candidate 1) of 2.3 available, in hopes that these changes would get some exposure. The most significant change is rancid's adaptation to the FHS (File Hierarchy Std). Some folks attempting to package rancid were pestering us for this and about a few of our file names that conflicted with existing packages. we agreed that it'd be a win in the long run, making it easier to package for the likes of NetBSD, FreeBSD, Linux, etc. So, if you choose to test drive, you'll notice that there are now etc and share/rancid directories beneath /usr/local/rancid (configure's --prefix option). A simple list of user-visible changes: bin/env has moved and been renamed etc/rancid.conf bin/create_cvs has been renamed rancid-cvs bin/do-diffs has been renamed rancid-run util/lg/lg.conf has moved to etc/lg.conf util/lg/lg*.cgi have moved to bin/ Also, if a user chose to use /usr as their --prefix, then the rancid CVS repository and logs dir would have been placed under /usr. We have made this dependant upon configure's --localstatedir, which defaults to /var. We agree that this seems like a fairly stupid place for it, while /var/rancid is far more logical, but it follows the standard and is configurable. For example, if you wished to maintain the existing directory locations of your logs dir and CVS repository, ie: /usr/local/rancid/, then configure like so: ./configure --localstatedir=/usr/local/rancid Remember ...for the common good... and please dont complain to us. Please please please read the file UPGRADING, which includes valuable instructions on how to move your cvs trees, if you choose to relocate them, and many other bits of trivia. RC1 has seen some testing. The looking glass has not been tested much. The following changes need more exposure or have not been tested by us. *login: handle TCL meta characters in passwords (etc) rancid: add show spe version and parse FRU show diag output jrancid: collect show chassis alarms rancid: skip show vlan for (3550|4500|7600) - from Andrew Fort rancid: show diag updates for 1700, 3700, etc - help from Michael Haba add Cisco CSS support - from Wedge Martin *login: add cloginrc sshcmd directive - idea from steve neighorn support for hitachi routers - from Mohacsi Janos Riverstone/Enterasys updates from Andrew Fort nlogin: Fix prompt groveling when running a cluster - from D. Pfleger nrancid: filter "set admin user" - from D. Pfleger For those not afraid to get dirty; ftp://ftp.shrubbery.net/pub/rancid/rancid-2.3.rc1.tar.gz Cheers. From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 14:07:43 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 13628C67DD for ; Mon, 12 Jan 2004 14:07:43 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 7510C17CF9E; Mon, 12 Jan 2004 14:07:42 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5BD1F17CFA2; Mon, 12 Jan 2004 14:07:42 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from nihhubims3.hub.nih.gov (nihhubims3.hub.nih.gov [128.231.90.113]) by guelah.shrubbery.net (Postfix) with ESMTP id 0BE7517CF9E; Mon, 12 Jan 2004 14:07:40 +0000 (UTC) Received: by nihhubims3.hub.nih.gov with Internet Mail Service (5.5.2657.72) id ; Mon, 12 Jan 2004 09:07:38 -0500 Message-ID: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAA@nihexchange3.nih.gov> From: "Gee-clough, Aaron (NIH/CIT)" To: 'john heasley' Cc: "'rancid-discuss@shrubbery.net'" Subject: RE: Cloginvs dollar signs Date: Mon, 12 Jan 2004 09:07:36 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hmmm...I took that script, named it clogin.new, and ran it with this in the cloginrc: add user lab-*.nih.gov te$t add userpassword lab-*.nih.gov te$tpass The result: [rancid@lithium rancid]$ clogin.new lab-pix.nih.gov Error: can't read "t": no such variable Is there something else I should change to handle the new script? Thanks. Aaron -----Original Message----- From: 'john heasley' [mailto:heas@shrubbery.net] Sent: Friday, January 09, 2004 9:41 PM To: Gee-clough, Aaron (NIH/CIT) Cc: 'john heasley'; 'rancid-discuss@shrubbery.net' Subject: Re: Cloginvs dollar signs Tue, Dec 30, 2003 at 11:13:26AM -0500, Gee-clough, Aaron (NIH/CIT): > > please provide an example of your .cloginrc entry. afaik, > > what you've tried should have worked. I think that I have this one nailed. I believe that what happens is proc find() actually returns a list. because one of the values, your password, contains a meta-character ($), tcl decides that it should protect us by deferring (or is it protecting) the eval/expansion of what would be a variable (ie: $net). That may not be exactly correct, but... join()'ing the value seems to fix this; Which i've wrapped around all the find() calls which return a string that may include a meta-character or a non-integer. That is, "password" and "user", but not "autoenable" or "method". Please try ftp://ftp.shrubbery.net/outgoing/clogin.in [ i happened across this while googling for answers... After a duel with TCL, I return triumphant (but seriously injured; I took a blow to the head that may never heal...). - Daniel Jacobowitz ] From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 14:45:08 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 88C6DC67DD for ; Mon, 12 Jan 2004 14:45:08 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1CEB817CFA2; Mon, 12 Jan 2004 14:45:08 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id F2E5D17CFCD; Mon, 12 Jan 2004 14:45:07 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id A811817CFA2 for ; Mon, 12 Jan 2004 14:45:06 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0CEj4nN005921; Mon, 12 Jan 2004 09:45:04 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0CEj4OB005918; Mon, 12 Jan 2004 09:45:04 -0500 (EST) (envelope-from asp) Date: Mon, 12 Jan 2004 09:45:04 -0500 From: Andrew Partan To: "Gee-clough, Aaron (NIH/CIT)" Cc: rancid-discuss@shrubbery.net Subject: Re: Cloginvs dollar signs Message-ID: <20040112144504.GA3892@partan.com> References: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAA@nihexchange3.nih.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAA@nihexchange3.nih.gov> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, Jan 12, 2004 at 09:07:36AM -0500, Gee-clough, Aaron (NIH/CIT) wrote: > Hmmm...I took that script, named it clogin.new, and ran it with this in the > cloginrc: > add user lab-*.nih.gov te$t > add userpassword lab-*.nih.gov te$tpass Make sure these are inside of {}: add user lab-*.nih.gov {te$t} add userpassword lab-*.nih.gov {te$tpass} > The result: > [rancid@lithium rancid]$ clogin.new lab-pix.nih.gov > Error: can't read "t": no such variable Can you give it a shot again with the {}? --asp From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 14:56:07 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0F1DBC67DD for ; Mon, 12 Jan 2004 14:56:07 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 8E0E017CFCD; Mon, 12 Jan 2004 14:56:06 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 706B917CFD0; Mon, 12 Jan 2004 14:56:06 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from nihhubims3.hub.nih.gov (nihhubims3.hub.nih.gov [128.231.90.113]) by guelah.shrubbery.net (Postfix) with ESMTP id F3AC717CFCD for ; Mon, 12 Jan 2004 14:56:04 +0000 (UTC) Received: by nihhubims3.hub.nih.gov with Internet Mail Service (5.5.2657.72) id ; Mon, 12 Jan 2004 09:56:03 -0500 Message-ID: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAC@nihexchange3.nih.gov> From: "Gee-clough, Aaron (NIH/CIT)" To: 'Andrew Partan' Cc: rancid-discuss@shrubbery.net Subject: RE: Cloginvs dollar signs Date: Mon, 12 Jan 2004 09:56:02 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk That looks like it worked. Very cool. Thanks. So, will it break anything if I put all usernames/passwords within braces, just to keep this from biting me again? Thanks again. Aaron -----Original Message----- From: Andrew Partan [mailto:asp@partan.com] Sent: Monday, January 12, 2004 9:45 AM To: Gee-clough, Aaron (NIH/CIT) Cc: rancid-discuss@shrubbery.net Subject: Re: Cloginvs dollar signs On Mon, Jan 12, 2004 at 09:07:36AM -0500, Gee-clough, Aaron (NIH/CIT) wrote: > Hmmm...I took that script, named it clogin.new, and ran it with this > in the > cloginrc: > add user lab-*.nih.gov te$t > add userpassword lab-*.nih.gov te$tpass Make sure these are inside of {}: add user lab-*.nih.gov {te$t} add userpassword lab-*.nih.gov {te$tpass} > The result: > [rancid@lithium rancid]$ clogin.new lab-pix.nih.gov > Error: can't read "t": no such variable Can you give it a shot again with the {}? --asp From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 15:40:29 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 05020C67DD for ; Mon, 12 Jan 2004 15:40:29 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 77C8B17CFD0; Mon, 12 Jan 2004 15:40:28 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5F73E17D07C; Mon, 12 Jan 2004 15:40:28 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 4F2FD17CFA9; Mon, 12 Jan 2004 15:40:27 +0000 (UTC) Date: Mon, 12 Jan 2004 07:40:27 -0800 From: john heasley To: "Gee-clough, Aaron (NIH/CIT)" Cc: 'Andrew Partan' , rancid-discuss@shrubbery.net Subject: Re: Cloginvs dollar signs Message-ID: <20040112154027.GJ23852@shrubbery.net> References: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAC@nihexchange3.nih.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64BC9A2B18FC5843BA0DE93548F745F3236F4CAC@nihexchange3.nih.gov> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Jan 12, 2004 at 09:56:02AM -0500, Gee-clough, Aaron (NIH/CIT): > That looks like it worked. Very cool. Thanks. So, will it break anything > if I put all usernames/passwords within braces, just to keep this from > biting me again? It should not. I have added verbage to cloginrc(5) indicating that it should be considered BCP to _always_ enclose the values in braces. Thanks. From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 15:54:18 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C9DB3C67DD for ; Mon, 12 Jan 2004 15:54:17 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3D72217CFA2; Mon, 12 Jan 2004 15:54:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 216D917CFD0; Mon, 12 Jan 2004 15:54:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 7ED5F17CFA9; Mon, 12 Jan 2004 15:54:16 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ns3.vmb-service.ru (ns3.vmb-service.ru [80.73.194.253]) by guelah.shrubbery.net (Postfix) with ESMTP id 8EB6517CF9E for ; Mon, 12 Jan 2004 07:42:22 +0000 (UTC) Received: from office.vmb-service.ru ([80.73.192.47]:25863 "EHLO ALEC") by Altair with ESMTP id ; Mon, 12 Jan 2004 10:42:11 +0300 Reply-To: From: "Alexander Voropay" To: "'Yuval Ben-Ari'" , Subject: RE: vcware and modemware Versions on AS5300 Date: Mon, 12 Jan 2004 10:43:01 +0300 Organization: VMB-Service Message-ID: <003e01c3d8df$b47837f0$1701a8c0@ALEC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 In-Reply-To: Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi! This commands are AS5200/AS5300/AS5400 specific, so it seems, rancid should recognize this ciscos as "access server" not "router" in sub ShowVersion { ... } elsif ( $proc =~ /AS5300/) { $type = "AS5300"; $device = "access server"; ... -- -=AV=- -----Original Message----- From: Yuval Ben-Ari [mailto:yuvalba@netvision.net.il] Sent: Friday, January 09, 2004 6:48 PM To: a.voropay@vmb-service.ru; rancid-discuss@shrubbery.net Subject: RE: vcware and modemware Versions on AS5300 show modem version seems too long, you might want to monitor "show spe version" this routine will do it: sub ShowSpeVersion { print STDERR " In ShowSpeVersion: $_" if ($debug); while () { tr/\015//d; last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /^\s*\^\s*$/; return(1) if /(Invalid input detected|Type help or )/; return(-1) if (/command authorization failed/i); ProcessHistory("MODEM","","","!Modem: $_") && next; } ProcessHistory("MODEM","","","!\n"); return(0); } also need to add the commands to trigger it in the right place: 'show spe version' => "ShowSpeVersion", 'show spe version', > -----Original Message----- > From: owner-rancid-discuss@shrubbery.net > [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of > Alexander Voropay > Sent: Friday, January 09, 2004 12:49 > To: rancid-discuss@shrubbery.net > Subject: vcware and modemware Versions on AS5300 > > > Hi! > > Does anyone have an idea how to add a monitoring of > vcware and modemware versions on CISCOs AS5300 ? > > > Gate#show vfc 1 version dspware > Version of Dspware in VFC slot 1 is 3.6.15L > > Gate#show vfc 1 version vcware > > Voice Feature Card in Slot 1: > VCware Version : 9.19 > ROM Monitor Version: 1.3 > DSPware Version : 3.6.15L > Technology : C549 > > Caller#show modem version > > Codes: > d - DSP software download is required for achieving K56flex > connections > > Modem module Firmware Boot DSP > Mdm Number Rev Rev Rev > 2/0 0 2.9.4.0 > 2/1 0 2.9.4.0 > 2/2 0 2.9.4.0 > 2/3 0 2.9.4.0 > 2/4 0 2.9.4.0 > 2/5 0 2.9.4.0 > 2/6 0 2.9.4.0 > 2/7 0 2.9.4.0 > 2/8 0 2.9.4.0 > 2/9 0 2.9.4.0 > ... > > > -- > -=AV=- > > From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 17:50:36 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 14DF9C6795 for ; Mon, 12 Jan 2004 17:50:36 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3C10517CF9E; Mon, 12 Jan 2004 17:50:35 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 19BFA17CFA2; Mon, 12 Jan 2004 17:50:35 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id C458A17CF9E for ; Mon, 12 Jan 2004 17:50:33 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0CHoUnN019698; Mon, 12 Jan 2004 12:50:30 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0CHoUZm019695; Mon, 12 Jan 2004 12:50:30 -0500 (EST) (envelope-from asp) Date: Mon, 12 Jan 2004 12:50:30 -0500 From: Andrew Partan To: Alexander Voropay Cc: Yuval Ben-Ari , rancid-discuss@shrubbery.net Subject: Re: vcware and modemware Versions on AS5300 Message-ID: <20040112175030.GC16383@partan.com> References: <003e01c3d8df$b47837f0$1701a8c0@ALEC> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <003e01c3d8df$b47837f0$1701a8c0@ALEC> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, Jan 12, 2004 at 10:43:01AM +0300, Alexander Voropay wrote: > This commands are AS5200/AS5300/AS5400 specific, so it seems, > rancid should recognize this ciscos as "access server" not "router" in rancid splits ciscos into 'routers' and 'switches'. There is nothing else that is an access server. --asp From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 12 22:13:45 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C319CC6795 for ; Mon, 12 Jan 2004 22:13:45 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3FB1017CFCD; Mon, 12 Jan 2004 22:13:45 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 1F61717CFD0; Mon, 12 Jan 2004 22:13:45 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from denexg10.icgcomm.com (mail.icgcomm.com [204.32.218.26]) by guelah.shrubbery.net (Postfix) with ESMTP id 08EB317CFCD for ; Mon, 12 Jan 2004 22:13:44 +0000 (UTC) Received: by denexg10.icgcomm.com with Internet Mail Service (5.5.2657.72) id ; Mon, 12 Jan 2004 15:07:15 -0700 Message-ID: <8055B5FEF64BCF4F944A4D031D194056076B6619@denexg20.icgcomm.com> From: "Gardner, Brent" To: rancid-discuss@shrubbery.net Subject: Restore Configurations Through CVSWeb Date: Mon, 12 Jan 2004 15:07:08 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="ISO-8859-1" Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Has anyone come up with a way to restore a configuration through the CVSweb interface? I would like Rancid to checkout a configuration and copy it to a ftp or tftp server. Then have it log into the router and upload the configuration. Any ideas? Thanks, Brent Gardner From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 00:58:20 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id DE90FC6795 for ; Tue, 13 Jan 2004 00:58:20 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1CB9D17CF9E; Tue, 13 Jan 2004 00:58:20 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 0535617CFA2; Tue, 13 Jan 2004 00:58:19 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 5CBC117CF9F; Tue, 13 Jan 2004 00:58:18 +0000 (UTC) Date: Mon, 12 Jan 2004 16:58:18 -0800 From: john heasley To: "Gardner, Brent" Cc: rancid-discuss@shrubbery.net Subject: Re: Restore Configurations Through CVSWeb Message-ID: <20040113005818.GE4652@shrubbery.net> References: <8055B5FEF64BCF4F944A4D031D194056076B6619@denexg20.icgcomm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8055B5FEF64BCF4F944A4D031D194056076B6619@denexg20.icgcomm.com> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Mon, Jan 12, 2004 at 03:07:08PM -0700, Gardner, Brent: > > Has anyone come up with a way to restore a configuration through the CVSweb > interface? I would like Rancid to checkout a configuration and copy it to a > ftp or tftp server. Then have it log into the router and upload the > configuration. Any ideas? > > Thanks, > > Brent Gardner Between the looking glass s/w and the cisco-load.exp sample that come with rancid, you could probably hack this up rather easily. Sounds rather risky though. From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 04:13:37 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 77373C6795 for ; Tue, 13 Jan 2004 04:13:37 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id ED5A717CF9E; Tue, 13 Jan 2004 04:13:36 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C907C17CFA2; Tue, 13 Jan 2004 04:13:36 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id 834F417CF9F; Tue, 13 Jan 2004 04:13:34 +0000 (UTC) Received: from choqolat.org (uec-gw.uecomm.net.au [203.94.134.236] (may be forged)) by mel1.unite.net.au (8.12.10/8.12.10) with ESMTP id i0D4DFj1028551; Tue, 13 Jan 2004 15:13:16 +1100 (EST) Message-ID: <4003705A.5020504@choqolat.org> Date: Tue, 13 Jan 2004 15:13:14 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: john heasley Cc: rancid-discuss@shrubbery.net Subject: Re: Rancid 2.3 RC1 References: <20040112035223.GI23852@shrubbery.net> In-Reply-To: <20040112035223.GI23852@shrubbery.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 12/01/2004 2:52 PM, john heasley wrote: [i have some brief notes about the patches i submitted] >Hello Rancid users, > It has been quite some time since the release of 2.2.2. 2.3 >is very close. We have a few more small bits on the to-do list before >release. > > RC1 has seen some testing. The looking glass has not been tested >much. The following changes need more exposure or have not been tested by us. > > rancid: skip show vlan for (3550|4500|7600) - from Andrew Fort > > This is because the VLANs should be in your main ('running') configuration on these platforms if you're using any recent release and "vtp mode transparent" is in your master config along with "spanning-tree extend system-id" as opposed to stored solely in vlan.dat - that is, if you're using "extended range VLAN support" as cisco call it (all 12-bits of 802.1q VLAN ID tag supported). If you don't have this enabled, you should comment out the line of code in subroutine ShowVLAN that reads: return(1) if ($type =~ /^(3550|4500|7600)$/); > Riverstone/Enterasys updates from Andrew Fort > > This is a replacement of the existing Riverstone login program (which worked poorly at my site and some others on various different expect/OS combinations) and may break your logins due to added functionality (we handle RADIUS failures and so on now). So, changes to your .cloginrc are required. Please read the end of the cloginrc example file in the distribution for an example of where your initial login pass, enable pass (aka last resort) and TAC+/RADIUS username and password goes for one of these babies. For those who tested this code privately, you shall need to make those changes - sorry for the wasted electrons. -afort From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 12:10:19 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 885E0C67DD for ; Tue, 13 Jan 2004 12:10:18 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id EDA8A17CF9E; Tue, 13 Jan 2004 12:10:17 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C668417CFA2; Tue, 13 Jan 2004 12:10:17 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id D520417CF9E for ; Tue, 13 Jan 2004 12:10:14 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 13 Jan 2004 14:09:22 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: CatOS session log message during rancid operation Date: Tue, 13 Jan 2004 14:10:57 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CatOS session log message during rancid operation Thread-Index: AcPZzk06MVASQJ4aRcSUbmpxhr58uw== From: "Yuval Ben-Ari" To: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi, not sure if this was discussed before. Once in a while I get such diffs from our Catalyst5500's (CatOS): @@ -522,8 +522,9 @@ set spantree portfast 3/1-24 enable ! #module 4 : 24-port 10/100BaseTX Ethernet set vlan 103 4/22-23 + 2004 Jan 13 13:32:03 IDT +03:00 %PAGP-5-PORTTOSTP:Port 8/19 joined bridge port 8/19 this happens because by default logging session is enabled. it needs to be disabled per session with "set logging session disable" not sure where is the best place to add it, thought you can advice .... Yuval From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 13:16:23 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id A527EC67D8 for ; Tue, 13 Jan 2004 13:16:23 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1978F17CFA2; Tue, 13 Jan 2004 13:16:23 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id EB2A017CFCD; Tue, 13 Jan 2004 13:16:22 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ns3.vmb-service.ru (ns3.vmb-service.ru [80.73.194.253]) by guelah.shrubbery.net (Postfix) with ESMTP id 5319717CFA2 for ; Tue, 13 Jan 2004 13:16:21 +0000 (UTC) Received: from office.vmb-service.ru ([80.73.192.47]:48913 "EHLO ALEC") by Altair with ESMTP id ; Tue, 13 Jan 2004 16:16:13 +0300 Reply-To: From: "Alexander Voropay" To: Subject: oscillating config Date: Tue, 13 Jan 2004 16:17:05 +0300 Organization: VMB-Service Message-ID: <00bd01c3d9d7$8a409470$1701a8c0@ALEC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi! ...It seems, this is software defect of CISCO IOS 12.2.19 AS5300 RANCID logs config diff ~~ in every 2..3 hours. @@ -365,7 +365,7 @@ interface Dialer7 ... - fair-queue 64 16 0 + fair-queue @@ -365,7 +365,7 @@ interface Dialer7 ... - fair-queue + fair-queue 64 16 0 Is there any way to prevent this ? -- -=AV=- From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 13:42:12 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 32EB3C67D8 for ; Tue, 13 Jan 2004 13:42:12 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 4CAD917CFCD; Tue, 13 Jan 2004 13:42:09 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2ABE817CFD0; Tue, 13 Jan 2004 13:42:09 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.210.19]) by guelah.shrubbery.net (Postfix) with ESMTP id 8F7FB17CFCD for ; Tue, 13 Jan 2004 13:42:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 4D7682514F; Tue, 13 Jan 2004 14:42:05 +0100 (CET) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04296-02; Tue, 13 Jan 2004 14:41:58 +0100 (CET) Received: from nipper.de (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 061C123E46; Tue, 13 Jan 2004 14:41:57 +0100 (CET) Message-ID: <4003F59D.8080903@nipper.de> Date: Tue, 13 Jan 2004 14:41:49 +0100 From: Arnold Nipper Organization: nIPper consulting User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: Yuval Ben-Ari Cc: rancid-discuss@shrubbery.net Subject: Re: CatOS session log message during rancid operation References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 13.01.2004 13:10 Yuval Ben-Ari wrote: > Once in a while I get such diffs from our Catalyst5500's (CatOS): > > @@ -522,8 +522,9 @@ > set spantree portfast 3/1-24 enable > ! > #module 4 : 24-port 10/100BaseTX Ethernet > set vlan 103 4/22-23 > + 2004 Jan 13 13:32:03 IDT +03:00 %PAGP-5-PORTTOSTP:Port 8/19 joined > bridge port 8/19 > > > this happens because by default logging session is enabled. > it needs to be disabled per session with "set logging session disable" > not sure where is the best place to add it, thought you can advice .... The recommendation is to disable logging on telnet as well as on console (see http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml for a comprehensive description) HTH, Arnold From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 15:00:38 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 89365C67D8 for ; Tue, 13 Jan 2004 15:00:38 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0857E17CFD0; Tue, 13 Jan 2004 15:00:38 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E692F17D07D; Tue, 13 Jan 2004 15:00:37 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id E31A317CFD0 for ; Tue, 13 Jan 2004 15:00:35 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 13 Jan 2004 17:00:00 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: CatOS session log message during rancid operation Date: Tue, 13 Jan 2004 17:01:37 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CatOS session log message during rancid operation Thread-Index: AcPZ2zM9Xxmy3eM4RE+dzJBEhF8ZTwACh+HA From: "Yuval Ben-Ari" To: "Arnold Nipper" Cc: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > -----Original Message----- > From: Arnold Nipper [mailto:arnold@nipper.de]=20 > Sent: Tuesday, January 13, 2004 15:42 > To: Yuval Ben-Ari > Cc: rancid-discuss@shrubbery.net > Subject: Re: CatOS session log message during rancid operation >=20 >=20 >=20 > The recommendation is to disable logging on telnet as well as=20 > on console=20 > (see=20 > http://www.cisco.com/en/US/products/hw/switches/ps663/products > _tech_note09186a0080094713.shtml=20 > for a comprehensive description) >=20 >=20 > HTH, Arnold >=20 >=20 As I said it can only be disabled per session, on next login it is enabled again. Do you know a way to permanently disable session logging ? From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 15:19:02 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 52ADEC67D8 for ; Tue, 13 Jan 2004 15:19:02 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 9F76217D07C; Tue, 13 Jan 2004 15:19:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 891F017D30B; Tue, 13 Jan 2004 15:19:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from server.nipper.de (relay.nipper.de [212.86.210.19]) by guelah.shrubbery.net (Postfix) with ESMTP id 2396817D07C for ; Tue, 13 Jan 2004 15:19:00 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 9727923E66; Tue, 13 Jan 2004 16:18:58 +0100 (CET) Received: from server.nipper.de ([127.0.0.1]) by localhost (server [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05227-10; Tue, 13 Jan 2004 16:18:57 +0100 (CET) Received: from nipper.de (pc103.nipper.de [192.168.144.103]) by server.nipper.de (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 9470123E46; Tue, 13 Jan 2004 16:18:57 +0100 (CET) Message-ID: <40040C54.5000809@nipper.de> Date: Tue, 13 Jan 2004 16:18:44 +0100 From: Arnold Nipper Organization: nIPper consulting User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031208 X-Accept-Language: de, en-us, en MIME-Version: 1.0 To: Yuval Ben-Ari Cc: rancid-discuss@shrubbery.net Subject: Re: CatOS session log message during rancid operation References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at nipper.de Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 13.01.2004 16:01 Yuval Ben-Ari wrote: > As I said it can only be disabled per session, on next login it is > enabled again. > Do you know a way to permanently disable session logging ? set logging telnet disable should do, Arnold From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 17:44:42 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BF70BC67DD for ; Tue, 13 Jan 2004 17:44:41 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 3F23717CF9E; Tue, 13 Jan 2004 17:44:41 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 2320917CFA2; Tue, 13 Jan 2004 17:44:41 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id 21DCC17CF9E for ; Tue, 13 Jan 2004 17:44:39 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 13 Jan 2004 19:44:04 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: CatOS session log message during rancid operation Date: Tue, 13 Jan 2004 19:45:40 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CatOS session log message during rancid operation Thread-Index: AcPZ6LpRuBEL7bGmTraf19YSP6D+CAAEwbhw From: "Yuval Ben-Ari" To: "Arnold Nipper" Cc: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk no such command. the command "set logging session disable" works but for that session only. CatOS is 5.5(19) Was just wondering were is the correct place to add this command. Yuval > -----Original Message----- > From: Arnold Nipper [mailto:arnold@nipper.de]=20 > Sent: Tuesday, January 13, 2004 17:19 > To: Yuval Ben-Ari > Cc: rancid-discuss@shrubbery.net > Subject: Re: CatOS session log message during rancid operation >=20 >=20 > On 13.01.2004 16:01 Yuval Ben-Ari wrote: >=20 > > As I said it can only be disabled per session, on next login it is > > enabled again. > > Do you know a way to permanently disable session logging ? >=20 >=20 > set logging telnet disable >=20 > should do, > Arnold >=20 >=20 From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 17:53:06 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id EED9CC67DF for ; Tue, 13 Jan 2004 17:53:05 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 5BF6C17CF9E; Tue, 13 Jan 2004 17:53:05 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 3BED517CFA2; Tue, 13 Jan 2004 17:53:05 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from server.tmk.com (server.tmk.com [204.141.35.63]) by guelah.shrubbery.net (Postfix) with ESMTP id 1769E17CF9E for ; Tue, 13 Jan 2004 17:53:04 +0000 (UTC) Received: from tmk.com by tmk.com (PMDF V6.2-X17 #37010) id <01L5CN3TLSQ8000LJC@tmk.com> for rancid-discuss@shrubbery.net; Tue, 13 Jan 2004 12:53:00 -0500 (EST) Date: Tue, 13 Jan 2004 12:52:10 -0500 (EST) From: Terry Kennedy Subject: RE: CatOS session log message during rancid operation In-reply-to: "Your message dated Tue, 13 Jan 2004 19:45:40 +0200" To: Yuval Ben-Ari Cc: Arnold Nipper , rancid-discuss@shrubbery.net Message-id: <01L5CN56HLVS000LJC@tmk.com> MIME-version: 1.0 Content-type: TEXT/PLAIN; CHARSET=us-ascii Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk > no such command. > the command "set logging session disable" works but for that session > only. > CatOS is 5.5(19) > Was just wondering were is the correct place to add this command. This is in RANCID 2.2.2 already - look near the bottom of clogin for: } elseif { $do_script } { # If the prompt is (enable), then we are on a switch and the # command is "set length 0"; otherwise its "term length 0". if [ regexp -- ".*> .*enable" "$prompt" ] { send "set length 0\r" send "set logging session disable\r" } else { send "term length 0\r" } did this code go missing in more recent versions? Terry Kennedy http://www.tmk.com terry@tmk.com New York, NY USA From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 22:16:19 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 1469FC67DE for ; Tue, 13 Jan 2004 22:16:19 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 963EE17CF9E; Tue, 13 Jan 2004 22:16:18 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 7131817CFA2; Tue, 13 Jan 2004 22:16:18 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 13B9017CF9E for ; Tue, 13 Jan 2004 22:16:17 +0000 (UTC) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0DMGFnN051047; Tue, 13 Jan 2004 17:16:15 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0DMGFgS051044; Tue, 13 Jan 2004 17:16:15 -0500 (EST) (envelope-from asp) Date: Tue, 13 Jan 2004 17:16:15 -0500 From: Andrew Partan To: Terry Kennedy Cc: rancid-discuss@shrubbery.net Subject: Re: CatOS session log message during rancid operation Message-ID: <20040113221615.GA51011@partan.com> References: <01L5CN56HLVS000LJC@tmk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <01L5CN56HLVS000LJC@tmk.com> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Tue, Jan 13, 2004 at 12:52:10PM -0500, Terry Kennedy wrote: > This is in RANCID 2.2.2 already - look near the bottom of clogin for: > > } elseif { $do_script } { > # If the prompt is (enable), then we are on a switch and the > # command is "set length 0"; otherwise its "term length 0". > if [ regexp -- ".*> .*enable" "$prompt" ] { > send "set length 0\r" > send "set logging session disable\r" > } else { > send "term length 0\r" > } > > did this code go missing in more recent versions? Nope; its still there. --asp From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 22:23:32 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 4A48FC67DE for ; Tue, 13 Jan 2004 22:23:32 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id BBDA617CF9E; Tue, 13 Jan 2004 22:23:31 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 9DCE317CFA2; Tue, 13 Jan 2004 22:23:31 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id 9316C17CF9E for ; Tue, 13 Jan 2004 22:23:29 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 14 Jan 2004 00:22:54 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: CatOS session log message during rancid operation Date: Wed, 14 Jan 2004 00:24:30 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: CatOS session log message during rancid operation Thread-Index: AcPZ/kA+Jvd39KP3QMGItJRGvB4wRQAJWBqw From: "Yuval Ben-Ari" To: "Terry Kennedy" Cc: Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk your'e right, I have this line, and yet get session logs slip into rancid diffs sometimes. I will try to debug it further ..... Thanks, > -----Original Message----- > From: Terry Kennedy [mailto:terry@tmk.com]=20 > Sent: Tuesday, January 13, 2004 19:52 > To: Yuval Ben-Ari > Cc: Arnold Nipper; rancid-discuss@shrubbery.net > Subject: RE: CatOS session log message during rancid operation >=20 >=20 > > no such command. > > the command "set logging session disable" works but for that session > > only. > > CatOS is 5.5(19) > > Was just wondering were is the correct place to add this command. >=20 > This is in RANCID 2.2.2 already - look near the bottom of=20 > clogin for: >=20 > } elseif { $do_script } { > # If the prompt is (enable), then we are on a switch and the > # command is "set length 0"; otherwise its "term length 0". > if [ regexp -- ".*> .*enable" "$prompt" ] { > send "set length 0\r" > send "set logging session disable\r" > } else { > send "term length 0\r" > } >=20 > did this code go missing in more recent versions? >=20 > Terry Kennedy http://www.tmk.com > terry@tmk.com New York, NY USA >=20 From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 13 23:00:31 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C79FCC67DE for ; Tue, 13 Jan 2004 23:00:31 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 0AB2A17CFA2; Tue, 13 Jan 2004 23:00:29 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E4C3217CFCD; Tue, 13 Jan 2004 23:00:28 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 0F9B317CFA9; Tue, 13 Jan 2004 23:00:28 +0000 (UTC) Date: Tue, 13 Jan 2004 15:00:27 -0800 From: john heasley To: Alexander Voropay Cc: rancid-discuss@shrubbery.net Subject: Re: oscillating config Message-ID: <20040113230027.GH10293@shrubbery.net> References: <00bd01c3d9d7$8a409470$1701a8c0@ALEC> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00bd01c3d9d7$8a409470$1701a8c0@ALEC> User-Agent: Mutt/1.4i X-PGPkey: http://www.shrubbery.net/~heas/public-key.asc X-note: live free, or die! X-homer: awe, not the good cheek Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Tue, Jan 13, 2004 at 04:17:05PM +0300, Alexander Voropay: > Hi! > > ...It seems, this is software defect of CISCO IOS 12.2.19 AS5300 > > RANCID logs config diff ~~ in every 2..3 hours. > > > @@ -365,7 +365,7 @@ interface Dialer7 > ... > - fair-queue 64 16 0 > + fair-queue > > @@ -365,7 +365,7 @@ interface Dialer7 > ... > - fair-queue > + fair-queue 64 16 0 > > > Is there any way to prevent this ? only w/ a hack or upgrading to some IOS that doesnt do that, at the moment. something like /^ fair-queue/ && next; added to the WriteTerm function after the first set of matches ought to do it. From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 14 15:10:02 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D6CFAC67E3 for ; Wed, 14 Jan 2004 15:10:01 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 2BBE917CF9E; Wed, 14 Jan 2004 15:10:01 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 0DB2B17CFA2; Wed, 14 Jan 2004 15:10:01 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ntx.netvision.net.il (ananas1.netvision.net.il [199.203.100.202]) by guelah.shrubbery.net (Postfix) with ESMTP id 9924F17CF9E for ; Wed, 14 Jan 2004 15:09:58 +0000 (UTC) Received: from Internal Mail-Server by ananas1 with SMTP; 14 Jan 2004 17:09:17 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: vcware and modemware Versions on AS5300 *&* GSR FRU info Date: Wed, 14 Jan 2004 17:10:54 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: vcware and modemware Versions on AS5300 *&* GSR FRU info Thread-Index: AcPYBURP3dOeOkBRRr2NJeBgXF++LQCq0ihA From: "Yuval Ben-Ari" To: "Andrew Partan" Cc: , Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk looks ok after a quick check Thanks > -----Original Message----- > From: Andrew Partan [mailto:asp@partan.com]=20 > Sent: Sunday, January 11, 2004 07:38 > To: Yuval Ben-Ari > Cc: a.voropay@vmb-service.ru; rancid-discuss@shrubbery.net > Subject: Re: vcware and modemware Versions on AS5300 *&* GSR FRU info >=20 >=20 > On Sun, Jan 11, 2004 at 12:30:10AM -0500, Andrew Partan wrote: > > On Fri, Jan 09, 2004 at 05:47:42PM +0200, Yuval Ben-Ari wrote: > > > show modem version seems too long, > > > you might want to monitor "show spe version" > > >=20 > > > this routine will do it: > >=20 > > On Fri, Jan 09, 2004 at 06:44:40PM +0200, Yuval Ben-Ari wrote: > > > I find it very useful for inventory purposes to include=20 > FRU information > > > on GSR routers. > > > I added the following to sub ShowDiag: > >=20 > > I merged these into rancid.in; can you (or someone) do a check of > > these bits to make sure they still work & I didn't blow something? >=20 > Bletch; I should have know better; I sent bad bits. Try=20 > these instead. > --asp >=20 From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 15 11:58:36 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id C31A6C67E0 for ; Thu, 15 Jan 2004 11:58:36 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 17A2617CFA0; Thu, 15 Jan 2004 11:58:36 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id EFC0D17CFA9; Thu, 15 Jan 2004 11:58:35 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ns3.vmb-service.ru (ns3.vmb-service.ru [80.73.194.253]) by guelah.shrubbery.net (Postfix) with ESMTP id 2749117CFA0 for ; Thu, 15 Jan 2004 11:58:34 +0000 (UTC) Received: from office.vmb-service.ru ([80.73.192.47]:8200 "EHLO ALEC") by Altair with ESMTP id ; Thu, 15 Jan 2004 14:58:04 +0300 Reply-To: From: "Alexander Voropay" To: Subject: RANCID RPM 2.3rc1 alpha Date: Thu, 15 Jan 2004 14:59:00 +0300 Organization: VMB-Service Message-ID: <020801c3db5e$f683fe00$1701a8c0@ALEC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Hi! http://monitor.vmb-service.ru/~alec/rancid-2.3.rc1-2.src.rpm RANCID RPM, alpha Bugeports, suggestions e.t.c. are welcomed. -- -=AV=- From owner-rancid-discuss-outgoing@shrubbery.net Fri Jan 16 10:42:11 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 7E6E3C6963 for ; Fri, 16 Jan 2004 10:42:11 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 088F217CF9F; Fri, 16 Jan 2004 10:42:11 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E0EE917CFA2; Fri, 16 Jan 2004 10:42:10 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from ns3.vmb-service.ru (ns3.vmb-service.ru [80.73.194.253]) by guelah.shrubbery.net (Postfix) with ESMTP id 1790417CF9F; Fri, 16 Jan 2004 10:42:09 +0000 (UTC) Received: from office.vmb-service.ru ([80.73.192.47]:59151 "EHLO ALEC") by Altair with ESMTP id ; Fri, 16 Jan 2004 13:42:04 +0300 Reply-To: From: "Alexander Voropay" To: "'john heasley'" Cc: Subject: RE: oscillating config Date: Fri, 16 Jan 2004 13:43:01 +0300 Organization: VMB-Service Message-ID: <028801c3dc1d$83a02a20$1701a8c0@ALEC> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 In-Reply-To: <20040113230027.GH10293@shrubbery.net> X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Importance: Normal Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk john heasley wrote: >> ...It seems, this is software defect of CISCO IOS 12.2.19 AS5300 >> RANCID logs config diff ~~ in every 2..3 hours. >> @@ -365,7 +365,7 @@ interface Dialer7 >> ... >> - fair-queue 64 16 0 >> + fair-queue >only w/ a hack or upgrading to some IOS that doesnt do that, at the moment. something like > > /^ fair-queue/ && next; > >added to the WriteTerm function after the first set of matches ought to do it. The "fair-queue 64 16 0" is a default CISCO setting. I did "fair-queue 65 16 0" (non-default), it works without oscillation now... -- -=AV=- From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 17 17:47:02 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D9B95C6973 for ; Sat, 17 Jan 2004 17:47:02 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id D8F2817CFC8; Sat, 17 Jan 2004 09:47:01 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id B8A7317CFCA; Sat, 17 Jan 2004 09:47:01 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 1841B17CFC9; Sat, 17 Jan 2004 09:47:01 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from horus.sticf.cc (mail.sticf.net [64.254.104.198]) by guelah.shrubbery.net (Postfix) with ESMTP id B0CFD17CFC8 for ; Sat, 17 Jan 2004 02:38:41 -0800 (PST) Received: from www.sticf.net (localhost.sticf.cc [127.0.0.1]) by horus.sticf.cc (8.12.9p1/8.12.9) with ESMTP id i0D2lwim041771 for ; Mon, 12 Jan 2004 19:47:58 -0700 (MST) (envelope-from steve@smiller.org) From: "Stephen Miller" To: rancid-discuss@shrubbery.net Subject: using config templates with rancid Date: Mon, 12 Jan 2004 19:47:58 -0700 Message-Id: <20040113024452.M13382@smiller.org> X-Mailer: Open WebMail 2.21 20031110 X-OriginatingIP: 12.28.109.34 (steve) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk i want to not only diff current configs from previous configs but also diff current configs against standard config templates. to ensure that certain config sections stay within network standards...ie. acl's for vty access, snmp communities, etc... anyone ideas on how to get rancid to do this? steve From owner-rancid-discuss-outgoing@shrubbery.net Sat Jan 17 19:15:23 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 0782FC6973 for ; Sat, 17 Jan 2004 19:15:23 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 4394F17CFCA; Sat, 17 Jan 2004 11:15:22 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 23A7517CFCC; Sat, 17 Jan 2004 11:15:22 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 0C8B317CFCA for ; Sat, 17 Jan 2004 11:15:17 -0800 (PST) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0HJFCnN089688; Sat, 17 Jan 2004 14:15:12 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0HJFCAM089685; Sat, 17 Jan 2004 14:15:12 -0500 (EST) (envelope-from asp) Date: Sat, 17 Jan 2004 14:15:12 -0500 From: Andrew Partan To: Stephen Miller Cc: rancid-discuss@shrubbery.net Subject: Re: using config templates with rancid Message-ID: <20040117191512.GA89663@partan.com> References: <20040113024452.M13382@smiller.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040113024452.M13382@smiller.org> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Mon, Jan 12, 2004 at 07:47:58PM -0700, Stephen Miller wrote: > i want to not only diff current configs from previous configs but also diff > current configs against standard config templates. to ensure that certain > config sections stay within network standards...ie. acl's for vty access, snmp > communities, etc... > > anyone ideas on how to get rancid to do this? Write a post processor. Run rancid to fetch the current configs and then run a 2nd program that does diffs vs your standard (generated?) configs. --asp From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 19 12:40:38 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BBB5BC6991 for ; Mon, 19 Jan 2004 12:40:38 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id E9CF317CFCA; Mon, 19 Jan 2004 04:40:37 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C77E817CFCD; Mon, 19 Jan 2004 04:40:37 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from xgb195.johnlewis.com (mail2.johnlewis.com [194.73.248.18]) by guelah.shrubbery.net (Postfix) with ESMTP id 23BDA17CFCA for ; Mon, 19 Jan 2004 04:40:36 -0800 (PST) Received: from xgb193.corpeu.buy.com (unverified) by xgb195.johnlewis.com (Content Technologies SMTPRS 4.3.12) with ESMTP id ; Mon, 19 Jan 2004 12:40:33 +0000 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 Subject: RE: using config templates with rancid Date: Mon, 19 Jan 2004 12:40:33 -0000 Message-ID: <05E552EE3FE62B46974D70306287F85A5B7122@xgb193.corpeu.buy.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: using config templates with rancid Thread-Index: AcPdIe5baQMbNC/tRSaGzHRI/VcwAQBZiv5g From: "Rob Evans" To: "Stephen Miller" , Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I always keep a current checked out read-only version of the configs which I then run extra diffs on via a batch script. The checked out version of the configs is updated each time after do-diffs is run. You could put an entry in crontab entry that looks something like this: 0 * * * * /usr/local/rancid/bin/do-diffs ; cd /configs ; /usr/local/bin/cvs -r -d /usr/local/rancid/CVS update >/dev/null 2>&1 ; /usr/bin/diff -U0 /configs/router1 /configs/router1.template | mailx -s diffs steve@smiller.org I don't know much about CVS, but this works for me anyway. Regards, Rob -----Original Message----- From: owner-rancid-discuss@shrubbery.net [mailto:owner-rancid-discuss@shrubbery.net] On Behalf Of Stephen Miller Sent: 13 January 2004 02:48 To: rancid-discuss@shrubbery.net Subject: using config templates with rancid i want to not only diff current configs from previous configs but also diff=20 current configs against standard config templates. to ensure that certain=20 config sections stay within network standards...ie. acl's for vty access, snmp=20 communities, etc... anyone ideas on how to get rancid to do this? steve ------------------------------- This email is confidential and may contain copyright material of the John Lewis Partnership. If you are not the intended recipient, please=20 notify us immediately and delete all copies of this message. Website: http://www.johnlewis.com From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 19 16:46:14 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 823E8C698C for ; Mon, 19 Jan 2004 16:46:14 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id E8C1B17CFCA; Mon, 19 Jan 2004 08:46:13 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C998A17CFCE; Mon, 19 Jan 2004 08:46:13 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from mailrelay.todo.de (mailrelay.todo.de [62.169.0.10]) by guelah.shrubbery.net (Postfix) with ESMTP id 4DA5F17CFCA; Mon, 19 Jan 2004 08:46:11 -0800 (PST) Received: from hendrix.code.de (pD9E0FD1B.dip.t-dialin.net [217.224.253.27]) by mailrelay.todo.de (8.12.9p2/8.12.9) with ESMTP id i0JGk61d069884 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 19 Jan 2004 17:46:07 +0100 (CET) (envelope-from erik@code.de) Received: by hendrix.code.de (Postfix, from userid 1000) id E7CB0C09D; Mon, 19 Jan 2004 17:46:03 +0100 (CET) Date: Mon, 19 Jan 2004 17:46:03 +0100 From: Erik Wenzel To: rancid-discuss@shrubbery.net, rancid@shrubbery.net Subject: Re: integration of security enhancement patch Message-ID: <20040119164603.GA4837@hendrix.code.de> Mail-Followup-To: rancid-discuss@shrubbery.net, rancid@shrubbery.net References: <20031222172045.GA17908@hendrix.code.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZoaI/ZTpAVc4A5k6" Content-Disposition: inline In-Reply-To: <20031222172045.GA17908@hendrix.code.de> User-Agent: Mutt/1.5.5.1+cvs20040105i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk --ZoaI/ZTpAVc4A5k6 Content-Type: multipart/mixed; boundary="jI8keyz6grp/JLjh" Content-Disposition: inline --jI8keyz6grp/JLjh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I implemeted an option, configured in rancid.conf, which satisfies my security needs. This option is disabled by default.=20 --=20 erik@code.de "I am not a Geek! I shower." --jI8keyz6grp/JLjh Content-Type: application/octet-stream Content-Disposition: attachment; filename="cisco-lower-privilege.patch.gz" Content-Transfer-Encoding: base64 H4sICF38CkAAA2Npc2NvLWxvd2VyLXByaXZpbGVnZS5wYXRjaADtWVFv2zYQfjZ/xc1pYQeL VTtp2qZDh7VJOgTo2iIOUgwYUNASFRORSIGknBhF//uOlCzRshzrYW/zk627j0fySH4fD4x4 HMNICVBUhDwaHQcngQongVT87sWMixeFPeBNxLqTRJOTs1cwGZ8QOnl59gb/vSYH5ACuYnh2 fjU9//L905dvl9ffv15f3QLXwASdJSwCM2cCcs1goOfyAUIpYn43AC60YTQCGcPgQXHDMJRh KuWCJoOA8BiGv0Qs5gJDDJ9dfr790ezk5+Eh/CC93vNQpikVkX43xK+ilwVTmksx6PXe/Q79 KZpuC0v/qMIoFuUiwvktQTMcVkTVclDhryuv14RHmZIpzGh4nyVUsMFRhb+6sC4fixOkSQI0 NHzB6sBXhf29M3t4JhaAdm/Il2LhD1dnEM6p1lyPuIjl4Kga6vSrh7vTaoWrO/1zeu1BZlIa r58P+NnwLqjaDkAnt2ury0BbYHFC9dyL8tF+F/6IK3hhkyMWiqZvixAXXE0TaT43ILYPF+pp mEbb+GlIxPX9DoiNMtkdZQfERjneHaUV0q+j5Nmonnx/HdnrHUBIDbw6HY9HXOqNlikPlQxl xDq09EdOF6zDojhc55VBbIflcbhOa1TG27kKZbwuuA5LVsXbtW4u3pOLV6zA61fjs/UeWDjq knyEdc09QrukHmFdMl9G25XQMloHWJe0l9HaYStNMUomCVJ8zUbnaHyfJO0wCGd5A3uOFg8c cXrnMBXoorA0MA2A501llCfM8//lDNXy+wfQNdAZq4Vr1WiasU3pCl8fj8de5HP77TO0yQBV xvhzvL3xVWKB8uWr46f3fkJVLgQXd6NSrAvcN6vSNyjRBdCJtpPsDT/pHf5GcJb3bKmHhxBJ poVBvTU5XkPMHCNrlEd7MwCpIqZQ+zAOCj2quGfFqwF+2EBhGml7p+BpJpWhGGzoyzzEXGnj WtejAjwd5jCAjBtKen+sXRL6fuvi+G69Enjupvz7rjW19xylrPudNITcc3na7VlnK12tP1GC Pcu6IHuOuJLcmp4KgmkYPapqkpklj4axoIoW5KQNuWEsDn0LcsPYYNFNp6dyLSTcOtWGdLWS d9ukPXna1qZlppUEbWuzOedaZjoISwNRCUiL48lW7VOuZGFLi81pVdS/pcXmpCp69/atx9Tt VsffnivyuLm2eJ9pyb2VwSNbv4uKSPsNIvWNePb987xGloWjpqG+K5fOsFx6SX4CS7AQ2hct +6JlX7Tsi5Z90bIvWvZFy39WtGwpVvbFyL4Y2Rcj+2Lk/1GMlEWII72fJHrq7YeZcPW8Y1sF mqZZwlregbYCCT19Ay/JAVy6tx5I5AMyZab4gifsDplTwDnXoYQLtuAhMoIlRYrTV8ymOsef B7q01Bo6GEaiYShzpNQ5QhPk5gA+SoVtImYot89JEdOh4pmxTKsZA29gw9PDgBw0n4neTcjB 04lAKl6b32lLDtowWNmdnMLxmAQfoNkrKZ6/tFOQTCKJznjCzRKMhBgTOi8zUy5aIQfwwM0c kwS5qJIYASmSk2umAiibXX2ZAnsMkxzTAS1VKMRWG2jhqheErF7UYpvURj+2AxgWa+ge7SaY T7Dve0uZQ9ESQ7JHFgKpY9pQbSNgj1nCQ5Msj9xoC8G1WwBYmmEiSIHLFbVriR1du/SCtrxS RMTNrgxSTBlR5ibLjT6ChznHBKIEy3vXPY4GT1To9gTyLFdSpKjiGoP+jUOfY0Sb91WHzE5I 4YzspnQ5f0sCnZHLR7ex8QPX/9cJJ4GIic2KoOlqo0GGgviAV4Lqu0rEsZcUl6SELVgCx+Ad TBLE3IUf2fDY582cu8sEdhPnCfAy2RKENHg48CTgwLWxJ4ZCvRGqc+J2THHPIGhjWttTR1FD H+2tJkwYxdVkj+YIV4BG7pjOlqCQfjE7H5Z4NGOaJ+g25Uhsx5qZgAT/9Elw85X8Cx/NR2pB HgAA --jI8keyz6grp/JLjh-- --ZoaI/ZTpAVc4A5k6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFADAnLmMmei9uJhBARAl4wAJ9CAw94rxvkal1Kp+XJMlRlt9/6EACgpwTz 5Ovp9AfZ5dRIWHGbVrb7AtE= =wgow -----END PGP SIGNATURE----- --ZoaI/ZTpAVc4A5k6-- From owner-rancid-discuss-outgoing@shrubbery.net Mon Jan 19 17:29:22 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BF5F9C6994 for ; Mon, 19 Jan 2004 17:29:22 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 1133017CFCC; Mon, 19 Jan 2004 09:29:22 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id E76C917CFCE; Mon, 19 Jan 2004 09:29:21 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 7053) id 4CAF217CFCD; Mon, 19 Jan 2004 09:29:21 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from phenix.rootshell.be (phenix.rootshell.be [217.22.55.50]) by guelah.shrubbery.net (Postfix) with ESMTP id DDCF317CFCA for ; Mon, 19 Jan 2004 00:56:39 -0800 (PST) Received: from phenix.rootshell.be (phenix [127.0.0.1]) by phenix.rootshell.be (8.12.8/8.12.8) with ESMTP id i0J8tvgx030329 for ; Mon, 19 Jan 2004 09:55:57 +0100 Received: from localhost (alastair@localhost) by phenix.rootshell.be (8.12.8/8.12.8/Submit) with ESMTP id i0J8tttQ002399 for ; Mon, 19 Jan 2004 09:55:57 +0100 X-Authentication-Warning: phenix.rootshell.be: alastair owned process doing -bs Date: Mon, 19 Jan 2004 09:55:55 +0100 (CET) From: "Alastair (Alex) Galloway" X-X-Sender: alastair@phenix.rootshell.be To: rancid-discuss@shrubbery.net Subject: Re: using config templates with rancid In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk Andrew Partan writes: > Run rancid to fetch the current configs and then run a 2nd program > that does diffs vs your standard (generated?) configs. Then all you need is a third program to go and beat the people who make uncommented/undocumented changes with a large stick :-) Cheers, Alastair From owner-rancid-discuss-outgoing@shrubbery.net Wed Jan 21 23:34:25 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 09428C67E5 for ; Wed, 21 Jan 2004 23:34:25 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 57CC717CFC9; Wed, 21 Jan 2004 15:34:24 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 35DEA17CFCC; Wed, 21 Jan 2004 15:34:24 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from daedalus.andrew.net.au (daedalus.andrew.net.au [210.18.204.2]) by guelah.shrubbery.net (Postfix) with ESMTP id 6A0EA17CFC9 for ; Wed, 21 Jan 2004 15:34:22 -0800 (PST) Received: from daedalus.andrew.net.au (apollock@daedalus.andrew.net.au [127.0.0.1]) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) with ESMTP id i0LNY1Qp024360; Thu, 22 Jan 2004 09:34:01 +1000 Received: (from apollock@localhost) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) id i0LNXxuK024346; Thu, 22 Jan 2004 09:33:59 +1000 Date: Thu, 22 Jan 2004 09:33:59 +1000 From: Andrew Pollock To: Andrew Fort Cc: David Williamson , rancid-discuss@shrubbery.net Subject: Re: RANCID's fantastic! Message-ID: <20040121233358.GA23665@daedalus.andrew.net.au> References: <20031205221714.GW26257@daedalus.andrew.net.au> <20031205142823.I14099@tweety.corp.gnac.com> <3FD11F89.3090609@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3FD11F89.3090609@choqolat.org> User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Sat, Dec 06, 2003 at 11:15:05AM +1100, Andrew Fort wrote: > > I'd definately like to see this also, (not just for lab gear). There > was a little discussion about this a few months back, you might check > the archives to see what came of that. (htdig seems busted, the archive files aren't particularly friendly) Okay, I'm now having a serious play with RANCID, and I'd like to see it do the out of band stuff I mentioned a while ago (i.e. we have switches, they're not telnetable, but the console is accessible via SSH to a Cyclades console access server). Can someone point me in the right direction as to what I'd have to modify to implement this? regards Andrew From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 22 00:07:10 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id DAE67C67E5 for ; Thu, 22 Jan 2004 00:07:10 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 7B87617CFC9; Wed, 21 Jan 2004 16:07:10 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 5936517CFCC; Wed, 21 Jan 2004 16:07:10 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from gizmo06bw.bigpond.com (gizmo06bw.bigpond.com [144.140.70.16]) by guelah.shrubbery.net (Postfix) with SMTP id 6FFB817CFC9 for ; Wed, 21 Jan 2004 16:07:08 -0800 (PST) Received: (qmail 9927 invoked from network); 20 Jan 2004 23:02:48 -0000 Received: from unknown (HELO bwmam01.bigpond.com) (144.135.24.69) by gizmo06bw.bigpond.com with SMTP; 20 Jan 2004 23:02:48 -0000 Received: from cpe-144-132-105-145.vic.bigpond.net.au ([144.132.105.145]) by bwmam01.bigpond.com(MAM REL_3_4_2 8/24412262) with SMTP id 24412262; Thu, 22 Jan 2004 10:06:49 +1000 Message-ID: <400F141C.6050301@choqolat.org> Date: Thu, 22 Jan 2004 11:06:52 +1100 From: Andrew Fort User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andrew Pollock Cc: rancid-discuss@shrubbery.net Subject: Re: RANCID's fantastic! References: <20031205221714.GW26257@daedalus.andrew.net.au> <20031205142823.I14099@tweety.corp.gnac.com> <3FD11F89.3090609@choqolat.org> <20040121233358.GA23665@daedalus.andrew.net.au> In-Reply-To: <20040121233358.GA23665@daedalus.andrew.net.au> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On 22/01/2004 10:33 AM, Andrew Pollock wrote: >Okay, I'm now having a serious play with RANCID, and I'd like to see it do >the out of band stuff I mentioned a while ago (i.e. we have switches, >they're not telnetable, but the console is accessible via SSH to a Cyclades >console access server). > >Can someone point me in the right direction as to what I'd have to modify to >implement this? > Referring to Heas' previous reply to your post to the list, to add the 'loginscript' or 'connectscript' type of functionality, one would need to hack the *login scripts. You could start by hacking clogin (if cisco switches are your targets, obviously), modifying the procedure 'login'. At first glance, you're probably wanting to source another expect script before the line # try each of the connection methods in $cmethod until one is successful set progs [llength $cmethod] e.g. source $filename With all the necessary expect business occuring in $filename to login to the cyclades up to such a point that you'd be typing "telnet hostname port" or similar to connect to the cisco. In theory you could use autoexpect to generate this script. In addition, you'd need to flag to clogin that you're running a prelogin script, otherwise it would expect to be running 'spawn telnet hostname [args]' (or ssh, etc depending on your method flag), which obviously doesn't grok since you're already SSH'd in), and send the command instead of spawning the command. Then, you'd need to catch the prompt of the cyclades again to indicate to expect that you want to bail out of that loop. . The 'hostname' and 'port' values would come from your router.db and cloginrc values for those entries. In regards to the port values, you specify these in the cloginrc file as follows: add method sw1.popname {telnet:2001} However if this doesn't work for you, try add method sw1.popname {telnet:-2001} I'm happy to help in getting this working, or testing this (I have some terminal servers in my lab I'd like to get configs through, too), so feel free to contact me offline if you like. -afort From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 22 00:53:15 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 5F34EC67E5 for ; Thu, 22 Jan 2004 00:53:15 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id E2F2D17CFC9; Wed, 21 Jan 2004 16:53:14 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id C103717CFCC; Wed, 21 Jan 2004 16:53:14 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from tower.partan.com (tower.partan.com [198.6.255.248]) by guelah.shrubbery.net (Postfix) with ESMTP id 5B91717CFC9 for ; Wed, 21 Jan 2004 16:53:13 -0800 (PST) Received: from tower.partan.com (localhost.partan.com [127.0.0.1]) by tower.partan.com (8.12.8p2/8.12.8) with ESMTP id i0M0r1nN005049; Wed, 21 Jan 2004 19:53:01 -0500 (EST) (envelope-from asp@tower.partan.com) Received: (from asp@localhost) by tower.partan.com (8.12.8p2/8.12.8/Submit) id i0M0r0MA005046; Wed, 21 Jan 2004 19:53:00 -0500 (EST) (envelope-from asp) Date: Wed, 21 Jan 2004 19:53:00 -0500 From: Andrew Partan To: Andrew Fort Cc: Andrew Pollock , rancid-discuss@shrubbery.net Subject: Re: RANCID's fantastic! Message-ID: <20040122005300.GA3991@partan.com> References: <20031205221714.GW26257@daedalus.andrew.net.au> <20031205142823.I14099@tweety.corp.gnac.com> <3FD11F89.3090609@choqolat.org> <20040121233358.GA23665@daedalus.andrew.net.au> <400F141C.6050301@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <400F141C.6050301@choqolat.org> User-Agent: Mutt/1.4.1i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Jan 22, 2004 at 11:06:52AM +1100, Andrew Fort wrote: > add method sw1.popname {telnet:2001} With a small amount of hacking, rancid could support add method sw1.popname {ssh:2001} as well, so you would be a step closer to sshing to some port on your terminal server to connect to some device's console. [I recently turned telnet off in my console servers & started using ssh instead. Works nicely & one less use of telnet around here.] Anyone want to try these changes to clogin to support sshing to a port? --asp --- clogin.in.orig Mon Jan 19 20:52:47 2004 +++ clogin.in Wed Jan 21 19:46:42 2004 @@ -306,8 +306,14 @@ send_user "\nError: telnet failed: $reason\n" exit 1 } - } elseif ![string compare $prog "ssh"] { - if [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] { + } elseif [string match "ssh*" $prog] { + regexp {ssh(:([^[:space:]]+))*} $prog command suffix port + if {"$port" == ""} { + set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user $router} reason ] + } else { + set retval [ catch {spawn $sshcmd -c $cyphertype -x -l $user -p $port $router} reason ] + } + if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" exit 1 } From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 22 01:10:45 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id 15918C67E5 for ; Thu, 22 Jan 2004 01:10:45 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 750BA17CFC9; Wed, 21 Jan 2004 17:10:44 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 511AC17CFCC; Wed, 21 Jan 2004 17:10:44 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from daedalus.andrew.net.au (daedalus.andrew.net.au [210.18.204.2]) by guelah.shrubbery.net (Postfix) with ESMTP id B634317CFC9 for ; Wed, 21 Jan 2004 17:10:42 -0800 (PST) Received: from daedalus.andrew.net.au (apollock@daedalus.andrew.net.au [127.0.0.1]) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) with ESMTP id i0M1AeQp028221; Thu, 22 Jan 2004 11:10:40 +1000 Received: (from apollock@localhost) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) id i0M1AehF028219; Thu, 22 Jan 2004 11:10:40 +1000 Date: Thu, 22 Jan 2004 11:10:40 +1000 From: Andrew Pollock To: Andrew Fort Cc: rancid-discuss@shrubbery.net Subject: Re: RANCID's fantastic! Message-ID: <20040122011040.GA26295@daedalus.andrew.net.au> References: <20031205221714.GW26257@daedalus.andrew.net.au> <20031205142823.I14099@tweety.corp.gnac.com> <3FD11F89.3090609@choqolat.org> <20040121233358.GA23665@daedalus.andrew.net.au> <400F141C.6050301@choqolat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <400F141C.6050301@choqolat.org> User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk On Thu, Jan 22, 2004 at 11:06:52AM +1100, Andrew Fort wrote: > On 22/01/2004 10:33 AM, Andrew Pollock wrote: > > >Okay, I'm now having a serious play with RANCID, and I'd like to see it do > >the out of band stuff I mentioned a while ago (i.e. we have switches, > >they're not telnetable, but the console is accessible via SSH to a Cyclades > >console access server). > > > >Can someone point me in the right direction as to what I'd have to modify > >to > >implement this? > > > > Referring to Heas' previous reply to your post to the list, to add the > 'loginscript' or 'connectscript' type of functionality, one would need > to hack the *login scripts. > > You could start by hacking clogin (if cisco switches are your targets, > obviously), modifying the procedure 'login'. At first glance, you're > probably wanting to source another expect script before the line [snip] Thanks for the very detailed pointer. That helps get me started. The way I have our Cyclades setup is you can SSH to it thusly: ssh andrew:switch1@mycyclades or ssh -l andrew:switch1 mycyclades and you'll land straight onto the console port in question. Obviously you need to send a ~. to get off again. So you don't spend any time on the console server itself. Is it best to hack in a new method along the lines of "cas" and a have a cas user and password in cloginrc? Then the foreach loop of the login procedure would just do nothing if the method was cas, and I'd be conditionally sourcing another script prior to the foreach that handles connecting to the port if the method was cas. Then the rest of the login procedure should be able to cope from there. I guess I'd just have to handle disconnecting from the port then somewhere as well. regards Andrew From owner-rancid-discuss-outgoing@shrubbery.net Thu Jan 22 11:46:19 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id D5A3BC67E2 for ; Thu, 22 Jan 2004 11:46:19 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id 329AE17CFC9; Thu, 22 Jan 2004 03:46:19 -0800 (PST) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id 0F5E617CFCC; Thu, 22 Jan 2004 03:46:18 -0800 (PST) X-Original-To: rancid-discuss@shrubbery.net Received: from mel1.unite.net.au (mel1.uecomm.net.au [203.94.129.130]) by guelah.shrubbery.net (Postfix) with ESMTP id 70C1D17CFC9 for ; Thu, 22 Jan 2004 03:46:16 -0800 (PST) Received: from ninja.choqolat.org ([218.185.30.245]) by mel1.unite.net.au (8.12.10/8.12.10) with SMTP id i0MBjk0q005735; Thu, 22 Jan 2004 22:45:47 +1100 (EST) Received: (nullmailer pid 22438 invoked by uid 500); Thu, 22 Jan 2004 11:39:04 -0000 Date: Thu, 22 Jan 2004 22:39:03 +1100 From: Andrew Fort To: Andrew Pollock Cc: rancid-discuss@shrubbery.net Subject: Re: RANCID's fantastic! Message-ID: <20040122113903.GA22411@ninja.choqolat.org> References: <20031205221714.GW26257@daedalus.andrew.net.au> <20031205142823.I14099@tweety.corp.gnac.com> <3FD11F89.3090609@choqolat.org> <20040121233358.GA23665@daedalus.andrew.net.au> <400F141C.6050301@choqolat.org> <20040122011040.GA26295@daedalus.andrew.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040122011040.GA26295@daedalus.andrew.net.au> User-Agent: Mutt/1.4i X-URL: http://choqolat.org/ Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk * Andrew Pollock [2004-01-22 11:10:40 +1000]: > [snip] > > Thanks for the very detailed pointer. That helps get me started. > > The way I have our Cyclades setup is you can SSH to it thusly: > > ssh andrew:switch1@mycyclades > or > ssh -l andrew:switch1 mycyclades > > and you'll land straight onto the console port in question. Obviously you > need to send a ~. to get off again. So you don't spend any time on the > console server itself. So this works now? (or perhaps with asp's patch he posted)? add username mycyclades {andrew:switch1} add userpasswd mycyclades {blah} just that you have the overloaded 'mycyclades' issue to resolve? > Is it best to hack in a new method along the lines of "cas" and a have a cas > user and password in cloginrc? Then the foreach loop of the login procedure > would just do nothing if the method was cas, and I'd be conditionally > sourcing another script prior to the foreach that handles connecting to the > port if the method was cas. Then the rest of the login procedure should be > able to cope from there. I guess I'd just have to handle disconnecting from > the port then somewhere as well. changing rancid minimally would suggest (if i'm right above) that you have multiple host aliases (for the switches' names) all pointing to the same IP address of mycyclades, and you treat them differently in .cloginrc (different username password pairs per 'switch'); and then just ssh to the 'switch' (really the cyclades with the extended username). > regards > Andrew -afort (away for a week to have surgery.. wish me luck :) From owner-rancid-discuss-outgoing@shrubbery.net Tue Jan 27 01:33:41 2004 Return-Path: X-Original-To: rancid-discuss-archive@ni.shrubbery.net Delivered-To: rancid-discuss-archive@ni.shrubbery.net Received: from guelah.shrubbery.net (guelah.shrubbery.net [198.58.5.1]) by ni.shrubbery.net (Postfix) with ESMTP id BCE63C67DF for ; Tue, 27 Jan 2004 01:33:41 +0000 (GMT) Received: by guelah.shrubbery.net (Postfix) id CE89F17CF9E; Tue, 27 Jan 2004 01:33:40 +0000 (UTC) Delivered-To: rancid-discuss-outgoing@shrubbery.net Received: by guelah.shrubbery.net (Postfix, from userid 10007) id AA38317CFC4; Tue, 27 Jan 2004 01:33:40 +0000 (UTC) X-Original-To: rancid-discuss@shrubbery.net Received: from daedalus.andrew.net.au (daedalus.andrew.net.au [210.18.204.2]) by guelah.shrubbery.net (Postfix) with ESMTP id D8AA517CF9E for ; Tue, 27 Jan 2004 01:33:38 +0000 (UTC) Received: from daedalus.andrew.net.au (apollock@daedalus.andrew.net.au [127.0.0.1]) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) with ESMTP id i0R1XLuO012664 for ; Tue, 27 Jan 2004 11:33:21 +1000 Received: (from apollock@localhost) by daedalus.andrew.net.au (8.12.10/8.12.10/Debian-1) id i0R1XKZ7012662 for rancid-discuss@shrubbery.net; Tue, 27 Jan 2004 11:33:20 +1000 Date: Tue, 27 Jan 2004 11:33:20 +1000 From: Andrew Pollock To: rancid-discuss@shrubbery.net Subject: Hacking Cyclades support into clogin Message-ID: <20040127013319.GA11291@daedalus.andrew.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.4i Sender: owner-rancid-discuss@shrubbery.net Precedence: bulk I give up, I can't grok TCL/Expect as well as I'd like, and therefore can't hack the support into clogin that I'd like, so I'm going to explain here what I'm trying to do in the hope that someone else who wants this functionality (or some kind soul who knows the innards of clogin) can help with the mechanics of the code (or help improve the logic). Firstly, the Cyclades is configured so that going: ssh -l andrew:router cyclades or ssh -l andrew:ttyS1 cyclades will land you (after authenticating) on the console of the router connected to port ttyS1 (where router has been defined as an alias for ttyS1). Pressing Enter is required to get a console login spat out. Sending a ~. on a newline after logging out of the console is required to disconnect. So I thought I'd create another method, instead of trying to hack the life out of the existing ssh method, so I made a method called "cas" (console access server), with caspassword and casuser variables. I think this is where I've come unstuck, because the login procedure is only passing a username and a userpassword, which aren't necessarily relevant to the SSH connection to the Cyclades. The login procedure needs to be recursive, in that it logs in once to the Cyclades using SSH, and then presses Enter, and then handles a console login as it would normally (I guess not unlike a telnet connection). I haven't even made it to the logging out stage in clogin, but I guess if it sees an "exit" or a "logout" or whatever, it needs to send an Enter and then a ~. Hope this helps someone with more TCL clue than I to get somewhere. Andrew