From m.jimenez at ibermatica.com Wed Mar 2 16:05:47 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Wed, 2 Mar 2011 17:05:47 +0100 Subject: [rancid] FWSM compatibility Message-ID: Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From rwest at zyedge.com Wed Mar 2 16:25:55 2011 From: rwest at zyedge.com (Ryan West) Date: Wed, 2 Mar 2011 16:25:55 +0000 Subject: [rancid] FWSM compatibility In-Reply-To: References: Message-ID: <5DC4853C6CC3EE4788779E0726E034DD7A75F1@zy-ex1.zyedge.local> User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.jimenez at ibermatica.com Wed Mar 2 16:27:33 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Wed, 2 Mar 2011 17:27:33 +0100 Subject: [rancid] FWSM compatibility In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD7A75F1@zy-ex1.zyedge.local> Message-ID: What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From rwest at zyedge.com Wed Mar 2 16:42:52 2011 From: rwest at zyedge.com (Ryan West) Date: Wed, 2 Mar 2011 16:42:52 +0000 Subject: [rancid] FWSM compatibility In-Reply-To: References: <5DC4853C6CC3EE4788779E0726E034DD7A75F1@zy-ex1.zyedge.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD7A76BB@zy-ex1.zyedge.local> http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.jimenez at ibermatica.com Wed Mar 2 16:57:00 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Wed, 2 Mar 2011 17:57:00 +0100 Subject: [rancid] FWSM compatibility In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD7A76BB@zy-ex1.zyedge.local> Message-ID: So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From rwest at zyedge.com Wed Mar 2 17:03:07 2011 From: rwest at zyedge.com (Ryan West) Date: Wed, 2 Mar 2011 17:03:07 +0000 Subject: [rancid] FWSM compatibility In-Reply-To: References: <5DC4853C6CC3EE4788779E0726E034DD7A76BB@zy-ex1.zyedge.local> Message-ID: <5DC4853C6CC3EE4788779E0726E034DD7A779F@zy-ex1.zyedge.local> Just edit clogin in the bin directory to add the patch. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:57 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From Todd at equivoice.com Fri Mar 4 15:10:40 2011 From: Todd at equivoice.com (Todd Heide) Date: Fri, 4 Mar 2011 09:10:40 -0600 Subject: [rancid] Upgrading 2.3.2 to latest Message-ID: <082FEA82DC985B4F8A6B412D5AC4E22002988BB1@exchange.Equivoice.local> What steps do I take to upgrade to the latest version? I haven't played with it in such a long time, I forgot how to use it. I have a few devices that I found are no longer updating, and I forgot how to run the CLI steps to debug it too. I guess if its working OK with the front end, you don't really spend a lot of time on the back end and forget it all. J -------------- next part -------------- An HTML attachment was scrubbed... URL: From bobthebaritone at gmail.com Sat Mar 5 07:38:19 2011 From: bobthebaritone at gmail.com (bob watson) Date: Sat, 5 Mar 2011 18:38:19 +1100 Subject: [rancid] Upgrading 2.3.2 to latest In-Reply-To: <082FEA82DC985B4F8A6B412D5AC4E22002988BB1@exchange.Equivoice.local> References: <082FEA82DC985B4F8A6B412D5AC4E22002988BB1@exchange.Equivoice.local> Message-ID: Hi Todd, clogin is your friend. Just upgrading is not gonig to fix things if there is no network connectivity. I manage a few RANCID installations and the most common thing I find is that our customer has simply turned the devcie off! Know your network connect method - clogin from the command prompt will tell you yay or nay...see man pages at shrubbery.net. Cheers from OZ, Bob 2011/3/5 Todd Heide > > > What steps do I take to upgrade to the latest version? I haven?t played > with it in such a long time, I forgot how to use it. I have a few devices > that I found are no longer updating, and I forgot how to run the CLI steps > to debug it too. I guess if its working OK with the front end, you don?t > really spend a lot of time on the back end and forget it all. J > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.jimenez at ibermatica.com Tue Mar 8 11:21:21 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Tue, 8 Mar 2011 12:21:21 +0100 Subject: [rancid] FWSM compatibility In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD7A779F@zy-ex1.zyedge.local> Message-ID: Hello, I have succesfully patched but I have some questions... My intention is to login like a typical Cisco device and inside it, run commands (usercmd_chat may be...) but the login mode, what should be ? I have to do "enable" and type the password... I can not use the "ssh" method ? Can I use SSH method and then call usercmd-chat or what is the recomendation ? In the patch example I can see "add usercmd host {ssh} {-t} {-p 1234} {command ???}" but what happen with password and "enable ? Thanks and I hope I will solve it with your help guys!! Thanks in advance. ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 18:03 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Just edit clogin in the bin directory to add the patch. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:57 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmccullagh at gmail.com Tue Mar 8 11:38:14 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 8 Mar 2011 11:38:14 +0000 Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> <20110216082239.GE6432@gmail.com> Message-ID: <20110308113814.GA24023@gmail.com> Hi, On Wed, 16 Feb 2011, Jethro R Binks wrote: > wrancid/wrapwrancid might help: see: > > http://sites.google.com/site/jrbinks/code/rancid/wraprancid Interesting, thanks. > The 3Com 4400 doesn't have a CLI (menu) command to show the running > config, but you could run something periodically to tftp the config to a > server, from where you can instruct rancid can read it by using > wraprancid. That's what I had in mind, although, looking at the config, I think there may be a smarter way. When you run the backupconfig, tell it a tftp server and a filename, a single line appears saying "Processing:....". The rest of the line appears to be the current config line which it is reading. Rather than spit the config out on sequential lines, it refreshes the same line over and over, but you see things like: Processing: ... Processing: <# SECURITY NETWORK ACCESS SECTION> .... Processing: so it may be possible to pull the full config, just by sending it to a tftp server. In fact, the tftp server upload happens afterward and can fail so it may not be necessary for the upload to work. I guess it should be possible to capture this information though I haven't tried yet. Gavin From jethro.binks at strath.ac.uk Tue Mar 8 11:45:28 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 8 Mar 2011 11:45:28 +0000 (GMT) Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110308113814.GA24023@gmail.com> References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> <20110216082239.GE6432@gmail.com> <20110308113814.GA24023@gmail.com> Message-ID: On Tue, 8 Mar 2011, Gavin McCullagh wrote: > That's what I had in mind, although, looking at the config, I think > there may be a smarter way. When you run the backupconfig, tell it a > tftp server and a filename, a single line appears saying > "Processing:....". The rest of the line appears to be the current > config line which it is reading. Rather than spit the config out on > sequential lines, it refreshes the same line over and over, but you see > things like: > > Processing: Interesting observation, thanks. I don't think I've ever actually bothered to tftp in all these years, just knew that it was possible! > I guess it should be possible to capture this information though I > haven't tried yet. I might take a look if I'm at a loose end. No time soon then! Jethro. . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From m.jimenez at ibermatica.com Tue Mar 8 11:47:04 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Tue, 8 Mar 2011 12:47:04 +0100 Subject: [rancid] FWSM compatibility Message-ID: It works!! add method fwbt {usercmd} add usercmd fwbt {clogin} {-u} {mike} {-p} {pas} {-e} {pass} {172.24.133.40} add usercmd_chat fwbt {fwcat1/admin#} {changeto context fwBT\r} {fwcat1/fwBT#} {sh run\r} :) And now, this is possible to integrate with Rancid for making backups ? ________________________________ De: Jim?nez Fern?ndez, Mikel Enviado el: martes, 08 de marzo de 2011 12:21 Para: 'Ryan West'; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Hello, I have succesfully patched but I have some questions... My intention is to login like a typical Cisco device and inside it, run commands (usercmd_chat may be...) but the login mode, what should be ? I have to do "enable" and type the password... I can not use the "ssh" method ? Can I use SSH method and then call usercmd-chat or what is the recomendation ? In the patch example I can see "add usercmd host {ssh} {-t} {-p 1234} {command ???}" but what happen with password and "enable ? Thanks and I hope I will solve it with your help guys!! Thanks in advance. ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 18:03 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Just edit clogin in the bin directory to add the patch. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:57 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmccullagh at gmail.com Tue Mar 8 11:51:24 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 8 Mar 2011 11:51:24 +0000 Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> <20110216082239.GE6432@gmail.com> <20110308113814.GA24023@gmail.com> Message-ID: <20110308115123.GB24023@gmail.com> Hi, On Tue, 08 Mar 2011, Jethro R Binks wrote: > > Processing: > > Interesting observation, thanks. I don't think I've ever actually > bothered to tftp in all these years, just knew that it was possible! > > > I guess it should be possible to capture this information though I > > haven't tried yet. > > I might take a look if I'm at a loose end. No time soon then! It dawned on me after sending the mail to run wireshark and see how much of the data really comes across. Disappointingly it seems to only print a subset of the lines of the config, I guess to give you an idea where it is in the process. Shame :-) Gavin From jethro.binks at strath.ac.uk Tue Mar 8 11:55:55 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Tue, 8 Mar 2011 11:55:55 +0000 (GMT) Subject: [rancid] support for D-Link switches, where to start? In-Reply-To: <20110308115123.GB24023@gmail.com> References: <20110202103538.GB9564@gmail.com> <20110213123039.GK26658@gmail.com> <20110216003542.GN25376@shrubbery.net> <20110216082239.GE6432@gmail.com> <20110308113814.GA24023@gmail.com> <20110308115123.GB24023@gmail.com> Message-ID: On Tue, 8 Mar 2011, Gavin McCullagh wrote: > > I might take a look if I'm at a loose end. No time soon then! > > It dawned on me after sending the mail to run wireshark and see how much of > the data really comes across. Disappointingly it seems to only print > a subset of the lines of the config, I guess to give you an idea where it > is in the process. > > Shame :-) Bah! . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From gmccullagh at gmail.com Tue Mar 8 12:31:18 2011 From: gmccullagh at gmail.com (Gavin McCullagh) Date: Tue, 8 Mar 2011 12:31:18 +0000 Subject: [rancid] support for D-Link switches, first stab..... Message-ID: <20110308123118.GC24023@gmail.com> Hi, attached to this email are dllogin dlrancid which are modified versions of fnrancid and fnlogin. These work with a number of the D-Link models which we have here: # DES-3010F - success (telnet, ssh) # DES-3052P - success (telnet, ssh, ... a little slow) # DES-3526 - success (telnet, ssh) # DES-3550 - success (telnet, ssh) # DES-3250TG - fail (there's no command to print config) # DGS-3324SR - success (telnet, ssh) # DGS-3100 - fail (but probably not too big a job to fix) This is just a first go, but it's working well enough for us to use now. If anyone has feedback, I'd love to hear it. The only other modification was to add 'dlink' => 'dlrancid', to %vendortable in rancid-fe and then use "dlink" to describe switches in router.db. Thanks for rancid, we're already seeing benefits. Gavin -------------- next part -------------- #! /usr/bin/perl ## ## ## dlrancid ## ## rancid 2.3.6 ## Copyright (c) 1997-2008 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # A library built on Stephen Gill's Netscreen stuff to accomodate # the Fortinet product line. [d_pfleger at juniper.net] # In turn massaged some more to accomodate the D-Link line of switches # # RANCID - Really Awesome New Cisco confIg Differ # # usage: dlrancid [-dV] [-l] [-f filename | hostname] # use Getopt::Std; getopts('dflV'); if ($opt_V) { print "rancid 2.3.6\n"; exit(0); } $log = $opt_l; $debug = $opt_d; #$debug = 1; $file = $opt_f; $host = $ARGV[0]; $found_end = 0; $timeo = 300; # dllogin timeout in seconds (some of these devices are remarkably slow to read config) my(@commandtable, %commands, @commands);# command lists my($aclsort) = ("ipsort"); # ACL sorting mode my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode # This routine is used to print out the router configuration sub ProcessHistory { my($new_hist_tag,$new_command,$command_string, at string) = (@_); if ((($new_hist_tag ne $hist_tag) || ($new_command ne $command)) && scalar(%history)) { print eval "$command \%history"; undef %history; } if (($new_hist_tag) && ($new_command) && ($command_string)) { if ($history{$command_string}) { $history{$command_string} = "$history{$command_string}@string"; } else { $history{$command_string} = "@string"; } } elsif (($new_hist_tag) && ($new_command)) { $history{++$#history} = "@string"; } else { print "@string"; } $hist_tag = $new_hist_tag; $command = $new_command; 1; } sub numerically { $a <=> $b; } # This is a sort routine that will sort numerically on the # keys of a hash as if it were a normal array. sub keynsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort numerically keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # keys of a hash as if it were a normal array. sub keysort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort keys(%lines)) { $sorted_lines[$i] = $lines{$key}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # values of a hash as if it were a normal array. sub valsort{ local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $key (sort values %lines) { $sorted_lines[$i] = $key; $i++; } @sorted_lines; } # This is a numerical sort routine (ascending). sub numsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $num (sort {$a <=> $b} keys %lines) { $sorted_lines[$i] = $lines{$num}; $i++; } @sorted_lines; } # This is a sort routine that will sort on the # ip address when the ip address is anywhere in # the strings. sub ipsort { local(%lines) = @_; local($i) = 0; local(@sorted_lines); foreach $addr (sort sortbyipaddr keys %lines) { $sorted_lines[$i] = $lines{$addr}; $i++; } @sorted_lines; } # These two routines will sort based upon IP addresses sub ipaddrval { my(@a) = ($_[0] =~ m#^(\d+)\.(\d+)\.(\d+)\.(\d+)$#); $a[3] + 256 * ($a[2] + 256 * ($a[1] +256 * $a[0])); } sub sortbyipaddr { &ipaddrval($a) <=> &ipaddrval($b); } # This routine parses "get system" sub GetSystem { print STDERR " In GetSystem: $_" if ($debug); my $priv_key; while () { tr/\015//d; next if /^\s*$/; last if (/$prompt/); #next if (/^System Time:/i); #next if (/^\s*Virus-DB: .*/); #next if (/^\s*Extended DB: .*/); #next if (/^\s*IPS-DB: .*/); #next if (/^FortiClient application signature package:/); ProcessHistory("","","","#$_"); } ProcessHistory("SYSTEM","","","\n"); return(0); } sub GetFile { print STDERR " In GetFile: $_" if ($debug); while () { last if (/$prompt/); } ProcessHistory("FILE","","","\n"); return(0); } sub GetConf { print STDERR " In GetConf: $_" if ($debug); my $password_counter=0; while () { tr/\015//d; next if /^\s*$/; last if (/$prompt/); # filter variabilities between configurations. password encryption # upon each display of the configuration. #if (/^\s*(set [^\s]*)\s(Enc\s[^\s]+)(.*)/i && $filter_pwds > 0 ) { # ProcessHistory("ENC","","","#$1 ENC $3\n"); # next; #} # if filtering passwords, note that we're on an opening account line # next two lines will be passwords if (/^create account / && $filter_pwds > 0 ) { $password_counter=2; ProcessHistory("","","","#$_"); next; } elsif ($password_counter > 0) { $password_counter--; ProcessHistory("","","","#\n"); next; } ProcessHistory("","","","$_"); } $found_end = 1; return(1); } # dummy function sub DoNothing {print STDOUT;} # Main @commandtable = ( {'show switch' => 'GetSystem'}, {'show config current_config' => 'GetConf'} ); # Use an array to preserve the order of the commands and a hash for mapping # commands to the subroutine and track commands that have been completed. @commands = map(keys(%$_), @commandtable); %commands = map(%$_, @commandtable); $cisco_cmds=join(";", at commands); $cmds_regexp = join("|", map quotemeta($_), @commands); if (length($host) == 0) { if ($file) { print(STDERR "Too few arguments: file name required\n"); exit(1); } else { print(STDERR "Too few arguments: host name required\n"); exit(1); } } open(OUTPUT,">$host.new") || die "Can't open $host.new for writing: $!\n"; select(OUTPUT); # make OUTPUT unbuffered if debugging if ($debug) { $| = 1; } if ($file) { print STDERR "opening file $host\n" if ($debug); print STDOUT "opening file $host\n" if ($log); open(INPUT,"<$host") || die "open failed for $host: $!\n"; } else { print STDERR "executing dllogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($debug); print STDOUT "executing dllogin -t $timeo -c\"$cisco_cmds\" $host\n" if ($log); if (defined($ENV{NOPIPE})) { system "dllogin -t $timeo -c \"$cisco_cmds\" $host $host.raw 2>&1" || die "dllogin failed for $host: $!\n"; open(INPUT, "< $host.raw") || die "dllogin failed for $host: $!\n"; } else { open(INPUT,"dllogin -t $timeo -c \"$cisco_cmds\" $host ) { tr/\015//d; if (/^Error:/) { print STDOUT ("$host dllogin error: $_"); print STDERR ("$host dllogin error: $_") if ($debug); last; } while (/^.+(#|\$)\s*($cmds_regexp)\s*$/) { $cmd = $2; # - FortiGate prompts end with either '#' or '$'. Further, they may # be prepended with a '~' if the hostname is too long. Therefore, # we need to figure out what our prompt really is. # if (!defined($prompt)) { # if ($_ =~ m/^.+\~\$/) { # $prompt = '\~\$ .*'; # } else { # if ($_ =~ m/^.+\$/) { # $prompt = ' \$ .*'; # } else { # if ($_ =~ m/^.+\~#/) { # $prompt = '\~# .*'; # } else { if ($_ =~ m/^.+#/) { $prompt = '.+#.*'; } # } # } # } # } print STDERR ("HIT COMMAND:$_") if ($debug); if (!defined($commands{$cmd})) { print STDERR "$host: found unexpected command - \"$cmd\"\n"; last TOP; } $rval = &{$commands{$cmd}}; delete($commands{$cmd}); if ($rval == -1) { last TOP; } } } print STDOUT "Done $logincmd: $_\n" if ($log); # Flush History ProcessHistory("","","",""); # Cleanup close(INPUT); close(OUTPUT); if (defined($ENV{NOPIPE})) { unlink("$host.raw") if (! $debug); } # check for completeness if (scalar(%commands) || !$found_end) { if (scalar(%commands)) { printf(STDOUT "$host: missed cmd(s): %s\n", join(',', keys(%commands))); printf(STDERR "$host: missed cmd(s): %s\n", join(',', keys(%commands))) if ($debug); } if (!$found_end) { print STDOUT "$found_end: found end\n"; print STDOUT "$host: End of run not found\n"; print STDERR "$host: End of run not found\n" if ($debug); system("/usr/bin/tail -1 $host.new"); } unlink "$host.new" if (! $debug); } -------------- next part -------------- #! /usr/bin/expect -- ## ## patched to accomplish fortinet from nlogin ## in turn patched to accomplish D-Link from fnlogin ## by: Daniel G. Epstein ## adapted by: Diego Ercolani ## further adapted by: Gavin McCullagh ## ## rancid 2.3.6 ## Copyright (c) 1997-2009 by Terrapin Communications, Inc. ## All rights reserved. ## ## This code is derived from software contributed to and maintained by ## Terrapin Communications, Inc. by Henry Kilmer, John Heasley, Andrew Partan, ## Pete Whiting, Austin Schutz, and Andrew Fort. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following disclaimer in the ## documentation and/or other materials provided with the distribution. ## 3. All advertising materials mentioning features or use of this software ## must display the following acknowledgement: ## This product includes software developed by Terrapin Communications, ## Inc. and its contributors for RANCID. ## 4. Neither the name of Terrapin Communications, Inc. nor the names of its ## contributors may be used to endorse or promote products derived from ## this software without specific prior written permission. ## 5. It is requested that non-binding fixes and modifications be contributed ## back to Terrapin Communications, Inc. ## ## THIS SOFTWARE IS PROVIDED BY Terrapin Communications, INC. AND CONTRIBUTORS ## ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED ## TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COMPANY OR CONTRIBUTORS ## BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE ## POSSIBILITY OF SUCH DAMAGE. # # The expect login scripts were based on Erik Sherk's gwtn, by permission. # Netscreen hacks implemented by Stephen Gill . # Fortinet hacks by Daniel G. Epstein # D-Link hacks by Gavin McCullagh # ############################################################################# # # dllogin - D-Link login # This script is very much a hack based on the existing code, but it works for us. # # Thus far we have tested this on the following D-Link Switch models: # # DES-3010F - success (telnet, ssh) # DES-3052P - success (telnet, ssh, ... a little slow) # DES-3526 - success (telnet, ssh) # DES-3550 - success (telnet, ssh) # DES-3250TG - fail (there's no command to print config) # DGS-3324SR - success (telnet, ssh) # DGS-3100 - fail (but probably not too big a job to fix) # # Known bugs/issues: # - line wrap problems cause newlines within config lines at 80 chars wide on # some models (DES-3010F) # - ssh can be quite slow on these units and we've even had anecdotal evidence # that the load on the switches can occasionally cause packet loss. We # generally use telnet for this reason and all is fine. # # ############################################################################# # Usage line set usage "Usage: $argv0 \[-dSV\] \[-c command\] \[-Evar=x\] \ \[-f cloginrc-file\] \[-p user-password\] \ \[-s script-file\] \[-t timeout\] \[-u username\] \ \[-v vty-password\] \[-x command-file\] \ \[-y ssh_cypher_type\] router \[router...\]\n" # env(CLOGIN) may contain: # x == do not set xterm banner or name # Password file set password_file $env(HOME)/.cloginrc # Default is to login to the firewall set do_command 0 set do_script 0 # The default is to look in the password file to find the passwords. This # tracks if we receive them on the command line. set do_passwd 1 set do_enapasswd 1 # Save config, if prompted set do_saveconfig 0 # Find the user in the ENV, or use the unix userid. if {[ info exists env(CISCO_USER) ]} { set default_user $env(CISCO_USER) } elseif {[ info exists env(USER) ]} { set default_user $env(USER) } elseif {[ info exists env(LOGNAME) ]} { set default_user $env(LOGNAME) } else { # This uses "id" which I think is portable. At least it has existed # (without options) on all machines/OSes I've been on recently - # unlike whoami or id -nu. if [ catch {exec id} reason ] { send_error "\nError: could not exec id: $reason\n" exit 1 } regexp {\(([^)]*)} "$reason" junk default_user } if {[ info exists env(CLOGINRC) ]} { set password_file $env(CLOGINRC) } # Sometimes firewall take awhile to answer (the default is 10 sec) set timeout 45 # Process the command line for {set i 0} {$i < $argc} {incr i} { set arg [lindex $argv $i] switch -glob -- $arg { # Expect debug mode -d* { exp_internal 1 # Username } -u* { if {! [ regexp .\[uU\](.+) $arg ignore user]} { incr i set username [ lindex $argv $i ] } # VTY Password } -p* { if {! [ regexp .\[pP\](.+) $arg ignore userpasswd]} { incr i set userpasswd [ lindex $argv $i ] } set do_passwd 0 # Environment variable to pass to -s scripts } -E* { if {[ regexp .\[E\](.+)=(.+) $arg ignore varname varvalue]} { set E$varname $varvalue } else { send_user "\nError: invalid format for -E in $arg\n" exit 1 } # Command to run. } -c* { if {! [ regexp .\[cC\](.+) $arg ignore command]} { incr i set command [ lindex $argv $i ] } set do_command 1 # Expect script to run. } -s* { if {! [ regexp .\[sS\](.+) $arg ignore sfile]} { incr i set sfile [ lindex $argv $i ] } if { ! [ file readable $sfile ] } { send_user "\nError: Can't read $sfile\n" exit 1 } set do_script 1 # save config on exit } -S* { set do_saveconfig 1 # cypher type } -y* { if {! [ regexp .\[eE\](.+) $arg ignore cypher]} { incr i set cypher [ lindex $argv $i ] } # alternate cloginrc file } -f* { if {! [ regexp .\[fF\](.+) $arg ignore password_file]} { incr i set password_file [ lindex $argv $i ] } } -t* { incr i set timeout [ lindex $argv $i ] } -x* { if {! [ regexp .\[xX\](.+) $arg ignore cmd_file]} { incr i set cmd_file [ lindex $argv $i ] } if [ catch {set cmd_fd [open $cmd_file r]} reason ] { send_user "\nError: $reason\n" exit 1 } set cmd_text [read $cmd_fd] close $cmd_fd set command [join [split $cmd_text \n] \;] set do_command 1 # Version string } -V* { send_user "rancid 2.3.6\n" exit 0 # Does tacacs automatically enable us? } -autoenable { # ignore autoenable } -* { send_user "\nError: Unknown argument! $arg\n" send_user $usage exit 1 } default { break } } } # Process firewalls...no firewalls listed is an error. if { $i == $argc } { send_user "\nError: $usage" } # Only be quiet if we are running a script (it can log its output # on its own) if { $do_script } { log_user 0 } else { log_user 1 } # # Done configuration/variable setting. Now run with it... # # Sets Xterm title if interactive...if its an xterm and the user cares proc label { host } { global env # if CLOGIN has an 'x' in it, don't set the xterm name/banner if [info exists env(CLOGIN)] { if {[string first "x" $env(CLOGIN)] != -1} { return } } # take host from ENV(TERM) if [info exists env(TERM)] { if [regexp \^(xterm|vs) $env(TERM) ignore ] { send_user "\033]1;[lindex [split $host "."] 0]\a" send_user "\033]2;$host\a" } } } # This is a helper function to make the password file easier to # maintain. Using this the password file has the form: # add password sl* pete cow # add password at* steve # add password * hanky-pie proc add {var args} { global int_$var ; lappend int_$var $args} proc include {args} { global env regsub -all "(^{|}$)" $args {} args if { [ regexp "^/" $args ignore ] == 0 } { set args $env(HOME)/$args } source_password_file $args } proc find {var router} { upvar int_$var list if { [info exists list] } { foreach line $list { if { [string match [lindex $line 0] $router ] } { return [lrange $line 1 end] } } } return {} } # Loads the password file. Note that as this file is tcl, and that # it is sourced, the user better know what to put in there, as it # could install more than just password info... I will assume however, # that a "bad guy" could just as easy put such code in the clogin # script, so I will leave .cloginrc as just an extention of that script proc source_password_file { password_file } { global env if { ! [file exists $password_file] } { send_user "\nError: password file ($password_file) does not exist\n" exit 1 } file stat $password_file fileinfo if { [expr ($fileinfo(mode) & 007)] != 0000 } { send_user "\nError: $password_file must not be world readable/writable\n" exit 1 } if [ catch {source $password_file} reason ] { send_user "\nError: $reason\n" exit 1 } } # Log into the firewall. # returns: 0 on success, 1 on failure proc login { router user userpswd passwd enapasswd prompt cmethod cyphertype } { global spawn_id in_proc do_command do_script sshcmd set in_proc 1 set uprompt_seen 0 # Telnet to the firewall & try to login. set progs [llength $cmethod] foreach prog [lrange $cmethod 0 end] { incr progs -1 if [string match "telnet*" $prog] { regexp {telnet(:([^[:space:]]+))*} $prog command suffix port if {"$port" == ""} { set retval [ catch {spawn telnet $router} reason ] } else { set retval [ catch {spawn telnet $router $port} reason ] } if { $retval } { send_user "\nError: telnet failed: $reason\n" return 1 } } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port if {"$port" == ""} { set cmd [join [lindex $sshcmd 0] " "] set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] } else { set cmd [join [lindex $sshcmd 0] " "] set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user -p $port $router" { }]} reason ] } if { $retval } { send_user "\nError: $sshcmd failed: $reason\n" return 1 } } elseif ![string compare $prog "rsh"] { send_error "\nError: unsupported method: rsh\n" if { $progs == 0 } { return 1 } continue; } else { send_user "\nError: unknown connection method: $prog\n" return 1 } sleep 0.3 # This helps cleanup each expect clause. expect_after { timeout { send_user "\nError: TIMEOUT reached\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } eof { send_user "\nError: EOF received\n" catch {close}; catch {wait}; if { $in_proc} { return 1 } else { continue } } } # Here we get a little tricky. There are several possibilities: # the firewall can ask for a username and passwd and then # talk to the TACACS server to authenticate you, or if the # TACACS server is not working, then it will use the enable # passwd. Or, the firewall might not have TACACS turned on, # then it will just send the passwd. # if telnet fails with connection refused, try ssh expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection Refused ($prog): $router\n" return 1 } } -re "(Connection closed by|Connection to \[^\n\r]+ closed)" { catch {close}; catch {wait}; if !$progs { send_user "\nError: Connection closed ($prog): $router\n" return 1 } } eof { send_user "\nError: Couldn't login: $router\n"; wait; return 1 } -nocase "unknown host\r" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } "Host is unreachable" { send_user "\nError: Host Unreachable: $router\n"; catch {close}; catch {wait}; return 1 } "No address associated with name" { send_user "\nError: Unknown host $router\n"; catch {close}; catch {wait}; return 1 } -re "(Host key not found |The authenticity of host .* be established).*\(yes\/no\)\?" { send "yes\r" send_user "\nHost $router added to the list of known hosts.\n" exp_continue } -re "HOST IDENTIFICATION HAS CHANGED.* \(yes\/no\)\?" { send "no\r" send_user "\nError: The host key for $router has changed. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "Offending key for .* \(yes\/no\)\?" { send "no\r" send_user "\nError: host key mismatch for $router. Update the SSH known_hosts file accordingly.\n" catch {close}; catch {wait}; return 1 } -re "(denied|Sorry)" { send_user "\nError: Check your passwd for $router\n" catch {close}; catch {wait}; return 1 } "Login failed" { send_user "\nError: Check your passwd for $router\n"; catch {close}; catch {wait}; return 1 } -re "\[Uu]ser\[nN]ame:" { sleep 1; send -- "$user\r" set uprompt_seen 1 exp_continue } -re "@\[^\r\n]+\[Pp]assword:" { # ssh pwd prompt sleep 1 send -- "$userpswd\r" exp_continue } "\[Pp]ass\[Ww]ord:" { sleep 1; if {$uprompt_seen == 1} { send -- "$userpswd\r" } else { send -- "$passwd\r" } exp_continue } -- "$prompt" { break; } } } set in_proc 0 return 0 } # Run commands given on the command line. proc run_commands { prompt command } { global in_proc set in_proc 1 # Disable output paging. send -- "disable clipaging\r" expect -re $prompt; set commands [split $command \;] set num_commands [llength $commands] for {set i 0} {$i < $num_commands} { incr i} { send -- "[subst [lindex $commands $i]]\r" # send_user "**************** [subst [lindex $commands $i]] ************\n" expect { -re "$prompt" { send "\r" sleep 0.5 } -re "All " { send "a" exp_continue -re "\[\n\r]+" { exp_continue } } } } # send_user "******* fuori da ciclo for *******\n" expect { -re "$prompt$" { send "logout\r" sleep 0.5 exp_continue } -re "\[\n\r]+" { exp_continue } -gl "Configuration modified, save?" { send "n\r" exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } } set in_proc 0 } # # For each firewall... (this is main loop) # source_password_file $password_file set in_proc 0 set exitval 0 foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" # FortiOS 2.x prompts can end in either '#' or '$' set prompt "\[#\\$]" # Figure out passwords if { $do_passwd || $do_enapasswd } { set pswd [find password $router] if { [llength $pswd] == 0 } { send_user "\nError: no password for $router in $password_file.\n" continue } set passwd [join [lindex $pswd 0] ""] set enapasswd [join [lindex $pswd 1] ""] } else { set passwd $userpasswd set enapasswd $enapasswd } # Figure out username if {[info exists username]} { # command line username set ruser $username } else { set ruser [join [find user $router] ""] if { "$ruser" == "" } { set ruser $default_user } } # Figure out username's password (if different from the vty password) if {[info exists userpasswd]} { # command line username set userpswd $userpasswd } else { set userpswd [join [find userpassword $router] ""] if { "$userpswd" == "" } { set userpswd $passwd } } # Figure out cypher type if {[info exists cypher]} { # command line cypher type set cyphertype $cypher } else { set cyphertype [find cyphertype $router] if { "$cyphertype" == "" } { set cyphertype "3des" } } # Figure out connection method set cmethod [find method $router] if { "$cmethod" == "" } { set cmethod {{telnet} {ssh}} } # Figure out the SSH executable name set sshcmd [find sshcmd $router] if { "$sshcmd" == "" } { set sshcmd {ssh} } # Login to the router if {[login $router $ruser $userpswd $passwd $enapasswd $prompt $cmethod $cyphertype]} { incr exitval continue } # we are logged in, now figure out the full prompt based on what the device sends us. send "\r" expect { -re "\[\r\n]+" { exp_continue; } -re "^(.+$prompt)" { set junk $expect_out(0,string); } if {[$junk = "(^\\$ $)"]} { set prompt $junk; } else { if {[$junk = "(^# $)"]} { set prompt $junk ; } }; } if { $do_command } { if {[run_commands $prompt $command]} { incr exitval continue } } elseif { $do_script } { # Disable output paging. send "config system console\r" send "set output standard\r" send "end\r" expect -re $prompt {} source $sfile catch {close}; } else { label $router log_user 1 interact } # End of for each firewall catch {wait}; sleep 0.3 } exit $exitval From rwest at zyedge.com Tue Mar 8 12:45:34 2011 From: rwest at zyedge.com (Ryan West) Date: Tue, 8 Mar 2011 12:45:34 +0000 Subject: [rancid] FWSM compatibility In-Reply-To: References: Message-ID: <5DC4853C6CC3EE4788779E0726E034DD7B999D@zy-ex1.zyedge.local> Yes. I use it for a switch cluster where I only have access to the commander: add method cust-sw2 {usercmd} add usercmd cust-sw2 {clogin} {cust-sw1} add usercmd_chat cust-sw2 {cust-sw1#} {rco 1\r} {cust-sw2#} {\r} All of your normal cloginrc rules applies to cust-sw1. Once clogin sees the cust-sw2# prompt, data collection begins for that device. Router.db contains the entry for both cust-sw1:cisco:up and cust-sw2:cisco:up. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Tuesday, March 08, 2011 6:47 AM To: Jim?nez Fern?ndez, Mikel; Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility It works!! add method fwbt {usercmd} add usercmd fwbt {clogin} {-u} {mike} {-p} {pas} {-e} {pass} {172.24.133.40} add usercmd_chat fwbt {fwcat1/admin#} {changeto context fwBT\r} {fwcat1/fwBT#} {sh run\r} :) And now, this is possible to integrate with Rancid for making backups ? ________________________________ De: Jim?nez Fern?ndez, Mikel Enviado el: martes, 08 de marzo de 2011 12:21 Para: 'Ryan West'; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Hello, I have succesfully patched but I have some questions... My intention is to login like a typical Cisco device and inside it, run commands (usercmd_chat may be...) but the login mode, what should be ? I have to do "enable" and type the password... I can not use the "ssh" method ? Can I use SSH method and then call usercmd-chat or what is the recomendation ? In the patch example I can see "add usercmd host {ssh} {-t} {-p 1234} {command ???}" but what happen with password and "enable ? Thanks and I hope I will solve it with your help guys!! Thanks in advance. ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 18:03 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Just edit clogin in the bin directory to add the patch. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:57 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.jimenez at ibermatica.com Tue Mar 8 12:57:11 2011 From: m.jimenez at ibermatica.com (=?iso-8859-1?Q?Jim=E9nez_Fern=E1ndez=2C_Mikel?=) Date: Tue, 8 Mar 2011 13:57:11 +0100 Subject: [rancid] FWSM compatibility In-Reply-To: <5DC4853C6CC3EE4788779E0726E034DD7B999D@zy-ex1.zyedge.local> Message-ID: Thanks Ryan for your help! It works great! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: martes, 08 de marzo de 2011 13:46 Para: Jim?nez Fern?ndez, Mikel; Ryan West; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Yes. I use it for a switch cluster where I only have access to the commander: add method cust-sw2 {usercmd} add usercmd cust-sw2 {clogin} {cust-sw1} add usercmd_chat cust-sw2 {cust-sw1#} {rco 1\r} {cust-sw2#} {\r} All of your normal cloginrc rules applies to cust-sw1. Once clogin sees the cust-sw2# prompt, data collection begins for that device. Router.db contains the entry for both cust-sw1:cisco:up and cust-sw2:cisco:up. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Tuesday, March 08, 2011 6:47 AM To: Jim?nez Fern?ndez, Mikel; Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility It works!! add method fwbt {usercmd} add usercmd fwbt {clogin} {-u} {mike} {-p} {pas} {-e} {pass} {172.24.133.40} add usercmd_chat fwbt {fwcat1/admin#} {changeto context fwBT\r} {fwcat1/fwBT#} {sh run\r} :) And now, this is possible to integrate with Rancid for making backups ? ________________________________ De: Jim?nez Fern?ndez, Mikel Enviado el: martes, 08 de marzo de 2011 12:21 Para: 'Ryan West'; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Hello, I have succesfully patched but I have some questions... My intention is to login like a typical Cisco device and inside it, run commands (usercmd_chat may be...) but the login mode, what should be ? I have to do "enable" and type the password... I can not use the "ssh" method ? Can I use SSH method and then call usercmd-chat or what is the recomendation ? In the patch example I can see "add usercmd host {ssh} {-t} {-p 1234} {command ???}" but what happen with password and "enable ? Thanks and I hope I will solve it with your help guys!! Thanks in advance. ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 18:03 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility Just edit clogin in the bin directory to add the patch. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:57 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility So I have to download the source code, patch, compile and it should work ? Thanks! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:43 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html It's a small patch to clogin, but still works in 2.3.6. -ryan From: Jim?nez Fern?ndez, Mikel [mailto:m.jimenez at ibermatica.com] Sent: Wednesday, March 02, 2011 11:28 AM To: Ryan West; rancid-discuss at shrubbery.net Subject: RE: FWSM compatibility What do you want to say with "command / chat" ? I have to use admin context and "jump" from it... Thanks!! ________________________________ De: Ryan West [mailto:rwest at zyedge.com] Enviado el: mi?rcoles, 02 de marzo de 2011 17:26 Para: Jim?nez Fern?ndez, Mikel; rancid-discuss at shrubbery.net Asunto: RE: FWSM compatibility User command / chat might do the trick for you, or create a management interface for the contexts and back them as normal firewalls. -ryan From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Jim?nez Fern?ndez, Mikel Sent: Wednesday, March 02, 2011 11:06 AM To: rancid-discuss at shrubbery.net Subject: [rancid] FWSM compatibility Hi! First of all, I have to say that I have read numerous of forums before asking here anything. I want to backup Cisco FWSM 3.x and 4.x contexts configurations. Is possible with actual Rancid/Clogin ? Actually I define a file with the commands, but when I change from admin context to fwlearning2 context, the session get "stalled", here the output. [rancid at jazznetmon rancid]$ clogin -x file -u mike -p "kikoko" -e kikoko 172.24.133.40 172.24.133.40 spawn ssh -c 3des -x -l mike 172.24.133.40 mike at 172.24.133.40's password: ********************************************* FWSM - FIREWALL SERVICES MODULE Dtpo. COMUNICACIONES IBERMATICA 913849100 ********************************************* Type help or '?' for a list of available commands. fwcat1/admin> enable Password: ****** fwcat1/admin# fwcat1/admin# terminal length 0 ^ ERROR: % Invalid input detected at '^' marker. fwcat1/admin# changeto context fwelearning2 -- "(stalled....) And here the file with the commands: [rancid at jazznetmon ~]$ cat file changeto context fwelearning2 config t sh run I doesn?t work to run commands inside another context... Any ideas ? Thanks!! Mikel Jimenez Fernandez Departamento de Comunicaciones Ibermatica Tlf: 91 384 9100 ext 7561 Camino de Hormigueras, 172 28031 MADRID -------------- next part -------------- An HTML attachment was scrubbed... URL: From bigbeerjr at gmail.com Tue Mar 15 19:43:07 2011 From: bigbeerjr at gmail.com (big beer) Date: Tue, 15 Mar 2011 12:43:07 -0700 Subject: [rancid] Cisco MDS/NX-OS timestamp in show command Message-ID: Hi List, I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. everything works as expected except one little problem. My switches are printing out a nice little banner with the timestamp whenever show run is ran. Obviously this is a problem, and my diffs end up looking like the following. ! !DEBUG: % Permission denied !Command: show running-config - !Time: Tue Mar 15 18:01:13 2011 + !Time: Tue Mar 15 19:01:13 2011 version 5.0(1a) no feature http-server I found the thread in the list archives about suppressing the time stamp out by editing the DoNothing() command to run no exec prompt timestamp, but I think that is for a different type of timestamp, as I made the change but I still get the timestamp. I can't even run no exec prompt timestamp on the switch either. Anyone have any experience and/or idea on where I should be focusing to remove these timestamps? Thanks! -- BigBeer From corey at sequestered.net Tue Mar 15 21:53:30 2011 From: corey at sequestered.net (Corey Quinn) Date: Tue, 15 Mar 2011 14:53:30 -0700 Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Toss this into the appropriate place: /!Time:/ && next; - -- Corey / KB1JWQ On Mar 15, 2011, at 12:43 PM, big beer wrote: > Hi List, > > I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. > everything works as expected except one little problem. My switches > are printing out a nice little banner with the timestamp whenever show > run is ran. > > Obviously this is a problem, and my diffs end up looking like the following. > ! > !DEBUG: % Permission denied > !Command: show running-config > - !Time: Tue Mar 15 18:01:13 2011 > + !Time: Tue Mar 15 19:01:13 2011 > > version 5.0(1a) > no feature http-server > > > I found the thread in the list archives about suppressing the time > stamp out by editing the DoNothing() command to run no exec prompt > timestamp, but I think that is for a different type of timestamp, as I > made the change but I still get the timestamp. I can't even run no > exec prompt timestamp on the switch either. > > Anyone have any experience and/or idea on where I should be focusing > to remove these timestamps? > > Thanks! > > -- > BigBeer > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= =XqjC -----END PGP SIGNATURE----- From corey at sequestered.net Wed Mar 16 19:19:45 2011 From: corey at sequestered.net (Corey Quinn) Date: Wed, 16 Mar 2011 12:19:45 -0700 Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: <1546520524.1541969.1300302093930.JavaMail.root@slcitmail01> References: <1546520524.1541969.1300302093930.JavaMail.root@slcitmail01> Message-ID: Get the trailing space out of there and retest please... On Mar 16, 2011, at 12:01 PM, Daniel Chen wrote: > I threw the following patterns and it doesn't appear to be able to catch it in the nxrancid 2.3.6 tar release > /^.Time: / && next; # kill this junk > /^!Time: / && next; > /^#Time: / && next; > /!Time: / && next; > > So every run generates email and cvs check-in: > !Command: show running-config > - !Time: Wed Mar 16 11:37:57 2011 > + !Time: Wed Mar 16 11:53:28 2011 > > > > > From: "Corey Quinn" > To: "big beer" > Cc: rancid-discuss at shrubbery.net > Sent: Tuesday, March 15, 2011 5:53:30 PM > Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Toss this into the appropriate place: > > /!Time:/ && next; > > - -- Corey / KB1JWQ > On Mar 15, 2011, at 12:43 PM, big beer wrote: > > > Hi List, > > > > I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. > > everything works as expected except one little problem. My switches > > are printing out a nice little banner with the timestamp whenever show > > run is ran. > > > > Obviously this is a problem, and my diffs end up looking like the following. > > ! > > !DEBUG: % Permission denied > > !Command: show running-config > > - !Time: Tue Mar 15 18:01:13 2011 > > + !Time: Tue Mar 15 19:01:13 2011 > > > > version 5.0(1a) > > no feature http-server > > > > > > I found the thread in the list archives about suppressing the time > > stamp out by editing the DoNothing() command to run no exec prompt > > timestamp, but I think that is for a different type of timestamp, as I > > made the change but I still get the timestamp. I can't even run no > > exec prompt timestamp on the switch either. > > > > Anyone have any experience and/or idea on where I should be focusing > > to remove these timestamps? > > > > Thanks! > > > > -- > > BigBeer > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > > iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG > /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC > zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk > E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 > 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX > Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= > =XqjC > -----END PGP SIGNATURE----- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bigbeerjr at gmail.com Wed Mar 16 19:34:21 2011 From: bigbeerjr at gmail.com (big beer) Date: Wed, 16 Mar 2011 12:34:21 -0700 Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: References: <1546520524.1541969.1300302093930.JavaMail.root@slcitmail01> Message-ID: Dang, I didn't make sure to reply back to the list... The end fix for me was what Corey is suggesting. + /^!Time:/ && next; Thanks all! On Wed, Mar 16, 2011 at 12:19 PM, Corey Quinn wrote: > Get the trailing space out of there and retest please... > > On Mar 16, 2011, at 12:01 PM, Daniel Chen wrote: > > I threw the following patterns and it doesn't appear to be able to catch it > in the nxrancid 2.3.6 tar release > ??????? /^.Time: /????????????? && next; # kill this junk > ??????? /^!Time: /????????????? && next; > ??????? /^#Time: /????????????? && next; > ??????? /!Time: /?????????????? && next; > > So every run generates email and cvs check-in: > ? !Command: show running-config > - !Time: Wed Mar 16 11:37:57 2011 > + !Time: Wed Mar 16 11:53:28 2011 > > > > > ________________________________ > From: "Corey Quinn" > To: "big beer" > Cc: rancid-discuss at shrubbery.net > Sent: Tuesday, March 15, 2011 5:53:30 PM > Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Toss this into the appropriate place: > > /!Time:/ && next; > > - -- Corey / KB1JWQ > On Mar 15, 2011, at 12:43 PM, big beer wrote: > >> Hi List, >> >> I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. >> everything works as expected except one little problem. My switches >> are printing out a nice little banner with the timestamp whenever show >> run is ran. >> >> Obviously this is a problem, and my diffs end up looking like the >> following. >> ! >> !DEBUG: % Permission denied >> !Command: show running-config >> - !Time: Tue Mar 15 18:01:13 2011 >> + !Time: Tue Mar 15 19:01:13 2011 >> >> version 5.0(1a) >> no feature http-server >> >> >> I found the thread in the list archives about suppressing the time >> stamp out by editing the DoNothing() command to run no exec prompt >> timestamp, but I think that is for a different type of timestamp, as I >> made the change but I still get the timestamp. I can't even run no >> exec prompt timestamp on the switch either. >> >> Anyone have any experience and/or idea on where I should be focusing >> to remove these timestamps? >> >> Thanks! >> >> -- >> BigBeer >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > > iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG > /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC > zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk > E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 > 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX > Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= > =XqjC > -----END PGP SIGNATURE----- > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > From danielc at mozy.com Wed Mar 16 19:01:33 2011 From: danielc at mozy.com (Daniel Chen) Date: Wed, 16 Mar 2011 13:01:33 -0600 (MDT) Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: Message-ID: <1546520524.1541969.1300302093930.JavaMail.root@slcitmail01> I threw the following patterns and it doesn't appear to be able to catch it in the nxrancid 2.3.6 tar release /^.Time: / && next; # kill this junk /^!Time: / && next; /^#Time: / && next; /!Time: / && next; So every run generates email and cvs check-in: !Command: show running-config - !Time: Wed Mar 16 11:37:57 2011 + !Time: Wed Mar 16 11:53:28 2011 ----- Original Message ----- From: "Corey Quinn" To: "big beer" Cc: rancid-discuss at shrubbery.net Sent: Tuesday, March 15, 2011 5:53:30 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Toss this into the appropriate place: /!Time:/ && next; - -- Corey / KB1JWQ On Mar 15, 2011, at 12:43 PM, big beer wrote: > Hi List, > > I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. > everything works as expected except one little problem. My switches > are printing out a nice little banner with the timestamp whenever show > run is ran. > > Obviously this is a problem, and my diffs end up looking like the following. > ! > !DEBUG: % Permission denied > !Command: show running-config > - !Time: Tue Mar 15 18:01:13 2011 > + !Time: Tue Mar 15 19:01:13 2011 > > version 5.0(1a) > no feature http-server > > > I found the thread in the list archives about suppressing the time > stamp out by editing the DoNothing() command to run no exec prompt > timestamp, but I think that is for a different type of timestamp, as I > made the change but I still get the timestamp. I can't even run no > exec prompt timestamp on the switch either. > > Anyone have any experience and/or idea on where I should be focusing > to remove these timestamps? > > Thanks! > > -- > BigBeer > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= =XqjC -----END PGP SIGNATURE----- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at mozy.com Wed Mar 16 19:33:11 2011 From: danielc at mozy.com (Daniel Chen) Date: Wed, 16 Mar 2011 13:33:11 -0600 (MDT) Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: Message-ID: <458123308.1542421.1300303991601.JavaMail.root@slcitmail01> I removed the trailing space after the colon before the slash. I am still getting the Time line. - !Time: Wed Mar 16 11:53:28 2011 + !Time: Wed Mar 16 12:19:52 2011 /^.Time:/ && next; # kill this junk /^!Time:/ && next; /^#Time:/ && next; /!Time:/ && next; I don't know why this section of code doesn't seem to be hit in the WriteTerm routine within nxrancid. Thanks, Daniel ----- Original Message ----- From: "Corey Quinn" To: "Daniel Chen" Cc: rancid-discuss at shrubbery.net, "big beer" Sent: Wednesday, March 16, 2011 3:19:45 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command Get the trailing space out of there and retest please... On Mar 16, 2011, at 12:01 PM, Daniel Chen < danielc at mozy.com > wrote: I threw the following patterns and it doesn't appear to be able to catch it in the nxrancid 2.3.6 tar release /^.Time: / && next; # kill this junk /^!Time: / && next; /^#Time: / && next; /!Time: / && next; So every run generates email and cvs check-in: !Command: show running-config - !Time: Wed Mar 16 11:37:57 2011 + !Time: Wed Mar 16 11:53:28 2011 ----- Original Message ----- From: "Corey Quinn" < corey at sequestered.net > To: "big beer" < bigbeerjr at gmail.com > Cc: rancid-discuss at shrubbery.net Sent: Tuesday, March 15, 2011 5:53:30 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Toss this into the appropriate place: /!Time:/ && next; - -- Corey / KB1JWQ On Mar 15, 2011, at 12:43 PM, big beer wrote: > Hi List, > > I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. > everything works as expected except one little problem. My switches > are printing out a nice little banner with the timestamp whenever show > run is ran. > > Obviously this is a problem, and my diffs end up looking like the following. > ! > !DEBUG: % Permission denied > !Command: show running-config > - !Time: Tue Mar 15 18:01:13 2011 > + !Time: Tue Mar 15 19:01:13 2011 > > version 5.0(1a) > no feature http-server > > > I found the thread in the list archives about suppressing the time > stamp out by editing the DoNothing() command to run no exec prompt > timestamp, but I think that is for a different type of timestamp, as I > made the change but I still get the timestamp. I can't even run no > exec prompt timestamp on the switch either. > > Anyone have any experience and/or idea on where I should be focusing > to remove these timestamps? > > Thanks! > > -- > BigBeer > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= =XqjC -----END PGP SIGNATURE----- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From danielc at mozy.com Wed Mar 16 20:06:38 2011 From: danielc at mozy.com (Daniel Chen) Date: Wed, 16 Mar 2011 14:06:38 -0600 (MDT) Subject: [rancid] Cisco MDS/NX-OS timestamp in show command In-Reply-To: <458123308.1542421.1300303991601.JavaMail.root@slcitmail01> Message-ID: <1411325743.1543173.1300305998384.JavaMail.root@slcitmail01> My bad. I had added code to the rancid-fe to use wrappers so that it didn't call nxrancid but some other cisco related module probably plain rancid. ----- Original Message ----- From: "Daniel Chen" To: "Corey Quinn" Cc: rancid-discuss at shrubbery.net Sent: Wednesday, March 16, 2011 3:33:11 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command I removed the trailing space after the colon before the slash. I am still getting the Time line. - !Time: Wed Mar 16 11:53:28 2011 + !Time: Wed Mar 16 12:19:52 2011 /^.Time:/ && next; # kill this junk /^!Time:/ && next; /^#Time:/ && next; /!Time:/ && next; I don't know why this section of code doesn't seem to be hit in the WriteTerm routine within nxrancid. Thanks, Daniel ----- Original Message ----- From: "Corey Quinn" To: "Daniel Chen" Cc: rancid-discuss at shrubbery.net, "big beer" Sent: Wednesday, March 16, 2011 3:19:45 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command Get the trailing space out of there and retest please... On Mar 16, 2011, at 12:01 PM, Daniel Chen < danielc at mozy.com > wrote: I threw the following patterns and it doesn't appear to be able to catch it in the nxrancid 2.3.6 tar release /^.Time: / && next; # kill this junk /^!Time: / && next; /^#Time: / && next; /!Time: / && next; So every run generates email and cvs check-in: !Command: show running-config - !Time: Wed Mar 16 11:37:57 2011 + !Time: Wed Mar 16 11:53:28 2011 ----- Original Message ----- From: "Corey Quinn" < corey at sequestered.net > To: "big beer" < bigbeerjr at gmail.com > Cc: rancid-discuss at shrubbery.net Sent: Tuesday, March 15, 2011 5:53:30 PM Subject: Re: [rancid] Cisco MDS/NX-OS timestamp in show command -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Toss this into the appropriate place: /!Time:/ && next; - -- Corey / KB1JWQ On Mar 15, 2011, at 12:43 PM, big beer wrote: > Hi List, > > I'm running rancid 2.3.6 against a pair of cisco mds fiber switches. > everything works as expected except one little problem. My switches > are printing out a nice little banner with the timestamp whenever show > run is ran. > > Obviously this is a problem, and my diffs end up looking like the following. > ! > !DEBUG: % Permission denied > !Command: show running-config > - !Time: Tue Mar 15 18:01:13 2011 > + !Time: Tue Mar 15 19:01:13 2011 > > version 5.0(1a) > no feature http-server > > > I found the thread in the list archives about suppressing the time > stamp out by editing the DoNothing() command to run no exec prompt > timestamp, but I think that is for a different type of timestamp, as I > made the change but I still get the timestamp. I can't even run no > exec prompt timestamp on the switch either. > > Anyone have any experience and/or idea on where I should be focusing > to remove these timestamps? > > Thanks! > > -- > BigBeer > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNf9/aAAoJEPmSS8816iBeG8AH/1COVliS6zr8yBDgMF+IowNG /vDQonWt9tjnjDlCq1TBe13fSwGJISjbQkhPLiCBwAf/+b3xqLh9nykklMwVkuCC zZYdBvGekcjQYI8vGDo9fAsMhqPD8n5lNrbTlJ42yCbvz6q5chu8XTMxFVLzoRtk E+tI7ZjkyNOkU8VUMHLFeuEFZ7R821XrS/FxDFxrQxCXwnz6eqLMqrZ9TzWsYus2 9Oyog9WezIl7vb1tidQXmNGxnAcUJyFnVUwi4DmqcNmJhgNEJFuiHZlCyMrtsPHX Nq2RNd9uDo+Pr9Jr5Naa+dZMcFnV6IaM/dqDWfSNktLekTUQ+ahzzqce1eiz6vk= =XqjC -----END PGP SIGNATURE----- _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From Joost.Eijgenbrood at imc.nl Fri Mar 18 15:23:06 2011 From: Joost.Eijgenbrood at imc.nl (Joost Eijgenbrood) Date: Fri, 18 Mar 2011 15:23:06 +0000 Subject: [rancid] Routing table Message-ID: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> Hi, I would like to start monitoring our routing table for changes. I found some instructions related to Rancid v2.3.1, but for some reason I cannot get it to work with my current version 2.3.6. Not sure what's going on, but I must admit I'm not an expert on this topic. Is someone able to provide me with the config-changes necessary to be able to include a "show ip route" in each run? Thanks! Joost ________________________________ The information in this e-mail is intended only for the person or entity to which it is addressed. It may contain confidential and /or privileged material. If someone other than the intended recipient should receive this e-mail, he / she shall not be entitled to read, disseminate, disclose or duplicate it. If you receive this e-mail unintentionally, please inform us immediately by "reply" and then delete it from your system. Although this information has been compiled with great care, neither IMC Financial Markets & Asset Management nor any of its related entities shall accept any responsibility for any errors, omissions or other inaccuracies in this information or for the consequences thereof, nor shall it be bound in any way by the contents of this e-mail or its attachments. In the event of incomplete or incorrect transmission, please return the e-mail to the sender and permanently delete this message and any attachments. Messages and attachments are scanned for all known viruses. Always scan attachments before opening them. From cgauthier at mapscu.com Fri Mar 18 15:56:54 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 18 Mar 2011 08:56:54 -0700 Subject: [rancid] Routing table In-Reply-To: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> Message-ID: This is an interesting idea I had not considered before. I might also be interested in this "feature". Chris > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood > Sent: Friday, March 18, 2011 8:23 AM > To: rancid-discuss at shrubbery.net > Subject: [rancid] Routing table > > Hi, > > I would like to start monitoring our routing table for changes. I found some > instructions related to Rancid v2.3.1, but for some reason I cannot get it to work > with my current version 2.3.6. Not sure what's going on, but I must admit I'm > not an expert on this topic. > > Is someone able to provide me with the config-changes necessary to be able to > include a "show ip route" in each run? > > Thanks! > Joost > > ________________________________ > > The information in this e-mail is intended only for the person or entity to which > it is addressed. > > It may contain confidential and /or privileged material. If someone other than > the intended recipient should receive this e-mail, he / she shall not be entitled to > read, disseminate, disclose or duplicate it. > > If you receive this e-mail unintentionally, please inform us immediately by > "reply" and then delete it from your system. Although this information has been > compiled with great care, neither IMC Financial Markets & Asset Management > nor any of its related entities shall accept any responsibility for any errors, > omissions or other inaccuracies in this information or for the consequences > thereof, nor shall it be bound in any way by the contents of this e-mail or its > attachments. In the event of incomplete or incorrect transmission, please return > the e-mail to the sender and permanently delete this message and any > attachments. > > Messages and attachments are scanned for all known viruses. Always scan > attachments before opening them. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From jethro.binks at strath.ac.uk Fri Mar 18 16:06:49 2011 From: jethro.binks at strath.ac.uk (Jethro R Binks) Date: Fri, 18 Mar 2011 16:06:49 +0000 (GMT) Subject: [rancid] Routing table In-Reply-To: References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> Message-ID: On Fri, 18 Mar 2011, Chris Gauthier wrote: > This is an interesting idea I had not considered before. I might also > be interested in this "feature". I do this for h3crancid. However, I need to arrange for it to be sorted, as the order tends to change sometimes causing unnecessary updates (OSPF campus environment). However, I suspect a knob is needed for the end user to be able to turn it on or off, as some people definitely won't want this, especially if they are in an environment where the routes are unstable for whatever reason. Rancid's probably not the best tool in that case. J. > > Chris > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood > > Sent: Friday, March 18, 2011 8:23 AM > > To: rancid-discuss at shrubbery.net > > Subject: [rancid] Routing table > > > > Hi, > > > > I would like to start monitoring our routing table for changes. I found some > > instructions related to Rancid v2.3.1, but for some reason I cannot get it to work > > with my current version 2.3.6. Not sure what's going on, but I must admit I'm > > not an expert on this topic. > > > > Is someone able to provide me with the config-changes necessary to be able to > > include a "show ip route" in each run? > > > > Thanks! > > Joost > > > > ________________________________ > > > > The information in this e-mail is intended only for the person or entity to which > > it is addressed. > > > > It may contain confidential and /or privileged material. If someone other than > > the intended recipient should receive this e-mail, he / she shall not be entitled to > > read, disseminate, disclose or duplicate it. > > > > If you receive this e-mail unintentionally, please inform us immediately by > > "reply" and then delete it from your system. Although this information has been > > compiled with great care, neither IMC Financial Markets & Asset Management > > nor any of its related entities shall accept any responsibility for any errors, > > omissions or other inaccuracies in this information or for the consequences > > thereof, nor shall it be bound in any way by the contents of this e-mail or its > > attachments. In the event of incomplete or incorrect transmission, please return > > the e-mail to the sender and permanently delete this message and any > > attachments. > > > > Messages and attachments are scanned for all known viruses. Always scan > > attachments before opening them. > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > . . . . . . . . . . . . . . . . . . . . . . . . . Jethro R Binks, Network Manager, Information Services Directorate, University Of Strathclyde, Glasgow, UK The University of Strathclyde is a charitable body, registered in Scotland, number SC015263. From nick at buraglio.com Fri Mar 18 16:27:40 2011 From: nick at buraglio.com (Nick Buraglio) Date: Fri, 18 Mar 2011 11:27:40 -0500 Subject: [rancid] Routing table In-Reply-To: References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> Message-ID: <-2748399343952507712@unknownmsgid> We are doing this with our regional network using some simple scripts and svn. I've often considered rolling this into our rancid install and pushed it deeper into campuses. Is this something others may want? -- nb On Mar 18, 2011, at 11:07 AM, Jethro R Binks wrote: > On Fri, 18 Mar 2011, Chris Gauthier wrote: > >> This is an interesting idea I had not considered before. I might also >> be interested in this "feature". > > I do this for h3crancid. However, I need to arrange for it to be sorted, > as the order tends to change sometimes causing unnecessary updates (OSPF > campus environment). > > However, I suspect a knob is needed for the end user to be able to turn it > on or off, as some people definitely won't want this, especially if they > are in an environment where the routes are unstable for whatever reason. > Rancid's probably not the best tool in that case. > > J. > > >> >> Chris >> >>> -----Original Message----- >>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood >>> Sent: Friday, March 18, 2011 8:23 AM >>> To: rancid-discuss at shrubbery.net >>> Subject: [rancid] Routing table >>> >>> Hi, >>> >>> I would like to start monitoring our routing table for changes. I found some >>> instructions related to Rancid v2.3.1, but for some reason I cannot get it to work >>> with my current version 2.3.6. Not sure what's going on, but I must admit I'm >>> not an expert on this topic. >>> >>> Is someone able to provide me with the config-changes necessary to be able to >>> include a "show ip route" in each run? >>> >>> Thanks! >>> Joost >>> >>> ________________________________ >>> >>> The information in this e-mail is intended only for the person or entity to which >>> it is addressed. >>> >>> It may contain confidential and /or privileged material. If someone other than >>> the intended recipient should receive this e-mail, he / she shall not be entitled to >>> read, disseminate, disclose or duplicate it. >>> >>> If you receive this e-mail unintentionally, please inform us immediately by >>> "reply" and then delete it from your system. Although this information has been >>> compiled with great care, neither IMC Financial Markets & Asset Management >>> nor any of its related entities shall accept any responsibility for any errors, >>> omissions or other inaccuracies in this information or for the consequences >>> thereof, nor shall it be bound in any way by the contents of this e-mail or its >>> attachments. In the event of incomplete or incorrect transmission, please return >>> the e-mail to the sender and permanently delete this message and any >>> attachments. >>> >>> Messages and attachments are scanned for all known viruses. Always scan >>> attachments before opening them. >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >> CONFIDENTIALITY NOTICE >> Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > . . . . . . . . . . . . . . . . . . . . . . . . . > Jethro R Binks, Network Manager, > Information Services Directorate, University Of Strathclyde, Glasgow, UK > > The University of Strathclyde is a charitable body, registered in > Scotland, number SC015263. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From hvgeekwtrvl at gmail.com Fri Mar 18 16:45:28 2011 From: hvgeekwtrvl at gmail.com (james machado) Date: Fri, 18 Mar 2011 09:45:28 -0700 Subject: [rancid] Routing table In-Reply-To: <-2748399343952507712@unknownmsgid> References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> <-2748399343952507712@unknownmsgid> Message-ID: This would be a very nice thing to be able to do. I would be very interested in this. James On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio wrote: > We are doing this with our regional network using some simple scripts > and svn. I've often considered rolling this into our rancid install > and pushed it deeper into campuses. Is this something others may want? > > > -- > nb > > On Mar 18, 2011, at 11:07 AM, Jethro R Binks wrote: > >> On Fri, 18 Mar 2011, Chris Gauthier wrote: >> >>> This is an interesting idea I had not considered before. ?I might also >>> be interested in this "feature". >> >> I do this for h3crancid. ?However, I need to arrange for it to be sorted, >> as the order tends to change sometimes causing unnecessary updates (OSPF >> campus environment). >> >> However, I suspect a knob is needed for the end user to be able to turn it >> on or off, as some people definitely won't want this, especially if they >> are in an environment where the routes are unstable for whatever reason. >> Rancid's probably not the best tool in that case. >> >> J. >> >> >>> >>> Chris >>> >>>> -----Original Message----- >>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood >>>> Sent: Friday, March 18, 2011 8:23 AM >>>> To: rancid-discuss at shrubbery.net >>>> Subject: [rancid] Routing table >>>> >>>> Hi, >>>> >>>> I would like to start monitoring our routing table for changes. I found some >>>> instructions related to Rancid v2.3.1, but for some reason I cannot get it to work >>>> with my current version 2.3.6. Not sure what's going on, but I must admit I'm >>>> not an expert on this topic. >>>> >>>> Is someone able to provide me with the config-changes necessary to be able to >>>> include a "show ip route" in each run? >>>> >>>> Thanks! >>>> Joost >>>> >>>> ________________________________ >>>> >>>> The information in this e-mail is intended only for the person or entity to which >>>> it is addressed. >>>> >>>> It may contain confidential and /or privileged material. If someone other than >>>> the intended recipient should receive this e-mail, he / she shall not be entitled to >>>> read, disseminate, disclose or duplicate it. >>>> >>>> If you receive this e-mail unintentionally, please inform us immediately by >>>> "reply" and then delete it from your system. Although this information has been >>>> compiled with great care, neither IMC Financial Markets & Asset Management >>>> nor any of its related entities shall accept any responsibility for any errors, >>>> omissions or other inaccuracies in this information or for the consequences >>>> thereof, nor shall it be bound in any way by the contents of this e-mail or its >>>> attachments. In the event of incomplete or incorrect transmission, please return >>>> the e-mail to the sender and permanently delete this message and any >>>> attachments. >>>> >>>> Messages and attachments are scanned for all known viruses. Always scan >>>> attachments before opening them. >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >>> CONFIDENTIALITY NOTICE >>> Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> >> . ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. ?. >> Jethro R Binks, Network Manager, >> Information Services Directorate, University Of Strathclyde, Glasgow, UK >> >> The University of Strathclyde is a charitable body, registered in >> Scotland, number SC015263. >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From nick at buraglio.com Fri Mar 18 16:51:22 2011 From: nick at buraglio.com (Nick Buraglio) Date: Fri, 18 Mar 2011 11:51:22 -0500 Subject: [rancid] Routing table In-Reply-To: References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> <-2748399343952507712@unknownmsgid> Message-ID: <2509954013772127446@unknownmsgid> Ok. I'll add it to my to-do list. -- nb On Mar 18, 2011, at 11:45 AM, james machado wrote: > This would be a very nice thing to be able to do. I would be very > interested in this. > > James > > On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio wrote: >> We are doing this with our regional network using some simple scripts >> and svn. I've often considered rolling this into our rancid install >> and pushed it deeper into campuses. Is this something others may want? >> >> >> -- >> nb >> >> On Mar 18, 2011, at 11:07 AM, Jethro R Binks wrote: >> >>> On Fri, 18 Mar 2011, Chris Gauthier wrote: >>> >>>> This is an interesting idea I had not considered before. I might also >>>> be interested in this "feature". >>> >>> I do this for h3crancid. However, I need to arrange for it to be sorted, >>> as the order tends to change sometimes causing unnecessary updates (OSPF >>> campus environment). >>> >>> However, I suspect a knob is needed for the end user to be able to turn it >>> on or off, as some people definitely won't want this, especially if they >>> are in an environment where the routes are unstable for whatever reason. >>> Rancid's probably not the best tool in that case. >>> >>> J. >>> >>> >>>> >>>> Chris >>>> >>>>> -----Original Message----- >>>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>>>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood >>>>> Sent: Friday, March 18, 2011 8:23 AM >>>>> To: rancid-discuss at shrubbery.net >>>>> Subject: [rancid] Routing table >>>>> >>>>> Hi, >>>>> >>>>> I would like to start monitoring our routing table for changes. I found some >>>>> instructions related to Rancid v2.3.1, but for some reason I cannot get it to work >>>>> with my current version 2.3.6. Not sure what's going on, but I must admit I'm >>>>> not an expert on this topic. >>>>> >>>>> Is someone able to provide me with the config-changes necessary to be able to >>>>> include a "show ip route" in each run? >>>>> >>>>> Thanks! >>>>> Joost >>>>> >>>>> ________________________________ >>>>> >>>>> The information in this e-mail is intended only for the person or entity to which >>>>> it is addressed. >>>>> >>>>> It may contain confidential and /or privileged material. If someone other than >>>>> the intended recipient should receive this e-mail, he / she shall not be entitled to >>>>> read, disseminate, disclose or duplicate it. >>>>> >>>>> If you receive this e-mail unintentionally, please inform us immediately by >>>>> "reply" and then delete it from your system. Although this information has been >>>>> compiled with great care, neither IMC Financial Markets & Asset Management >>>>> nor any of its related entities shall accept any responsibility for any errors, >>>>> omissions or other inaccuracies in this information or for the consequences >>>>> thereof, nor shall it be bound in any way by the contents of this e-mail or its >>>>> attachments. In the event of incomplete or incorrect transmission, please return >>>>> the e-mail to the sender and permanently delete this message and any >>>>> attachments. >>>>> >>>>> Messages and attachments are scanned for all known viruses. Always scan >>>>> attachments before opening them. >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >>>> CONFIDENTIALITY NOTICE >>>> Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >>> >>> . . . . . . . . . . . . . . . . . . . . . . . . . >>> Jethro R Binks, Network Manager, >>> Information Services Directorate, University Of Strathclyde, Glasgow, UK >>> >>> The University of Strathclyde is a charitable body, registered in >>> Scotland, number SC015263. >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> From cgauthier at mapscu.com Fri Mar 18 17:00:56 2011 From: cgauthier at mapscu.com (Chris Gauthier) Date: Fri, 18 Mar 2011 10:00:56 -0700 Subject: [rancid] Routing table In-Reply-To: <2509954013772127446@unknownmsgid> References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> <-2748399343952507712@unknownmsgid> <2509954013772127446@unknownmsgid> Message-ID: I like the earlier idea of a "knob" to turn the feature on or off. It could be particularly "noisy" if you start having dynamic routing problems. Chris > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Nick Buraglio > Sent: Friday, March 18, 2011 9:51 AM > To: james machado > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Routing table > > Ok. I'll add it to my to-do list. > > -- > nb > > On Mar 18, 2011, at 11:45 AM, james machado > wrote: > > > This would be a very nice thing to be able to do. I would be very > > interested in this. > > > > James > > > > On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio wrote: > >> We are doing this with our regional network using some simple scripts > >> and svn. I've often considered rolling this into our rancid install > >> and pushed it deeper into campuses. Is this something others may want? > >> > >> > >> -- > >> nb > >> > >> On Mar 18, 2011, at 11:07 AM, Jethro R Binks > wrote: > >> > >>> On Fri, 18 Mar 2011, Chris Gauthier wrote: > >>> > >>>> This is an interesting idea I had not considered before. I might > >>>> also be interested in this "feature". > >>> > >>> I do this for h3crancid. However, I need to arrange for it to be > >>> sorted, as the order tends to change sometimes causing unnecessary > >>> updates (OSPF campus environment). > >>> > >>> However, I suspect a knob is needed for the end user to be able to > >>> turn it on or off, as some people definitely won't want this, > >>> especially if they are in an environment where the routes are unstable for > whatever reason. > >>> Rancid's probably not the best tool in that case. > >>> > >>> J. > >>> > >>> > >>>> > >>>> Chris > >>>> > >>>>> -----Original Message----- > >>>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > >>>>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood > >>>>> Sent: Friday, March 18, 2011 8:23 AM > >>>>> To: rancid-discuss at shrubbery.net > >>>>> Subject: [rancid] Routing table > >>>>> > >>>>> Hi, > >>>>> > >>>>> I would like to start monitoring our routing table for changes. I > >>>>> found some instructions related to Rancid v2.3.1, but for some > >>>>> reason I cannot get it to work with my current version 2.3.6. Not > >>>>> sure what's going on, but I must admit I'm not an expert on this topic. > >>>>> > >>>>> Is someone able to provide me with the config-changes necessary to > >>>>> be able to include a "show ip route" in each run? > >>>>> > >>>>> Thanks! > >>>>> Joost > >>>>> > >>>>> ________________________________ > >>>>> > >>>>> The information in this e-mail is intended only for the person or > >>>>> entity to which it is addressed. > >>>>> > >>>>> It may contain confidential and /or privileged material. If > >>>>> someone other than the intended recipient should receive this > >>>>> e-mail, he / she shall not be entitled to read, disseminate, disclose or > duplicate it. > >>>>> > >>>>> If you receive this e-mail unintentionally, please inform us > >>>>> immediately by "reply" and then delete it from your system. > >>>>> Although this information has been compiled with great care, > >>>>> neither IMC Financial Markets & Asset Management nor any of its > >>>>> related entities shall accept any responsibility for any errors, > >>>>> omissions or other inaccuracies in this information or for the > >>>>> consequences thereof, nor shall it be bound in any way by the > >>>>> contents of this e-mail or its attachments. In the event of > >>>>> incomplete or incorrect transmission, please return the e-mail to the > sender and permanently delete this message and any attachments. > >>>>> > >>>>> Messages and attachments are scanned for all known viruses. Always > >>>>> scan attachments before opening them. > >>>>> _______________________________________________ > >>>>> Rancid-discuss mailing list > >>>>> Rancid-discuss at shrubbery.net > >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>>> ------------------------------------------------------------------- > >>>> ------------------------------------------------------------------- > >>>> ------------------------------------------------------------------- > >>>> --------- > >>>> CONFIDENTIALITY NOTICE > >>>> Attention: The information contained in this email and/or attachments is > intended only for the person or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended recipient is > prohibited. If you received this in error, please contact the sender and delete the > material from any system and destroy any copies. > >>>> _______________________________________________ > >>>> Rancid-discuss mailing list > >>>> Rancid-discuss at shrubbery.net > >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>> > >>> . . . . . . . . . . . . . . . . . . . . . . . . . > >>> Jethro R Binks, Network Manager, > >>> Information Services Directorate, University Of Strathclyde, > >>> Glasgow, UK > >>> > >>> The University of Strathclyde is a charitable body, registered in > >>> Scotland, number SC015263. > >>> _______________________________________________ > >>> Rancid-discuss mailing list > >>> Rancid-discuss at shrubbery.net > >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. From nick at buraglio.com Fri Mar 18 17:13:24 2011 From: nick at buraglio.com (Nick Buraglio) Date: Fri, 18 Mar 2011 12:13:24 -0500 Subject: [rancid] Routing table In-Reply-To: References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> <-2748399343952507712@unknownmsgid> <2509954013772127446@unknownmsgid> Message-ID: <-1084822984805418534@unknownmsgid> Oh yeah, it makes much more sense to make it an option. -- nb On Mar 18, 2011, at 12:02 PM, Chris Gauthier wrote: > I like the earlier idea of a "knob" to turn the feature on or off. It could be particularly "noisy" if you start having dynamic routing problems. > > Chris > > >> -----Original Message----- >> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >> bounces at shrubbery.net] On Behalf Of Nick Buraglio >> Sent: Friday, March 18, 2011 9:51 AM >> To: james machado >> Cc: rancid-discuss at shrubbery.net >> Subject: Re: [rancid] Routing table >> >> Ok. I'll add it to my to-do list. >> >> -- >> nb >> >> On Mar 18, 2011, at 11:45 AM, james machado >> wrote: >> >>> This would be a very nice thing to be able to do. I would be very >>> interested in this. >>> >>> James >>> >>> On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio wrote: >>>> We are doing this with our regional network using some simple scripts >>>> and svn. I've often considered rolling this into our rancid install >>>> and pushed it deeper into campuses. Is this something others may want? >>>> >>>> >>>> -- >>>> nb >>>> >>>> On Mar 18, 2011, at 11:07 AM, Jethro R Binks >> wrote: >>>> >>>>> On Fri, 18 Mar 2011, Chris Gauthier wrote: >>>>> >>>>>> This is an interesting idea I had not considered before. I might >>>>>> also be interested in this "feature". >>>>> >>>>> I do this for h3crancid. However, I need to arrange for it to be >>>>> sorted, as the order tends to change sometimes causing unnecessary >>>>> updates (OSPF campus environment). >>>>> >>>>> However, I suspect a knob is needed for the end user to be able to >>>>> turn it on or off, as some people definitely won't want this, >>>>> especially if they are in an environment where the routes are unstable for >> whatever reason. >>>>> Rancid's probably not the best tool in that case. >>>>> >>>>> J. >>>>> >>>>> >>>>>> >>>>>> Chris >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- >>>>>>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood >>>>>>> Sent: Friday, March 18, 2011 8:23 AM >>>>>>> To: rancid-discuss at shrubbery.net >>>>>>> Subject: [rancid] Routing table >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I would like to start monitoring our routing table for changes. I >>>>>>> found some instructions related to Rancid v2.3.1, but for some >>>>>>> reason I cannot get it to work with my current version 2.3.6. Not >>>>>>> sure what's going on, but I must admit I'm not an expert on this topic. >>>>>>> >>>>>>> Is someone able to provide me with the config-changes necessary to >>>>>>> be able to include a "show ip route" in each run? >>>>>>> >>>>>>> Thanks! >>>>>>> Joost >>>>>>> >>>>>>> ________________________________ >>>>>>> >>>>>>> The information in this e-mail is intended only for the person or >>>>>>> entity to which it is addressed. >>>>>>> >>>>>>> It may contain confidential and /or privileged material. If >>>>>>> someone other than the intended recipient should receive this >>>>>>> e-mail, he / she shall not be entitled to read, disseminate, disclose or >> duplicate it. >>>>>>> >>>>>>> If you receive this e-mail unintentionally, please inform us >>>>>>> immediately by "reply" and then delete it from your system. >>>>>>> Although this information has been compiled with great care, >>>>>>> neither IMC Financial Markets & Asset Management nor any of its >>>>>>> related entities shall accept any responsibility for any errors, >>>>>>> omissions or other inaccuracies in this information or for the >>>>>>> consequences thereof, nor shall it be bound in any way by the >>>>>>> contents of this e-mail or its attachments. In the event of >>>>>>> incomplete or incorrect transmission, please return the e-mail to the >> sender and permanently delete this message and any attachments. >>>>>>> >>>>>>> Messages and attachments are scanned for all known viruses. Always >>>>>>> scan attachments before opening them. >>>>>>> _______________________________________________ >>>>>>> Rancid-discuss mailing list >>>>>>> Rancid-discuss at shrubbery.net >>>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>> >>>>>> ------------------------------------------------------------------- >>>>>> ------------------------------------------------------------------- >>>>>> ------------------------------------------------------------------- >>>>>> --------- >>>>>> CONFIDENTIALITY NOTICE >>>>>> Attention: The information contained in this email and/or attachments is >> intended only for the person or entity to which it is addressed and may contain >> confidential and/or privileged material. Any review, retransmission, >> dissemination or other use of, or taking of any action in reliance upon, this >> information by persons or entities other than the intended recipient is >> prohibited. If you received this in error, please contact the sender and delete the >> material from any system and destroy any copies. >>>>>> _______________________________________________ >>>>>> Rancid-discuss mailing list >>>>>> Rancid-discuss at shrubbery.net >>>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>>>> >>>>> >>>>> . . . . . . . . . . . . . . . . . . . . . . . . . >>>>> Jethro R Binks, Network Manager, >>>>> Information Services Directorate, University Of Strathclyde, >>>>> Glasgow, UK >>>>> >>>>> The University of Strathclyde is a charitable body, registered in >>>>> Scotland, number SC015263. >>>>> _______________________________________________ >>>>> Rancid-discuss mailing list >>>>> Rancid-discuss at shrubbery.net >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>>> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Bob.Brunette at cdw.com Fri Mar 18 17:21:32 2011 From: Bob.Brunette at cdw.com (Bob Brunette) Date: Fri, 18 Mar 2011 12:21:32 -0500 Subject: [rancid] Routing table In-Reply-To: References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> <-2748399343952507712@unknownmsgid> <2509954013772127446@unknownmsgid> Message-ID: A "knob" idea for minimizing noisiness would be to not output routes that are newer than a hold-down period and instead output a single "!Routing change detected" line at the end of the routes display. If you collect configs hourly, you could set the hold-down timer to 65 minutes or so. This way, you would see a single change with the "!Routing change detected" line in your config history as long as routes continue to flap between collections. Obviously this masks multiple routing changes and wouldn't help in troubleshooting a route flapping problem, but that's not what RANCID is for anyway. Bob -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Chris Gauthier Sent: Friday, March 18, 2011 12:01 PM To: rancid-discuss at shrubbery.net Subject: Re: [rancid] Routing table I like the earlier idea of a "knob" to turn the feature on or off. It could be particularly "noisy" if you start having dynamic routing problems. Chris > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > bounces at shrubbery.net] On Behalf Of Nick Buraglio > Sent: Friday, March 18, 2011 9:51 AM > To: james machado > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Routing table > > Ok. I'll add it to my to-do list. > > -- > nb > > On Mar 18, 2011, at 11:45 AM, james machado > wrote: > > > This would be a very nice thing to be able to do. I would be very > > interested in this. > > > > James > > > > On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio wrote: > >> We are doing this with our regional network using some simple scripts > >> and svn. I've often considered rolling this into our rancid install > >> and pushed it deeper into campuses. Is this something others may want? > >> > >> > >> -- > >> nb > >> > >> On Mar 18, 2011, at 11:07 AM, Jethro R Binks > wrote: > >> > >>> On Fri, 18 Mar 2011, Chris Gauthier wrote: > >>> > >>>> This is an interesting idea I had not considered before. I might > >>>> also be interested in this "feature". > >>> > >>> I do this for h3crancid. However, I need to arrange for it to be > >>> sorted, as the order tends to change sometimes causing unnecessary > >>> updates (OSPF campus environment). > >>> > >>> However, I suspect a knob is needed for the end user to be able to > >>> turn it on or off, as some people definitely won't want this, > >>> especially if they are in an environment where the routes are unstable for > whatever reason. > >>> Rancid's probably not the best tool in that case. > >>> > >>> J. > >>> > >>> > >>>> > >>>> Chris > >>>> > >>>>> -----Original Message----- > >>>>> From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > >>>>> bounces at shrubbery.net] On Behalf Of Joost Eijgenbrood > >>>>> Sent: Friday, March 18, 2011 8:23 AM > >>>>> To: rancid-discuss at shrubbery.net > >>>>> Subject: [rancid] Routing table > >>>>> > >>>>> Hi, > >>>>> > >>>>> I would like to start monitoring our routing table for changes. I > >>>>> found some instructions related to Rancid v2.3.1, but for some > >>>>> reason I cannot get it to work with my current version 2.3.6. Not > >>>>> sure what's going on, but I must admit I'm not an expert on this topic. > >>>>> > >>>>> Is someone able to provide me with the config-changes necessary to > >>>>> be able to include a "show ip route" in each run? > >>>>> > >>>>> Thanks! > >>>>> Joost > >>>>> > >>>>> ________________________________ > >>>>> > >>>>> The information in this e-mail is intended only for the person or > >>>>> entity to which it is addressed. > >>>>> > >>>>> It may contain confidential and /or privileged material. If > >>>>> someone other than the intended recipient should receive this > >>>>> e-mail, he / she shall not be entitled to read, disseminate, disclose or > duplicate it. > >>>>> > >>>>> If you receive this e-mail unintentionally, please inform us > >>>>> immediately by "reply" and then delete it from your system. > >>>>> Although this information has been compiled with great care, > >>>>> neither IMC Financial Markets & Asset Management nor any of its > >>>>> related entities shall accept any responsibility for any errors, > >>>>> omissions or other inaccuracies in this information or for the > >>>>> consequences thereof, nor shall it be bound in any way by the > >>>>> contents of this e-mail or its attachments. In the event of > >>>>> incomplete or incorrect transmission, please return the e-mail to the > sender and permanently delete this message and any attachments. > >>>>> > >>>>> Messages and attachments are scanned for all known viruses. Always > >>>>> scan attachments before opening them. > >>>>> _______________________________________________ > >>>>> Rancid-discuss mailing list > >>>>> Rancid-discuss at shrubbery.net > >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>>> ------------------------------------------------------------------- > >>>> ------------------------------------------------------------------- > >>>> ------------------------------------------------------------------- > >>>> --------- > >>>> CONFIDENTIALITY NOTICE > >>>> Attention: The information contained in this email and/or attachments is > intended only for the person or entity to which it is addressed and may contain > confidential and/or privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in reliance upon, this > information by persons or entities other than the intended recipient is > prohibited. If you received this in error, please contact the sender and delete the > material from any system and destroy any copies. > >>>> _______________________________________________ > >>>> Rancid-discuss mailing list > >>>> Rancid-discuss at shrubbery.net > >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >>>> > >>> > >>> . . . . . . . . . . . . . . . . . . . . . . . . . > >>> Jethro R Binks, Network Manager, > >>> Information Services Directorate, University Of Strathclyde, > >>> Glasgow, UK > >>> > >>> The University of Strathclyde is a charitable body, registered in > >>> Scotland, number SC015263. > >>> _______________________________________________ > >>> Rancid-discuss mailing list > >>> Rancid-discuss at shrubbery.net > >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ CONFIDENTIALITY NOTICE Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From ron.whitney at doitbest.com Fri Mar 18 17:41:13 2011 From: ron.whitney at doitbest.com (Ron Whitney) Date: Fri, 18 Mar 2011 13:41:13 -0400 Subject: [rancid] Routing table In-Reply-To: Message-ID: <1FD6BFAE6EA54341821D01FB8E617B6503EE84A5@EXCHANGE1.ntserv.doitbestcorp.com> Personally, I'd want a way to turn it off globally for a device or set of devices. For my internal routers, I see it having value and I too would welcome the feature. However, for my Internet routers, I see no reason to have RANCID look at 330,000+ prefixes that constantly change. Perhaps a "knob" and a "switch" would be in order. Ron Whitney Network Administrator Do it Best Corp. | 6502 Nelson Road | Fort Wayne, IN 46803 260.748.5657 (direct) | 260.748.5623 (fax) > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Bob Brunette > Sent: Friday, March 18, 2011 13:22 > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Routing table > > > A "knob" idea for minimizing noisiness would be to not output > routes that are newer than a hold-down period and instead > output a single "!Routing change detected" line at the end of > the routes display. If you collect configs hourly, you could > set the hold-down timer to 65 minutes or so. > > This way, you would see a single change with the "!Routing > change detected" line in your config history as long as > routes continue to flap between collections. Obviously this > masks multiple routing changes and wouldn't help in > troubleshooting a route flapping problem, but that's not what > RANCID is for anyway. > > Bob > > > -----Original Message----- > From: rancid-discuss-bounces at shrubbery.net > [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of > Chris Gauthier > Sent: Friday, March 18, 2011 12:01 PM > To: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Routing table > > I like the earlier idea of a "knob" to turn the feature on or > off. It could be particularly "noisy" if you start having > dynamic routing problems. > > Chris > > > > -----Original Message----- > > From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss- > > bounces at shrubbery.net] On Behalf Of Nick Buraglio > > Sent: Friday, March 18, 2011 9:51 AM > > To: james machado > > Cc: rancid-discuss at shrubbery.net > > Subject: Re: [rancid] Routing table > > > > Ok. I'll add it to my to-do list. > > > > -- > > nb > > > > On Mar 18, 2011, at 11:45 AM, james machado > > wrote: > > > > > This would be a very nice thing to be able to do. I > would be very > > > interested in this. > > > > > > James > > > > > > On Fri, Mar 18, 2011 at 9:27 AM, Nick Buraglio > > > > wrote: > > >> We are doing this with our regional network using some simple > > >> scripts and svn. I've often considered rolling this into > our rancid > > >> install and pushed it deeper into campuses. Is this something > > >> others may want? > > >> > > >> > > >> -- > > >> nb > > >> > > >> On Mar 18, 2011, at 11:07 AM, Jethro R Binks > > >> > > wrote: > > >> > > >>> On Fri, 18 Mar 2011, Chris Gauthier wrote: > > >>> > > >>>> This is an interesting idea I had not considered > before. I might > > >>>> also be interested in this "feature". > > >>> > > >>> I do this for h3crancid. However, I need to arrange > for it to be > > >>> sorted, as the order tends to change sometimes causing > unnecessary > > >>> updates (OSPF campus environment). > > >>> > > >>> However, I suspect a knob is needed for the end user to > be able to > > >>> turn it on or off, as some people definitely won't want this, > > >>> especially if they are in an environment where the routes are > > >>> unstable for > > whatever reason. > > >>> Rancid's probably not the best tool in that case. > > >>> > > >>> J. > > >>> > > >>> > > >>>> > > >>>> Chris > > >>>> > > >>>>> -----Original Message----- > > >>>>> From: rancid-discuss-bounces at shrubbery.net > > >>>>> [mailto:rancid-discuss- bounces at shrubbery.net] On Behalf Of > > >>>>> Joost Eijgenbrood > > >>>>> Sent: Friday, March 18, 2011 8:23 AM > > >>>>> To: rancid-discuss at shrubbery.net > > >>>>> Subject: [rancid] Routing table > > >>>>> > > >>>>> Hi, > > >>>>> > > >>>>> I would like to start monitoring our routing table > for changes. > > >>>>> I found some instructions related to Rancid v2.3.1, > but for some > > >>>>> reason I cannot get it to work with my current version 2.3.6. > > >>>>> Not sure what's going on, but I must admit I'm not an > expert on > > >>>>> this topic. > > >>>>> > > >>>>> Is someone able to provide me with the config-changes > necessary > > >>>>> to be able to include a "show ip route" in each run? > > >>>>> > > >>>>> Thanks! > > >>>>> Joost > > >>>>> > > >>>>> ________________________________ > > >>>>> > > >>>>> The information in this e-mail is intended only for > the person > > >>>>> or entity to which it is addressed. > > >>>>> > > >>>>> It may contain confidential and /or privileged material. If > > >>>>> someone other than the intended recipient should receive this > > >>>>> e-mail, he / she shall not be entitled to read, disseminate, > > >>>>> disclose or > > duplicate it. > > >>>>> > > >>>>> If you receive this e-mail unintentionally, please inform us > > >>>>> immediately by "reply" and then delete it from your system. > > >>>>> Although this information has been compiled with great care, > > >>>>> neither IMC Financial Markets & Asset Management nor > any of its > > >>>>> related entities shall accept any responsibility for > any errors, > > >>>>> omissions or other inaccuracies in this information > or for the > > >>>>> consequences thereof, nor shall it be bound in any way by the > > >>>>> contents of this e-mail or its attachments. In the event of > > >>>>> incomplete or incorrect transmission, please return > the e-mail > > >>>>> to the > > sender and permanently delete this message and any attachments. > > >>>>> > > >>>>> Messages and attachments are scanned for all known viruses. > > >>>>> Always scan attachments before opening them. > > >>>>> _______________________________________________ > > >>>>> Rancid-discuss mailing list Rancid-discuss at shrubbery.net > > >>>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >>>> > > >>>> > ----------------------------------------------------------------- > > >>>> -- > > >>>> > ------------------------------------------------------------------- > > >>>> > ------------------------------------------------------------------- > > >>>> --------- > > >>>> CONFIDENTIALITY NOTICE > > >>>> Attention: The information contained in this email > and/or attachments is > > intended only for the person or entity to which it is addressed and > > may contain confidential and/or privileged material. Any review, > > retransmission, dissemination or other use of, or taking of > any action > > in reliance upon, this information by persons or entities > other than > > the intended recipient is prohibited. If you received this > in error, > > please contact the sender and delete the material from any > system and > > destroy any copies. > > >>>> _______________________________________________ > > >>>> Rancid-discuss mailing list > > >>>> Rancid-discuss at shrubbery.net > > >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >>>> > > >>> > > >>> . . . . . . . . . . . . . . . . . . . > . . . > > >>> . . . Jethro R Binks, Network Manager, Information Services > > >>> Directorate, University Of Strathclyde, Glasgow, UK > > >>> > > >>> The University of Strathclyde is a charitable body, > registered in > > >>> Scotland, number SC015263. > > >>> _______________________________________________ > > >>> Rancid-discuss mailing list > > >>> Rancid-discuss at shrubbery.net > > >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > >> > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > -------------------------------------------------------------- > -------------------------------------------------------------- > -------------------------------------------------------------- > ------------------------ > CONFIDENTIALITY NOTICE > Attention: The information contained in this email and/or > attachments is intended only for the person or entity to > which it is addressed and may contain confidential and/or > privileged material. Any review, retransmission, > dissemination or other use of, or taking of any action in > reliance upon, this information by persons or entities other > than the intended recipient is prohibited. If you received > this in error, please contact the sender and delete the > material from any system and destroy any copies. > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From Atif.Siddiqui at HydroOne.com Wed Mar 23 16:31:06 2011 From: Atif.Siddiqui at HydroOne.com (Atif.Siddiqui at HydroOne.com) Date: Wed, 23 Mar 2011 12:31:06 -0400 Subject: [rancid] Juniper Netscreen 'get chassis' information In-Reply-To: <1FD6BFAE6EA54341821D01FB8E617B6503EE84A5@EXCHANGE1.ntserv.doitbestcorp.com> References: <1FD6BFAE6EA54341821D01FB8E617B6503EE84A5@EXCHANGE1.ntserv.doitbestcorp.com> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D60313F598@1104MILPEV.corp.hydroone.com> Any version of RANCID catches output of 'get chassis' command on Juniper Netscreen. Thanks, From corey at sequestered.net Wed Mar 23 22:57:21 2011 From: corey at sequestered.net (Corey Quinn) Date: Wed, 23 Mar 2011 15:57:21 -0700 Subject: [rancid] Juniper Netscreen 'get chassis' information In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D60313F598@1104MILPEV.corp.hydroone.com> References: <1FD6BFAE6EA54341821D01FB8E617B6503EE84A5@EXCHANGE1.ntserv.doitbestcorp.com> <41BBAE5132ABA54BB2BA8716254F03D60313F598@1104MILPEV.corp.hydroone.com> Message-ID: <1AA8BB9B-C0BA-43E2-96FA-84F0C12EFBEE@sequestered.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar 23, 2011, at 9:31 AM, wrote: > Any version of RANCID catches output of 'get chassis' command on > Juniper Netscreen. > Looks like jrancid covers a range of "get chassis" options. - -- Corey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNinrRAAoJEPmSS8816iBe9HsIAJlxEMMtVFV6BRIm2izEUf5D vdzKLSjdzUxbkZmxIlZ2o7RecsOKwPVW1ed6DKzxyGh9HCW6vklrsNBJw+X2s/5i mKFvRFQCU3fiuDb2nR6WEIA+dwBR08lNcr5LIIZmQB2wcRsnXzr0KrG9CZ7tSa5t yM3vyZO9BRImoTNcTpasTx42DLiJPbnDRn3epuhbCU2CfvHMf8ul3i54q+Gg63R9 3A3JiCBuvLShGsZTiGZVrHw+mzBKMp9npFm1Ay5qExSjwM2bIGeTKF3rDqJqhgpT /iL67G4o7EQJSWlavi4V8QkZZ9JdPLpoBFGkOLHQcSRTWkYM7qjtfkhHnLqhjSg= =PmLJ -----END PGP SIGNATURE----- From Atif.Siddiqui at HydroOne.com Wed Mar 23 23:35:03 2011 From: Atif.Siddiqui at HydroOne.com (Atif.Siddiqui at HydroOne.com) Date: Wed, 23 Mar 2011 19:35:03 -0400 Subject: [rancid] Juniper Netscreen 'get chassis' information In-Reply-To: <1AA8BB9B-C0BA-43E2-96FA-84F0C12EFBEE@sequestered.net> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D60313F5A2@1104MILPEV.corp.hydroone.com> Netscreen uses nrancid. ----- Original Message ----- From: Corey Quinn [mailto:corey at sequestered.net] Sent: Wednesday, March 23, 2011 06:57 PM To: SIDDIQUI Atif Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Juniper Netscreen 'get chassis' information -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar 23, 2011, at 9:31 AM, wrote: > Any version of RANCID catches output of 'get chassis' command on > Juniper Netscreen. > Looks like jrancid covers a range of "get chassis" options. - -- Corey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNinrRAAoJEPmSS8816iBe9HsIAJlxEMMtVFV6BRIm2izEUf5D vdzKLSjdzUxbkZmxIlZ2o7RecsOKwPVW1ed6DKzxyGh9HCW6vklrsNBJw+X2s/5i mKFvRFQCU3fiuDb2nR6WEIA+dwBR08lNcr5LIIZmQB2wcRsnXzr0KrG9CZ7tSa5t yM3vyZO9BRImoTNcTpasTx42DLiJPbnDRn3epuhbCU2CfvHMf8ul3i54q+Gg63R9 3A3JiCBuvLShGsZTiGZVrHw+mzBKMp9npFm1Ay5qExSjwM2bIGeTKF3rDqJqhgpT /iL67G4o7EQJSWlavi4V8QkZZ9JdPLpoBFGkOLHQcSRTWkYM7qjtfkhHnLqhjSg= =PmLJ -----END PGP SIGNATURE----- From corey at sequestered.net Thu Mar 24 00:01:03 2011 From: corey at sequestered.net (Corey Quinn) Date: Wed, 23 Mar 2011 17:01:03 -0700 Subject: [rancid] Juniper Netscreen 'get chassis' information In-Reply-To: <41BBAE5132ABA54BB2BA8716254F03D60313F5A2@1104MILPEV.corp.hydroone.com> References: <41BBAE5132ABA54BB2BA8716254F03D60313F5A2@1104MILPEV.corp.hydroone.com> Message-ID: <33C01F7B-224E-4DA2-A27D-DDB3AC89FBE4@sequestered.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Correct, but transplanting those functions into place should get you some degree of success I would think? - -- Corey On Mar 23, 2011, at 4:35 PM, wrote: > Netscreen uses nrancid. > > ----- Original Message ----- > From: Corey Quinn [mailto:corey at sequestered.net] > Sent: Wednesday, March 23, 2011 06:57 PM > To: SIDDIQUI Atif > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Juniper Netscreen 'get chassis' information > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mar 23, 2011, at 9:31 AM, wrote: > >> Any version of RANCID catches output of 'get chassis' command on >> Juniper Netscreen. >> > > Looks like jrancid covers a range of "get chassis" options. > > - -- Corey > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > > iQEcBAEBAgAGBQJNinrRAAoJEPmSS8816iBe9HsIAJlxEMMtVFV6BRIm2izEUf5D > vdzKLSjdzUxbkZmxIlZ2o7RecsOKwPVW1ed6DKzxyGh9HCW6vklrsNBJw+X2s/5i > mKFvRFQCU3fiuDb2nR6WEIA+dwBR08lNcr5LIIZmQB2wcRsnXzr0KrG9CZ7tSa5t > yM3vyZO9BRImoTNcTpasTx42DLiJPbnDRn3epuhbCU2CfvHMf8ul3i54q+Gg63R9 > 3A3JiCBuvLShGsZTiGZVrHw+mzBKMp9npFm1Ay5qExSjwM2bIGeTKF3rDqJqhgpT > /iL67G4o7EQJSWlavi4V8QkZZ9JdPLpoBFGkOLHQcSRTWkYM7qjtfkhHnLqhjSg= > =PmLJ > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNiom/AAoJEPmSS8816iBewIcH/Rqw5mgALM4eCKhz50WrnNbT fBZPHJlyep7mOQdJjS+ZStuekUsS8F8Ok3DgpqcWPWvf6uxmHD9SoL91FQUJIuK0 CGS9yvuJNJ25SuEpgwK7sNVTbEE3sGnUQm0c7HqfpEK1p2VmwpybW0NuaZ69FXx5 dR41LJam6+XsJxl8CbSdW33KBUyDhejIrj7gonKjAFqwctQ4rZ5xm6uxbGTYZyh1 ykgTxr3537kZC6B82fGj/TDOx2fW2lPyFvLC5E+CP0nQuDzoam9AyGQGdZXqmEgt AmaZaW7/vQ0i3FS1RA5mHz2/UaBfpAvr/YCCQr/8Qs/IO1Gx91cnysGiQmF/5aQ= =ffgk -----END PGP SIGNATURE----- From Atif.Siddiqui at HydroOne.com Thu Mar 24 01:50:48 2011 From: Atif.Siddiqui at HydroOne.com (Atif.Siddiqui at HydroOne.com) Date: Wed, 23 Mar 2011 21:50:48 -0400 Subject: [rancid] Juniper Netscreen 'get chassis' information In-Reply-To: <33C01F7B-224E-4DA2-A27D-DDB3AC89FBE4@sequestered.net> Message-ID: <41BBAE5132ABA54BB2BA8716254F03D60313F5A3@1104MILPEV.corp.hydroone.com> I see what you mean, will have a look. Just wondering if anyone already took a shot at it. Thanks ----- Original Message ----- From: Corey Quinn [mailto:corey at sequestered.net] Sent: Wednesday, March 23, 2011 08:01 PM To: SIDDIQUI Atif Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Juniper Netscreen 'get chassis' information -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Correct, but transplanting those functions into place should get you some degree of success I would think? - -- Corey On Mar 23, 2011, at 4:35 PM, wrote: > Netscreen uses nrancid. > > ----- Original Message ----- > From: Corey Quinn [mailto:corey at sequestered.net] > Sent: Wednesday, March 23, 2011 06:57 PM > To: SIDDIQUI Atif > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Juniper Netscreen 'get chassis' information > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Mar 23, 2011, at 9:31 AM, wrote: > >> Any version of RANCID catches output of 'get chassis' command on >> Juniper Netscreen. >> > > Looks like jrancid covers a range of "get chassis" options. > > - -- Corey > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (Darwin) > > iQEcBAEBAgAGBQJNinrRAAoJEPmSS8816iBe9HsIAJlxEMMtVFV6BRIm2izEUf5D > vdzKLSjdzUxbkZmxIlZ2o7RecsOKwPVW1ed6DKzxyGh9HCW6vklrsNBJw+X2s/5i > mKFvRFQCU3fiuDb2nR6WEIA+dwBR08lNcr5LIIZmQB2wcRsnXzr0KrG9CZ7tSa5t > yM3vyZO9BRImoTNcTpasTx42DLiJPbnDRn3epuhbCU2CfvHMf8ul3i54q+Gg63R9 > 3A3JiCBuvLShGsZTiGZVrHw+mzBKMp9npFm1Ay5qExSjwM2bIGeTKF3rDqJqhgpT > /iL67G4o7EQJSWlavi4V8QkZZ9JdPLpoBFGkOLHQcSRTWkYM7qjtfkhHnLqhjSg= > =PmLJ > -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) iQEcBAEBAgAGBQJNiom/AAoJEPmSS8816iBewIcH/Rqw5mgALM4eCKhz50WrnNbT fBZPHJlyep7mOQdJjS+ZStuekUsS8F8Ok3DgpqcWPWvf6uxmHD9SoL91FQUJIuK0 CGS9yvuJNJ25SuEpgwK7sNVTbEE3sGnUQm0c7HqfpEK1p2VmwpybW0NuaZ69FXx5 dR41LJam6+XsJxl8CbSdW33KBUyDhejIrj7gonKjAFqwctQ4rZ5xm6uxbGTYZyh1 ykgTxr3537kZC6B82fGj/TDOx2fW2lPyFvLC5E+CP0nQuDzoam9AyGQGdZXqmEgt AmaZaW7/vQ0i3FS1RA5mHz2/UaBfpAvr/YCCQr/8Qs/IO1Gx91cnysGiQmF/5aQ= =ffgk -----END PGP SIGNATURE----- From rmayer at vinotech.de Sat Mar 26 07:10:42 2011 From: rmayer at vinotech.de (Ralph J.Mayer) Date: Sat, 26 Mar 2011 08:10:42 +0100 Subject: [rancid] Routing table In-Reply-To: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> References: <738766D83620EC4C9684892C5CA8641928F77B@Mailtrading02.trading.imc.intra> Message-ID: <4D8D9172.7040404@vinotech.de> Hi, just my point of view: - Rancid does configbackups - 'sh ip route' gives you a current state, not the configured state (dyn. routing) - you want monitoring, use a monitoringtool like Icinga - there are snmp tables for that -- Viele Gr??e / Kind Regards / Cordiali Saluti / Met vriendelijke groet Ralph J.Mayer xmpp:rmayer at vinotech.de www.vinoblog.de mailto:rmayer at vinotech.de From networkgeni at gmail.com Tue Mar 29 07:17:32 2011 From: networkgeni at gmail.com (Network Geni) Date: Tue, 29 Mar 2011 12:17:32 +0500 Subject: [rancid] New Device problem Message-ID: Friends, I have been trying to alter scripts to make them work with the chineese router (maipu) but could not succeed. It has every thing similar to cisco and CLI is also same as cisco but for some reason cisco scripts are not working with it. I am attaching running-configuration of the router and debugging info. If someone can please tell me whats wrong in this device format due to which cisco scripts are not working... or if someone is kind enough to alter the scripts to make them work with this device. I only need to use rancid for for configuration backup only.. No other commands are required. I shall be really greatful. Kind regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: debug.log Type: application/octet-stream Size: 26566 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: router-running-config.log Type: application/octet-stream Size: 1957 bytes Desc: not available URL: From istong at costar.com Tue Mar 29 11:12:39 2011 From: istong at costar.com (Ian Stong) Date: Tue, 29 Mar 2011 07:12:39 -0400 Subject: [rancid] Juniper VPN SA with rancid In-Reply-To: References: Message-ID: Hi, Does anyone have example scripts they used to successfully obtain configs from a Juniper SA VPN device (such as an SA4500)? Thanks, Ian -------------- next part -------------- An HTML attachment was scrubbed... URL: From J.S.Peatfield at damtp.cam.ac.uk Tue Mar 29 12:34:46 2011 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Tue, 29 Mar 2011 13:34:46 +0100 (BST) Subject: [rancid] Logging CDP state Re: sorting output from custom commands... In-Reply-To: References: <20100928222801.GX22917@shrubbery.net> <20100929154928.GD20450@shrubbery.net> Message-ID: On Wed, 29 Sep 2010, Jon Peatfield wrote: ... > The current code I'm testing seems to give the answers I want though it does > assume that all devices for port P will be consecutive in the output... ... > I'll be happy to contribute what I end up with if anyone else wants this. Some time has passed and I realized yesterday that I'd not actually sent the version of the patches that we have been using. So here they are, the first is very simple and is just for cisco boxes where we simply have to remove the holdtime from the output, and the second is for HP procurve and is slightly more complex since it does the sorting or the device-ids shown on each port. Note that this is running 'show cdp neighbors detail' so the output can be quite long and you may well get lots of flapping if devices come/go so I'm sure that this isn't for everyone! Hopefully they might be of use to at least someone. Although these patches say 2.3.4 in the filenames I've tested that they apply cleanly to 2.3.6 and since yesterday that is what we are now using. -- Jon -- /--------------------------------------------------------------------\ | "Computers are different from telephones. Computers do not ring." | | -- A. Tanenbaum, "Computer Networks", p. 32 | ---------------------------------------------------------------------| | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | | Mail: jp107 at damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ | \--------------------------------------------------------------------/ -------------- next part -------------- --- rancid-2.3.4/bin/rancid.in.ccdp 2010-07-08 02:48:20.000000000 +0100 +++ rancid-2.3.4/bin/rancid.in 2010-08-19 20:54:35.000000000 +0100 @@ -570,6 +570,34 @@ return(0); } +# A test routine for parsing the output of "show cdp neighbors detail" +sub ShowCDPNeighborsDetail { + print STDERR " In ShowCDPNeighborsDetail: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; + return(1) if /Line has invalid autocommand /; + return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); + # the pager can not be disabled per-session on the PIX + if (/^(<-+ More -+>)/) { + my($len) = length($1); + s/^$1\s{$len}//; + } + + # Skip Holdtime line, or the row of --- at the start of output + next if (/^(Holdtime\s|-------)/); + + ProcessHistory("COMMENTS","keysort","IO","!CDP: $_"); + } + ProcessHistory("COMMENTS","keysort","IO","!\n"); + return(0); +} + + # This routine parses "show rsp chassis-info" for the rsp # This will create arrays for hw info. sub ShowRSP { @@ -1883,6 +1911,7 @@ {'show bootvar' => 'ShowBoot'}, {'show variables boot' => 'ShowBoot'}, {'show flash' => 'ShowFlash'}, + {'show cdp neighbors detail' => 'ShowCDPNeighborsDetail'}, {'dir /all nvram:' => 'DirSlotN'}, {'dir /all bootflash:' => 'DirSlotN'}, {'dir /all slot0:' => 'DirSlotN'}, -------------- next part -------------- --- rancid-2.3.4/bin/hrancid.in.pcdp 2010-06-23 00:17:30.000000000 +0100 +++ rancid-2.3.4/bin/hrancid.in 2011-03-28 18:09:35.000000000 +0100 @@ -283,6 +283,51 @@ return(0); } +# A simple routine for parsing the output of "show cdp neighbors detail" +sub ShowCDPNeighborsDetail { + print STDERR " In ShowCDPNeighborsDetail: $_" if ($debug); + + my $currport=' '; + my $deviceid=''; + my $cdpdblock=''; + my $cdpdblockl=0; + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(-1) if (/command authorization failed/i); + return(1) if /^(Invalid|Ambiguous) input:/i; + # Skip the rows of --- or blank lines + next if (/^(-------|\s*$)/); + # Now strip off any whitespace at the end of the line! + s/\s+$//; + chomp(); + if (/^\s*Port\s*:\s*(.*)/) { + my $newport=$1; + print STDERR " Found cdp port $1 (currport=$currport) sending $cdpdblockl lines\n"; + # send any previous device-block + ProcessHistory("COMMENTS$currport","keysort","IO $deviceid",$cdpdblock); + $currport=$newport; + $cdpdblock=''; + $cdpdblockl=0; + $deviceid=''; + } elsif (/^\s*Device ID\s*:\s*(.*)/) { + $deviceid=$1; + } + # Accumulate all the lines into the current block... + $cdpdblockl++; + print STDERR " Adding to cdp block (port=$currport dev=$deviceid): $_\n"; + $cdpdblock.=";CDP: $_\n"; + } + # And deal with the last block... + print STDERR " Last cdp port $1 (currport=$currport) sending $cdpdblockl lines\n"; + $cdpdblock.=";\n"; + ProcessHistory("COMMENTS$currport","keysort","IO $deviceid",$cdpdblock); + return(0); +} + + # This routine processes a "write term" sub WriteTerm { print STDERR " In WriteTerm: $_" if ($debug); @@ -472,6 +517,7 @@ {'show flash' => 'ShowFlash'}, {'show system-information' => 'ShowSystem'}, {'show system information' => 'ShowSystem'}, + {'show cdp neighbors detail' => 'ShowCDPNeighborsDetail'}, {'show module' => 'ShowModule'}, {'show stack' => 'ShowStack'}, {'write term' => 'WriteTerm'} From J.S.Peatfield at damtp.cam.ac.uk Tue Mar 29 12:43:27 2011 From: J.S.Peatfield at damtp.cam.ac.uk (Jon Peatfield) Date: Tue, 29 Mar 2011 13:43:27 +0100 (BST) Subject: [rancid] rancid reporting ports in err-disable state Message-ID: Yesterday while trying to disagnose a problem with a user not being able to use one port on a switch I noticed that the port in question had managed to get into the err-disabled state. As I'd rather not have to wait for users to complain I've written a trivial patch to get rancid to run (for Cisco only): show interfaces status err-disabled which only generates output if ports are in the err-disabled state, and lists the reason for each port. The lines (if any) are added as comments with the prefix SISED as it made sense at the time. Anyway I thought that this might possibly be of use to others. This patch probably won't cleanly apply for others since the diff was generated after applying a patch to add 'show cdp neighbors detail' to the list of commands, so if anyone needs a patch against the clean 2.3.6 let me know... -- /--------------------------------------------------------------------\ | "Computers are different from telephones. Computers do not ring." | | -- A. Tanenbaum, "Computer Networks", p. 32 | ---------------------------------------------------------------------| | Jon Peatfield, _Computer_ Officer, DAMTP, University of Cambridge | | Mail: jp107 at damtp.cam.ac.uk Web: http://www.damtp.cam.ac.uk/ | \--------------------------------------------------------------------/ -------------- next part -------------- --- rancid-2.3.6/bin/rancid.in.errstate 2011-03-28 18:23:07.000000000 +0100 +++ rancid-2.3.6/bin/rancid.in 2011-03-28 18:33:29.000000000 +0100 @@ -602,6 +602,28 @@ return(0); } +# A test routine for parsing the output of "show interfaces status err-disabled" +sub ShowStatErrDis { + print STDERR " In ShowStatErrDis: $_" if ($debug); + + while () { + tr/\015//d; + last if (/^$prompt/); + next if (/^(\s*|\s*$cmd\s*)$/); + return(1) if /^\s*\^\s*$/; + return(1) if /Line has invalid autocommand /; + return(1) if /(Invalid input detected|Type help or )/; + return(-1) if (/command authorization failed/i); + # the pager can not be disabled per-session on the PIX + if (/^(<-+ More -+>)/) { + my($len) = length($1); + s/^$1\s{$len}//; + } + ProcessHistory("COMMENTS","keysort","IO","!SISED: $_"); + } + ProcessHistory("COMMENTS","keysort","IO","!\n"); + return(0); +} # This routine parses "show rsp chassis-info" for the rsp # This will create arrays for hw info. @@ -1935,6 +1957,7 @@ {'show variables boot' => 'ShowBoot'}, {'show flash' => 'ShowFlash'}, {'show cdp neighbors detail' => 'ShowCDPNeighborsDetail'}, + {'show interfaces status err-disabled' => 'ShowStatErrDis'}, {'dir /all nvram:' => 'DirSlotN'}, {'dir /all bootflash:' => 'DirSlotN'}, {'dir /all slot0:' => 'DirSlotN'}, From Peter.Jevos at oriflame.com Tue Mar 29 12:57:49 2011 From: Peter.Jevos at oriflame.com (Jevos, Peter) Date: Tue, 29 Mar 2011 12:57:49 +0000 Subject: [rancid] Rancid doesn't update some files Message-ID: Hi i'm using rancdid for a months however some routers were suddenly stoped to updating I'm using the comnnand 'show configuration' to download the config when i run ./clogin command with the show config commnand, it displays cuurent config However when i run rancid-run, it stores not a current config and shows no changes Part of the rancid file is: # {'show vlan' => 'ShowVLAN'}, # {'show vlan-switch' => 'ShowVLAN'}, # {'show debug' => 'ShowDebug'}, {'more system:running-config' => 'WriteTerm'}, # ASA/PIX {'show configuration' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, Where can be a problem? In rancid or CVS ? thanks pet From Peter.Jevos at oriflame.com Tue Mar 29 15:00:20 2011 From: Peter.Jevos at oriflame.com (Jevos, Peter) Date: Tue, 29 Mar 2011 15:00:20 +0000 Subject: [rancid] Rancid doesn't update some files In-Reply-To: References: Message-ID: Hi i'm using rancdid for a months however some routers were suddenly stoped to updating I'm using the comnnand 'show configuration' to download the config when i run ./clogin command with the show config commnand, it displays cuurent config However when i run rancid-run, it stores not a current config and shows no changes Part of the rancid file is: # {'show vlan' => 'ShowVLAN'}, # {'show vlan-switch' => 'ShowVLAN'}, # {'show debug' => 'ShowDebug'}, {'more system:running-config' => 'WriteTerm'}, # ASA/PIX {'show configuration' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, Where can be a problem? In rancid or CVS ? thanks pet I've found out, that when I debug it with ./rancid command, it creates .new and .raw file .raw file is correct, but the .new file is not What does it mean? thanks From Peter.Jevos at oriflame.com Tue Mar 29 15:46:44 2011 From: Peter.Jevos at oriflame.com (Jevos, Peter) Date: Tue, 29 Mar 2011 15:46:44 +0000 Subject: [rancid] Rancid doesn't update some files- SOLVED In-Reply-To: References: Message-ID: Thank you , I disabled ACL sort and it is working now : ) Have a nice day pet From: lavermil at gheek.net [mailto:lavermil at gheek.net] On Behalf Of Lance Vermilion Sent: Tuesday, March 29, 2011 5:36 PM To: Jevos, Peter Subject: Re: [rancid] Rancid doesn't update some files It looks like you are seeing the effects of the ACLs being sorted. I think there is an option in the rancid.conf to turn off ACL sorting. I am not sure if you turn it off if the "seq " will come back. I would try turning it off and see what happens. On Tue, Mar 29, 2011 at 8:30 AM, Jevos, Peter > wrote: Thank you for your answer Lance Actually there is a big difference between these files, e.g in content. Here is example .new file: ip prefix-list DENY-2-BGP deny 192.3.0.0/16 le 25 ip prefix-list DENY-2-BGP deny 192.6.100.0/24 ip prefix-list DENY-2-BGP deny 192.196.0.0/16 le 25 ip prefix-list DENY-2-BGP permit 192.0.0.0/8 ! ip prefix-list LAN-NTT permit 192.10.0.0/20 le 24 ip prefix-list LAN-NTT permit 192.10.1.0/24 ip prefix-list LAN-NTT permit 192.10.16.0/21 le 24 ip prefix-list LAN-NTT permit 192.10.249.0/24 le 30 ip prefix-list LAN-NTT permit 192.135.0.0/20 le 24 ip prefix-list LAN-NTT permit 192.135.0.0/21 le 24 ip prefix-list LAN-NTT permit 192.135.1.0/24 ******************************** .raw file ip prefix-list DENY-2-BGP seq 10 deny 192.6.100.0/24 ip prefix-list DENY-2-BGP seq 20 deny 192.3.0.0/16 le 25 ip prefix-list DENY-2-BGP seq 30 deny 192.196.0.0/16 le 25 ip prefix-list DENY-2-BGP seq 100 permit 192.0.0.0/8 ! ip prefix-list LAN-NTT seq 10 permit 192.147.0.0/22 le 24 ip prefix-list LAN-NTT seq 20 permit 192.147.1.0/24 ip prefix-list LAN-NTT seq 30 permit 192.147.4.0/22 le 24 ip prefix-list LAN-NTT seq 40 permit 192.135.1.0/24 ip prefix-list LAN-NTT seq 50 permit 192.135.0.0/20 le 24 ip prefix-list LAN-NTT seq 60 permit 192.147.249.0/24 le 30 ip prefix-list LAN-NTT seq 70 permit 192.135.249.0/24 le 30 ip prefix-list LAN-NTT seq 80 permit 192.135.16.0/20 le 24 ip prefix-list LAN-NTT seq 90 permit 192.135.32.0/20 le 24 The .raw file is u to date, no idea how the .new file was created I'm using newest rancid version and cisco 3825 thanks From: lavermil at gheek.net [mailto:lavermil at gheek.net] On Behalf Of Lance Vermilion Sent: Tuesday, March 29, 2011 5:12 PM To: Jevos, Peter Subject: Re: [rancid] Rancid doesn't update some files What do you mean is not correct. what are you seeing as the difference? A thought on how to use the proper command on the proper IOS devices types. I.E ASAs have a slightly different command than routers for somethings. If a device that is running rancid also has SNMP access to the routers/switches/etc you could certainly do a snmpget for the sysoid and then have rancid use the proper list of commands. To me this is the most straight forward to make sure you aren't running commands that aren't needed/supported on devices. On Tue, Mar 29, 2011 at 8:00 AM, Jevos, Peter > wrote: Hi i'm using rancdid for a months however some routers were suddenly stoped to updating I'm using the comnnand 'show configuration' to download the config when i run ./clogin command with the show config commnand, it displays cuurent config However when i run rancid-run, it stores not a current config and shows no changes Part of the rancid file is: # {'show vlan' => 'ShowVLAN'}, # {'show vlan-switch' => 'ShowVLAN'}, # {'show debug' => 'ShowDebug'}, {'more system:running-config' => 'WriteTerm'}, # ASA/PIX {'show configuration' => 'WriteTerm'}, {'write term' => 'WriteTerm'}, Where can be a problem? In rancid or CVS ? thanks pet I've found out, that when I debug it with ./rancid command, it creates .new and .raw file .raw file is correct, but the .new file is not What does it mean? thanks _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From 2010 at tybox.net Tue Mar 29 16:36:29 2011 From: 2010 at tybox.net (Josh Rogers) Date: Tue, 29 Mar 2011 11:36:29 -0500 Subject: [rancid] run_commands not liking eof/end of session Message-ID: I was having trouble with rancid reporting 'hung' and lockfiles remaining, so I installed the patched/hack expect/tcl in hopes of resolving it.? Ever since, I'm seeing the following error below. Seems like eof isn't being handled properly when disconnecting, and it errors out?? Any ideas what is leading to this? $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show chassis firmware;show chassis fpc detail;show chassis hardware detail;show chassis routing-engine;show chassis scb;show chassis sfm detail;show chassis ssb;show chassis feb detail;show chassis feb;show chassis cfeb;show chassis alarms;show system license;show system boot-messages;show system core-dumps;show version detail;show interfaces description;show configuration;show configuration | display set" rtr2 spawn ssh -c 3des -x -l robot rtr2 {master} robot at re0.rtr2> quit Connection to rtr2 closed. bad spawn_id (process died earlier?) ??? while executing "expect -nobrace { } { exp_continue } timeout { catch {close}; catch {wait}; ??? ??? ??? ??? ??? ??? ? return 0 ??? ??? ??? ??? ??? ??? } eof { return 0 }" ??? invoked from within "expect { ??? "\n"??? ??? ??? ??? ??? { exp_continue } ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; ??? ??? ??? ??? ??? ??? ? return 0 ??? ??? ??? ??? ??? ??? } ??? eof??? ??? ??? ??? ??? { return 0 } ??? }" ??? (procedure "run_commands" line 21) ??? invoked from within "run_commands $prompt $command" ??? ("foreach" body line 68) ??? invoked from within "foreach router [lrange $argv $i end] { ??? set router [string tolower $router] ??? send_user "$router\n" ??? set prompt ">" ??? # Figure out usernam..." ??? (file "/usr/local/bin/jlogin" line 461) $ expect -v expect version 5.43.0 $ which tclsh $ ls -l /usr/bin/tclsh lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh $ ls -l /etc/alternatives/tclsh lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> /usr/local/bin/tclsh8.4 Section of jlogin that is failing: # Run commands given on the command line. proc run_commands { prompt command } { ??? global in_proc ??? set in_proc 1 ??? send "set cli complete-on-space off\r" ??? expect -re $prompt? {} ??? send "set cli screen-length 0\r" ??? expect -re $prompt? {} ??? set commands [split $command \;] ??? set num_commands [llength $commands] ??? for {set i 0} {$i < $num_commands} { incr i} { ??????? send "[lindex $commands $i]\r" ??????? expect { ??????????? -re "^\[^\n\r *]*$prompt $" {} ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } ??????? } ??? } ??? send "quit\r" ??? expect { ??????? "\n"??????????????????????????????????? { exp_continue } ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; ????????????????????????????????????????????????? return 0 ??????????????????????????????????????????????? } ??????? eof???????????????????????????????????? { return 0 } ??? } ??? set in_proc 0 } Thanks much, Josh From 2010 at tybox.net Tue Mar 29 19:28:14 2011 From: 2010 at tybox.net (Josh Rogers) Date: Tue, 29 Mar 2011 14:28:14 -0500 Subject: [rancid] run_commands not liking eof/end of session In-Reply-To: References: Message-ID: Forgot to mention jrancid version: ## $Id: jlogin.in,v 1.69 2009/04/16 21:22:57 heas Exp $ Appreciate the help/direction, Josh On Tue, Mar 29, 2011 at 11:36 AM, Josh Rogers <2010 at tybox.net> wrote: > I was having trouble with rancid reporting 'hung' and lockfiles > remaining, so I installed the patched/hack expect/tcl in hopes of > resolving it.? Ever since, I'm seeing the following error below. > > Seems like eof isn't being handled properly when disconnecting, and it > errors out?? Any ideas what is leading to this? > > > $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show > chassis firmware;show chassis fpc detail;show chassis hardware > detail;show chassis routing-engine;show chassis scb;show chassis sfm > detail;show chassis ssb;show chassis feb detail;show chassis feb;show > chassis cfeb;show chassis alarms;show system license;show system > boot-messages;show system core-dumps;show version detail;show > interfaces description;show configuration;show configuration | display > set" rtr2 > spawn ssh -c 3des -x -l robot rtr2 > > > {master} > robot at re0.rtr2> quit > > Connection to rtr2 closed. > bad spawn_id (process died earlier?) > ??? while executing > "expect -nobrace { > } { exp_continue } timeout { catch {close}; catch {wait}; > ??? ??? ??? ??? ??? ??? ? return 0 > ??? ??? ??? ??? ??? ??? } eof { return 0 }" > ??? invoked from within > "expect { > ??? "\n"??? ??? ??? ??? ??? { exp_continue } > ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; > ??? ??? ??? ??? ??? ??? ? return 0 > ??? ??? ??? ??? ??? ??? } > ??? eof??? ??? ??? ??? ??? { return 0 } > ??? }" > ??? (procedure "run_commands" line 21) > ??? invoked from within > "run_commands $prompt $command" > ??? ("foreach" body line 68) > ??? invoked from within > "foreach router [lrange $argv $i end] { > ??? set router [string tolower $router] > ??? send_user "$router\n" > > ??? set prompt ">" > > ??? # Figure out usernam..." > ??? (file "/usr/local/bin/jlogin" line 461) > > > > $ expect -v > expect version 5.43.0 > $ which tclsh > $ ls -l /usr/bin/tclsh > lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh > $ ls -l /etc/alternatives/tclsh > lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> > /usr/local/bin/tclsh8.4 > > > Section of jlogin that is failing: > > # Run commands given on the command line. > proc run_commands { prompt command } { > ??? global in_proc > ??? set in_proc 1 > > ??? send "set cli complete-on-space off\r" > ??? expect -re $prompt? {} > ??? send "set cli screen-length 0\r" > ??? expect -re $prompt? {} > > ??? set commands [split $command \;] > ??? set num_commands [llength $commands] > ??? for {set i 0} {$i < $num_commands} { incr i} { > ??????? send "[lindex $commands $i]\r" > ??????? expect { > ??????????? -re "^\[^\n\r *]*$prompt $" {} > ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } > ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } > ??????? } > ??? } > ??? send "quit\r" > ??? expect { > ??????? "\n"??????????????????????????????????? { exp_continue } > ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; > ????????????????????????????????????????????????? return 0 > ??????????????????????????????????????????????? } > ??????? eof???????????????????????????????????? { return 0 } > ??? } > ??? set in_proc 0 > } > > > Thanks much, > Josh > From heas at shrubbery.net Tue Mar 29 22:59:29 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 29 Mar 2011 22:59:29 +0000 Subject: [rancid] run_commands not liking eof/end of session In-Reply-To: References: Message-ID: <20110329225929.GA4907@shrubbery.net> Tue, Mar 29, 2011 at 02:28:14PM -0500, Josh Rogers: > Forgot to mention jrancid version: > > ## $Id: jlogin.in,v 1.69 2009/04/16 21:22:57 heas Exp $ i dont see anything the commit history that should have affected this. unless you've modified it in some manner... > Appreciate the help/direction, > Josh > > On Tue, Mar 29, 2011 at 11:36 AM, Josh Rogers <2010 at tybox.net> wrote: > > I was having trouble with rancid reporting 'hung' and lockfiles > > remaining, so I installed the patched/hack expect/tcl in hopes of > > resolving it. good. > > Ever since, I'm seeing the following error below. > > > > Seems like eof isn't being handled properly when disconnecting, and it > > errors out?? Any ideas what is leading to this? what version of expect? on what O/S? the expect_after or the expect after the quite should deal with the process exiting; it should receive EOF. i'd suspect a change in expect, perhaps. > > > > $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show > > chassis firmware;show chassis fpc detail;show chassis hardware > > detail;show chassis routing-engine;show chassis scb;show chassis sfm > > detail;show chassis ssb;show chassis feb detail;show chassis feb;show > > chassis cfeb;show chassis alarms;show system license;show system > > boot-messages;show system core-dumps;show version detail;show > > interfaces description;show configuration;show configuration | display > > set" rtr2 > > spawn ssh -c 3des -x -l robot rtr2 > > > > > > {master} > > robot at re0.rtr2> quit > > > > Connection to rtr2 closed. > > bad spawn_id (process died earlier?) > > ??? while executing > > "expect -nobrace { > > } { exp_continue } timeout { catch {close}; catch {wait}; > > ??? ??? ??? ??? ??? ??? ? return 0 > > ??? ??? ??? ??? ??? ??? } eof { return 0 }" > > ??? invoked from within > > "expect { > > ??? "\n"??? ??? ??? ??? ??? { exp_continue } > > ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; > > ??? ??? ??? ??? ??? ??? ? return 0 > > ??? ??? ??? ??? ??? ??? } > > ??? eof??? ??? ??? ??? ??? { return 0 } > > ??? }" > > ??? (procedure "run_commands" line 21) > > ??? invoked from within > > "run_commands $prompt $command" > > ??? ("foreach" body line 68) > > ??? invoked from within > > "foreach router [lrange $argv $i end] { > > ??? set router [string tolower $router] > > ??? send_user "$router\n" > > > > ??? set prompt ">" > > > > ??? # Figure out usernam..." > > ??? (file "/usr/local/bin/jlogin" line 461) > > > > > > > > $ expect -v > > expect version 5.43.0 > > $ which tclsh > > $ ls -l /usr/bin/tclsh > > lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh > > $ ls -l /etc/alternatives/tclsh > > lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> > > /usr/local/bin/tclsh8.4 > > > > > > Section of jlogin that is failing: > > > > # Run commands given on the command line. > > proc run_commands { prompt command } { > > ??? global in_proc > > ??? set in_proc 1 > > > > ??? send "set cli complete-on-space off\r" > > ??? expect -re $prompt? {} > > ??? send "set cli screen-length 0\r" > > ??? expect -re $prompt? {} > > > > ??? set commands [split $command \;] > > ??? set num_commands [llength $commands] > > ??? for {set i 0} {$i < $num_commands} { incr i} { > > ??????? send "[lindex $commands $i]\r" > > ??????? expect { > > ??????????? -re "^\[^\n\r *]*$prompt $" {} > > ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } > > ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } > > ??????? } > > ??? } > > ??? send "quit\r" > > ??? expect { > > ??????? "\n"??????????????????????????????????? { exp_continue } > > ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; > > ????????????????????????????????????????????????? return 0 > > ??????????????????????????????????????????????? } > > ??????? eof???????????????????????????????????? { return 0 } > > ??? } > > ??? set in_proc 0 > > } > > > > > > Thanks much, > > Josh > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Mar 29 23:24:48 2011 From: heas at shrubbery.net (john heasley) Date: Tue, 29 Mar 2011 23:24:48 +0000 Subject: [rancid] Juniper VPN SA with rancid In-Reply-To: References: Message-ID: <20110329232448.GD4907@shrubbery.net> Tue, Mar 29, 2011 at 07:12:39AM -0400, Ian Stong: > Hi, > > > > Does anyone have example scripts they used to successfully obtain > configs from a Juniper SA VPN device (such as an SA4500)? isn't that a netscreen? router.db(5) From istong at costar.com Tue Mar 29 23:37:12 2011 From: istong at costar.com (Ian Stong) Date: Tue, 29 Mar 2011 19:37:12 -0400 Subject: [rancid] Juniper VPN SA with rancid In-Reply-To: <20110329232448.GD4907@shrubbery.net> Message-ID: Its not a netscreen firewall but rather a van type appliance. Ian ----- Original Message ----- From: john heasley [mailto:heas at shrubbery.net] Sent: Tuesday, March 29, 2011 07:24 PM To: Ian Stong Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Juniper VPN SA with rancid Tue, Mar 29, 2011 at 07:12:39AM -0400, Ian Stong: > Hi, > > > > Does anyone have example scripts they used to successfully obtain > configs from a Juniper SA VPN device (such as an SA4500)? isn't that a netscreen? router.db(5) From 2010 at tybox.net Wed Mar 30 03:04:02 2011 From: 2010 at tybox.net (Josh Rogers) Date: Tue, 29 Mar 2011 22:04:02 -0500 Subject: [rancid] run_commands not liking eof/end of session In-Reply-To: <20110329225929.GA4907@shrubbery.net> References: <20110329225929.GA4907@shrubbery.net> Message-ID: >> > $ expect -v >> > expect version 5.43.0 Ubuntu 10.04. Originally I had the ubuntu maintainers version of expect/tcl installed, but the above was downloaded and compiled from shrubbery.net. When looking closer, it appears that ssh is being spawned twice? $ jlogin rtr1 "show system users" rtr1 spawn ssh -c 3des -x -l robot rtr1 The authenticity of host 'rtr1 (192.168.240.1)' can't be established. RSA key fingerprint is <>. Are you sure you want to continue connecting (yes/no)? Host rtr1 added to the list of known hosts. yes Warning: Permanently added 'rtr1,192.168.240.1' (RSA) to the list of known hosts. robot at rtr1's password: --- JUNOS 9.2R3.5 built 2009-01-15 04:36:25 UTC {master} robot at rtr1> #Interacting? {master} robot at rtr1> q show system users spawn ssh -c 3des -x -l robot show system users bad spawn_id (process died earlier?) while executing "expect -nobrace -re {(Connection refused|Secure connection [^ ]+ refused|Connection closed by)} { catch {close}; catch {wait}; if !$progs { ..." invoked from within "expect { -re "(Connection refused|Secure connection \[^\n\r]+ refused|Connection closed by)" { catch {close}; catch {wait}; if !$progs { ..." (procedure "login" line 75) invoked from within "login $router $loginname $passwd $cmethod $cyphertype $identfile" ("foreach" body line 62) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" set prompt ">" # Figure out usernam..." (file "/usr/local/bin/jlogin" line 461) I do not believe jlogin is modified, however I have modified jrancid (which isn't even called above), and I didn't have this issue on the previous version of expect (5.44.1.14) and tcl (8.5.8-2) Here is my jlogin for reference: http://pastebin.com/FeqYqYPq Thanks again for helping with this before I have to rollback expect and tcl. -Josh On Tue, Mar 29, 2011 at 5:59 PM, john heasley wrote: > Tue, Mar 29, 2011 at 02:28:14PM -0500, Josh Rogers: >> Forgot to mention jrancid version: >> >> ## $Id: jlogin.in,v 1.69 2009/04/16 21:22:57 heas Exp $ > > i dont see anything the commit history that should have affected this. > unless you've modified it in some manner... > >> Appreciate the help/direction, >> Josh >> >> On Tue, Mar 29, 2011 at 11:36 AM, Josh Rogers <2010 at tybox.net> wrote: >> > I was having trouble with rancid reporting 'hung' and lockfiles >> > remaining, so I installed the patched/hack expect/tcl in hopes of >> > resolving it. > > good. > >> > Ever since, I'm seeing the following error below. >> > >> > Seems like eof isn't being handled properly when disconnecting, and it >> > errors out?? Any ideas what is leading to this? > > what version of expect? ?on what O/S? ?the expect_after or the expect after > the quite should deal with the process exiting; it should receive EOF. ?i'd > suspect a change in expect, perhaps. > >> > >> > $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show >> > chassis firmware;show chassis fpc detail;show chassis hardware >> > detail;show chassis routing-engine;show chassis scb;show chassis sfm >> > detail;show chassis ssb;show chassis feb detail;show chassis feb;show >> > chassis cfeb;show chassis alarms;show system license;show system >> > boot-messages;show system core-dumps;show version detail;show >> > interfaces description;show configuration;show configuration | display >> > set" rtr2 >> > spawn ssh -c 3des -x -l robot rtr2 >> > >> > >> > {master} >> > robot at re0.rtr2> quit >> > >> > Connection to rtr2 closed. >> > bad spawn_id (process died earlier?) >> > ??? while executing >> > "expect -nobrace { >> > } { exp_continue } timeout { catch {close}; catch {wait}; >> > ??? ??? ??? ??? ??? ??? ? return 0 >> > ??? ??? ??? ??? ??? ??? } eof { return 0 }" >> > ??? invoked from within >> > "expect { >> > ??? "\n"??? ??? ??? ??? ??? { exp_continue } >> > ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; >> > ??? ??? ??? ??? ??? ??? ? return 0 >> > ??? ??? ??? ??? ??? ??? } >> > ??? eof??? ??? ??? ??? ??? { return 0 } >> > ??? }" >> > ??? (procedure "run_commands" line 21) >> > ??? invoked from within >> > "run_commands $prompt $command" >> > ??? ("foreach" body line 68) >> > ??? invoked from within >> > "foreach router [lrange $argv $i end] { >> > ??? set router [string tolower $router] >> > ??? send_user "$router\n" >> > >> > ??? set prompt ">" >> > >> > ??? # Figure out usernam..." >> > ??? (file "/usr/local/bin/jlogin" line 461) >> > >> > >> > >> > $ expect -v >> > expect version 5.43.0 >> > $ which tclsh >> > $ ls -l /usr/bin/tclsh >> > lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh >> > $ ls -l /etc/alternatives/tclsh >> > lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> >> > /usr/local/bin/tclsh8.4 >> > >> > >> > Section of jlogin that is failing: >> > >> > # Run commands given on the command line. >> > proc run_commands { prompt command } { >> > ??? global in_proc >> > ??? set in_proc 1 >> > >> > ??? send "set cli complete-on-space off\r" >> > ??? expect -re $prompt? {} >> > ??? send "set cli screen-length 0\r" >> > ??? expect -re $prompt? {} >> > >> > ??? set commands [split $command \;] >> > ??? set num_commands [llength $commands] >> > ??? for {set i 0} {$i < $num_commands} { incr i} { >> > ??????? send "[lindex $commands $i]\r" >> > ??????? expect { >> > ??????????? -re "^\[^\n\r *]*$prompt $" {} >> > ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } >> > ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } >> > ??????? } >> > ??? } >> > ??? send "quit\r" >> > ??? expect { >> > ??????? "\n"??????????????????????????????????? { exp_continue } >> > ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; >> > ????????????????????????????????????????????????? return 0 >> > ??????????????????????????????????????????????? } >> > ??????? eof???????????????????????????????????? { return 0 } >> > ??? } >> > ??? set in_proc 0 >> > } >> > >> > >> > Thanks much, >> > Josh >> > >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > From 2010 at tybox.net Wed Mar 30 04:21:22 2011 From: 2010 at tybox.net (Josh Rogers) Date: Tue, 29 Mar 2011 23:21:22 -0500 Subject: [rancid] run_commands not liking eof/end of session In-Reply-To: References: <20110329225929.GA4907@shrubbery.net> Message-ID: Once again, with the -c switch (nevermind the comment about spawning ssh twice) $ jlogin -c "show system users" rtr1 rtr1 spawn ssh -c 3des -x -l robot rtr1 robot at rtr1's password: --- JUNOS 9.2R3.5 built 2009-01-15 04:36:25 UTC {master} robot at rtr1> {master} robot at rtr1> set cli complete-on-space off Disabling complete-on-space {master} robot at rtr1> set cli screen-length 0 Screen length set to 0 {master} robot at rtr1> show system users 11:18PM up 750 days, 7:02, 2 users, load averages: 0.72, 0.68, 0.68 USER TTY FROM LOGIN@ IDLE WHAT robot p1 web01 11:18PM - -cli (cli) {master} robot at rtr1> bad spawn_id (process died earlier?) while executing "expect -nobrace { } { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 }" invoked from within "expect { "\n" { exp_continue } timeout { catch {close}; catch {wait}; return 0 } eof { return 0 } }" (procedure "run_commands" line 21) invoked from within "run_commands $prompt $command" ("foreach" body line 68) invoked from within "foreach router [lrange $argv $i end] { set router [string tolower $router] send_user "$router\n" set prompt ">" # Figure out usernam..." (file "/usr/local/bin/jlogin" line 461) On Tue, Mar 29, 2011 at 10:04 PM, Josh Rogers <2010 at tybox.net> wrote: >>> > $ expect -v >>> > expect version 5.43.0 > > Ubuntu 10.04. ?Originally I had the ubuntu maintainers version of > expect/tcl installed, but the above was downloaded and compiled from > shrubbery.net. ?When looking closer, it appears that ssh is being > spawned twice? > > > > $ jlogin rtr1 "show system users" > rtr1 > spawn ssh -c 3des -x -l robot rtr1 > The authenticity of host 'rtr1 (192.168.240.1)' can't be established. > RSA key fingerprint is <>. > Are you sure you want to continue connecting (yes/no)? > Host rtr1 added to the list of known hosts. > yes > Warning: Permanently added 'rtr1,192.168.240.1' (RSA) to the list of > known hosts. > > robot at rtr1's password: > --- JUNOS 9.2R3.5 built 2009-01-15 04:36:25 UTC > {master} > robot at rtr1> #Interacting? > > {master} > robot at rtr1> q > show system users > spawn ssh -c 3des -x -l robot show system users > bad spawn_id (process died earlier?) > ? ?while executing > "expect -nobrace -re {(Connection refused|Secure connection [^ > ]+ refused|Connection closed by)} { > ? ? ? ? ? ? ? ?catch {close}; catch {wait}; > ? ? ? ? ? ? ? ?if !$progs { > ? ? ? ? ? ? ? ? ? ..." > ? ?invoked from within > "expect { > ? ? ? ? ? ?-re "(Connection refused|Secure connection \[^\n\r]+ > refused|Connection closed by)" { > ? ? ? ? ? ? ? ?catch {close}; catch {wait}; > ? ? ? ? ? ? ? ?if !$progs { > ? ? ? ? ? ? ? ? ?..." > ? ?(procedure "login" line 75) > ? ?invoked from within > "login $router $loginname $passwd $cmethod $cyphertype $identfile" > ? ?("foreach" body line 62) > ? ?invoked from within > "foreach router [lrange $argv $i end] { > ? ?set router [string tolower $router] > ? ?send_user "$router\n" > > ? ?set prompt ">" > > ? ?# Figure out usernam..." > ? ?(file "/usr/local/bin/jlogin" line 461) > > I do not believe jlogin is modified, however I have modified jrancid > (which isn't even called above), and I didn't have this issue on the > previous version of expect (5.44.1.14) and tcl (8.5.8-2) > > Here is my jlogin for reference: http://pastebin.com/FeqYqYPq > > Thanks again for helping with this before I have to rollback expect and tcl. > > -Josh > > > On Tue, Mar 29, 2011 at 5:59 PM, john heasley wrote: >> Tue, Mar 29, 2011 at 02:28:14PM -0500, Josh Rogers: >>> Forgot to mention jrancid version: >>> >>> ## $Id: jlogin.in,v 1.69 2009/04/16 21:22:57 heas Exp $ >> >> i dont see anything the commit history that should have affected this. >> unless you've modified it in some manner... >> >>> Appreciate the help/direction, >>> Josh >>> >>> On Tue, Mar 29, 2011 at 11:36 AM, Josh Rogers <2010 at tybox.net> wrote: >>> > I was having trouble with rancid reporting 'hung' and lockfiles >>> > remaining, so I installed the patched/hack expect/tcl in hopes of >>> > resolving it. >> >> good. >> >>> > Ever since, I'm seeing the following error below. >>> > >>> > Seems like eof isn't being handled properly when disconnecting, and it >>> > errors out?? Any ideas what is leading to this? >> >> what version of expect? ?on what O/S? ?the expect_after or the expect after >> the quite should deal with the process exiting; it should receive EOF. ?i'd >> suspect a change in expect, perhaps. >> >>> > >>> > $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show >>> > chassis firmware;show chassis fpc detail;show chassis hardware >>> > detail;show chassis routing-engine;show chassis scb;show chassis sfm >>> > detail;show chassis ssb;show chassis feb detail;show chassis feb;show >>> > chassis cfeb;show chassis alarms;show system license;show system >>> > boot-messages;show system core-dumps;show version detail;show >>> > interfaces description;show configuration;show configuration | display >>> > set" rtr2 >>> > spawn ssh -c 3des -x -l robot rtr2 >>> > >>> > >>> > {master} >>> > robot at re0.rtr2> quit >>> > >>> > Connection to rtr2 closed. >>> > bad spawn_id (process died earlier?) >>> > ??? while executing >>> > "expect -nobrace { >>> > } { exp_continue } timeout { catch {close}; catch {wait}; >>> > ??? ??? ??? ??? ??? ??? ? return 0 >>> > ??? ??? ??? ??? ??? ??? } eof { return 0 }" >>> > ??? invoked from within >>> > "expect { >>> > ??? "\n"??? ??? ??? ??? ??? { exp_continue } >>> > ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; >>> > ??? ??? ??? ??? ??? ??? ? return 0 >>> > ??? ??? ??? ??? ??? ??? } >>> > ??? eof??? ??? ??? ??? ??? { return 0 } >>> > ??? }" >>> > ??? (procedure "run_commands" line 21) >>> > ??? invoked from within >>> > "run_commands $prompt $command" >>> > ??? ("foreach" body line 68) >>> > ??? invoked from within >>> > "foreach router [lrange $argv $i end] { >>> > ??? set router [string tolower $router] >>> > ??? send_user "$router\n" >>> > >>> > ??? set prompt ">" >>> > >>> > ??? # Figure out usernam..." >>> > ??? (file "/usr/local/bin/jlogin" line 461) >>> > >>> > >>> > >>> > $ expect -v >>> > expect version 5.43.0 >>> > $ which tclsh >>> > $ ls -l /usr/bin/tclsh >>> > lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh >>> > $ ls -l /etc/alternatives/tclsh >>> > lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> >>> > /usr/local/bin/tclsh8.4 >>> > >>> > >>> > Section of jlogin that is failing: >>> > >>> > # Run commands given on the command line. >>> > proc run_commands { prompt command } { >>> > ??? global in_proc >>> > ??? set in_proc 1 >>> > >>> > ??? send "set cli complete-on-space off\r" >>> > ??? expect -re $prompt? {} >>> > ??? send "set cli screen-length 0\r" >>> > ??? expect -re $prompt? {} >>> > >>> > ??? set commands [split $command \;] >>> > ??? set num_commands [llength $commands] >>> > ??? for {set i 0} {$i < $num_commands} { incr i} { >>> > ??????? send "[lindex $commands $i]\r" >>> > ??????? expect { >>> > ??????????? -re "^\[^\n\r *]*$prompt $" {} >>> > ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } >>> > ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } >>> > ??????? } >>> > ??? } >>> > ??? send "quit\r" >>> > ??? expect { >>> > ??????? "\n"??????????????????????????????????? { exp_continue } >>> > ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; >>> > ????????????????????????????????????????????????? return 0 >>> > ??????????????????????????????????????????????? } >>> > ??????? eof???????????????????????????????????? { return 0 } >>> > ??? } >>> > ??? set in_proc 0 >>> > } >>> > >>> > >>> > Thanks much, >>> > Josh >>> > >>> _______________________________________________ >>> Rancid-discuss mailing list >>> Rancid-discuss at shrubbery.net >>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > From 2010 at tybox.net Wed Mar 30 04:53:19 2011 From: 2010 at tybox.net (Josh Rogers) Date: Tue, 29 Mar 2011 23:53:19 -0500 Subject: [rancid] run_commands not liking eof/end of session In-Reply-To: References: <20110329225929.GA4907@shrubbery.net> Message-ID: I was questioning whether I had made any modifications to jlogin (I typically make a copy of the original and link to a new version if I do, which I had not), so I replaced my 1.69 jlogin with a 1.62 jlogin I found in a debian repository. Same results as before. If this is a result of any modifications I've made, it would be to a file besides jlogin. I left the original expect/tcl installed, and just updated symlinks to the new ones: $ ls -la /usr/bin/@(tclsh|expect) lrwxrwxrwx 1 root root 24 Mar 29 11:12 /usr/bin/expect -> /etc/alternatives/expect lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh $ ls -la /etc/alternatives/@(tclsh|expect) lrwxrwxrwx 1 root root 21 Mar 29 23:49 /etc/alternatives/expect -> /usr/local/bin/expect lrwxrwxrwx 1 root root 23 Mar 29 23:49 /etc/alternatives/tclsh -> /usr/local/bin/tclsh8.4 I would expect this to work just fine. Thanks again, for the extra set(s) of eyes. On Tue, Mar 29, 2011 at 11:21 PM, Josh Rogers <2010 at tybox.net> wrote: > Once again, with the -c switch (nevermind the comment about spawning ssh twice) > > > $ jlogin -c "show system users" rtr1 > rtr1 > spawn ssh -c 3des -x -l robot rtr1 > > robot at rtr1's password: > --- JUNOS 9.2R3.5 built 2009-01-15 04:36:25 UTC > {master} > robot at rtr1> > > {master} > robot at rtr1> set cli complete-on-space off > Disabling complete-on-space > > {master} > robot at rtr1> set cli screen-length 0 > Screen length set to 0 > > {master} > robot at rtr1> show system users > 11:18PM ?up 750 days, ?7:02, 2 users, load averages: 0.72, 0.68, 0.68 > USER ? ? TTY ? ? ?FROM ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?LOGIN@ ?IDLE WHAT > robot p1 ? ? ?web01 ? ? 11:18PM ? ? - -cli (cli) > > {master} > robot at rtr1> bad spawn_id (process died earlier?) > ? ?while executing > "expect -nobrace { > } { exp_continue } timeout { catch {close}; catch {wait}; > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0 > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?} eof { return 0 }" > ? ?invoked from within > "expect { > ? ? ? ?"\n" ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?{ exp_continue } > ? ? ? ?timeout ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? { catch {close}; catch {wait}; > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?return 0 > ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?} > ? ? ? ?eof ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? { return 0 } > ? ?}" > ? ?(procedure "run_commands" line 21) > ? ?invoked from within > "run_commands $prompt $command" > ? ?("foreach" body line 68) > ? ?invoked from within > "foreach router [lrange $argv $i end] { > ? ?set router [string tolower $router] > ? ?send_user "$router\n" > > ? ?set prompt ">" > > ? ?# Figure out usernam..." > ? ?(file "/usr/local/bin/jlogin" line 461) > > > > > On Tue, Mar 29, 2011 at 10:04 PM, Josh Rogers <2010 at tybox.net> wrote: >>>> > $ expect -v >>>> > expect version 5.43.0 >> >> Ubuntu 10.04. ?Originally I had the ubuntu maintainers version of >> expect/tcl installed, but the above was downloaded and compiled from >> shrubbery.net. ?When looking closer, it appears that ssh is being >> spawned twice? >> >> >> >> $ jlogin rtr1 "show system users" >> rtr1 >> spawn ssh -c 3des -x -l robot rtr1 >> The authenticity of host 'rtr1 (192.168.240.1)' can't be established. >> RSA key fingerprint is <>. >> Are you sure you want to continue connecting (yes/no)? >> Host rtr1 added to the list of known hosts. >> yes >> Warning: Permanently added 'rtr1,192.168.240.1' (RSA) to the list of >> known hosts. >> >> robot at rtr1's password: >> --- JUNOS 9.2R3.5 built 2009-01-15 04:36:25 UTC >> {master} >> robot at rtr1> #Interacting? >> >> {master} >> robot at rtr1> q >> show system users >> spawn ssh -c 3des -x -l robot show system users >> bad spawn_id (process died earlier?) >> ? ?while executing >> "expect -nobrace -re {(Connection refused|Secure connection [^ >> ]+ refused|Connection closed by)} { >> ? ? ? ? ? ? ? ?catch {close}; catch {wait}; >> ? ? ? ? ? ? ? ?if !$progs { >> ? ? ? ? ? ? ? ? ? ..." >> ? ?invoked from within >> "expect { >> ? ? ? ? ? ?-re "(Connection refused|Secure connection \[^\n\r]+ >> refused|Connection closed by)" { >> ? ? ? ? ? ? ? ?catch {close}; catch {wait}; >> ? ? ? ? ? ? ? ?if !$progs { >> ? ? ? ? ? ? ? ? ?..." >> ? ?(procedure "login" line 75) >> ? ?invoked from within >> "login $router $loginname $passwd $cmethod $cyphertype $identfile" >> ? ?("foreach" body line 62) >> ? ?invoked from within >> "foreach router [lrange $argv $i end] { >> ? ?set router [string tolower $router] >> ? ?send_user "$router\n" >> >> ? ?set prompt ">" >> >> ? ?# Figure out usernam..." >> ? ?(file "/usr/local/bin/jlogin" line 461) >> >> I do not believe jlogin is modified, however I have modified jrancid >> (which isn't even called above), and I didn't have this issue on the >> previous version of expect (5.44.1.14) and tcl (8.5.8-2) >> >> Here is my jlogin for reference: http://pastebin.com/FeqYqYPq >> >> Thanks again for helping with this before I have to rollback expect and tcl. >> >> -Josh >> >> >> On Tue, Mar 29, 2011 at 5:59 PM, john heasley wrote: >>> Tue, Mar 29, 2011 at 02:28:14PM -0500, Josh Rogers: >>>> Forgot to mention jrancid version: >>>> >>>> ## $Id: jlogin.in,v 1.69 2009/04/16 21:22:57 heas Exp $ >>> >>> i dont see anything the commit history that should have affected this. >>> unless you've modified it in some manner... >>> >>>> Appreciate the help/direction, >>>> Josh >>>> >>>> On Tue, Mar 29, 2011 at 11:36 AM, Josh Rogers <2010 at tybox.net> wrote: >>>> > I was having trouble with rancid reporting 'hung' and lockfiles >>>> > remaining, so I installed the patched/hack expect/tcl in hopes of >>>> > resolving it. >>> >>> good. >>> >>>> > Ever since, I'm seeing the following error below. >>>> > >>>> > Seems like eof isn't being handled properly when disconnecting, and it >>>> > errors out?? Any ideas what is leading to this? >>> >>> what version of expect? ?on what O/S? ?the expect_after or the expect after >>> the quite should deal with the process exiting; it should receive EOF. ?i'd >>> suspect a change in expect, perhaps. >>> >>>> > >>>> > $ jlogin -t 120 -c"show chassis clocks;show chassis environment;show >>>> > chassis firmware;show chassis fpc detail;show chassis hardware >>>> > detail;show chassis routing-engine;show chassis scb;show chassis sfm >>>> > detail;show chassis ssb;show chassis feb detail;show chassis feb;show >>>> > chassis cfeb;show chassis alarms;show system license;show system >>>> > boot-messages;show system core-dumps;show version detail;show >>>> > interfaces description;show configuration;show configuration | display >>>> > set" rtr2 >>>> > spawn ssh -c 3des -x -l robot rtr2 >>>> > >>>> > >>>> > {master} >>>> > robot at re0.rtr2> quit >>>> > >>>> > Connection to rtr2 closed. >>>> > bad spawn_id (process died earlier?) >>>> > ??? while executing >>>> > "expect -nobrace { >>>> > } { exp_continue } timeout { catch {close}; catch {wait}; >>>> > ??? ??? ??? ??? ??? ??? ? return 0 >>>> > ??? ??? ??? ??? ??? ??? } eof { return 0 }" >>>> > ??? invoked from within >>>> > "expect { >>>> > ??? "\n"??? ??? ??? ??? ??? { exp_continue } >>>> > ??? timeout??? ??? ??? ??? ??? { catch {close}; catch {wait}; >>>> > ??? ??? ??? ??? ??? ??? ? return 0 >>>> > ??? ??? ??? ??? ??? ??? } >>>> > ??? eof??? ??? ??? ??? ??? { return 0 } >>>> > ??? }" >>>> > ??? (procedure "run_commands" line 21) >>>> > ??? invoked from within >>>> > "run_commands $prompt $command" >>>> > ??? ("foreach" body line 68) >>>> > ??? invoked from within >>>> > "foreach router [lrange $argv $i end] { >>>> > ??? set router [string tolower $router] >>>> > ??? send_user "$router\n" >>>> > >>>> > ??? set prompt ">" >>>> > >>>> > ??? # Figure out usernam..." >>>> > ??? (file "/usr/local/bin/jlogin" line 461) >>>> > >>>> > >>>> > >>>> > $ expect -v >>>> > expect version 5.43.0 >>>> > $ which tclsh >>>> > $ ls -l /usr/bin/tclsh >>>> > lrwxrwxrwx 1 root root 23 Nov 29 16:04 /usr/bin/tclsh -> /etc/alternatives/tclsh >>>> > $ ls -l /etc/alternatives/tclsh >>>> > lrwxrwxrwx 1 root root 23 Mar 29 11:05 /etc/alternatives/tclsh -> >>>> > /usr/local/bin/tclsh8.4 >>>> > >>>> > >>>> > Section of jlogin that is failing: >>>> > >>>> > # Run commands given on the command line. >>>> > proc run_commands { prompt command } { >>>> > ??? global in_proc >>>> > ??? set in_proc 1 >>>> > >>>> > ??? send "set cli complete-on-space off\r" >>>> > ??? expect -re $prompt? {} >>>> > ??? send "set cli screen-length 0\r" >>>> > ??? expect -re $prompt? {} >>>> > >>>> > ??? set commands [split $command \;] >>>> > ??? set num_commands [llength $commands] >>>> > ??? for {set i 0} {$i < $num_commands} { incr i} { >>>> > ??????? send "[lindex $commands $i]\r" >>>> > ??????? expect { >>>> > ??????????? -re "^\[^\n\r *]*$prompt $" {} >>>> > ??????????? -re "^\[^\n\r]*$prompt."??? { exp_continue } >>>> > ??????????? -re "(\r\n|\n)"???????????????????? { exp_continue } >>>> > ??????? } >>>> > ??? } >>>> > ??? send "quit\r" >>>> > ??? expect { >>>> > ??????? "\n"??????????????????????????????????? { exp_continue } >>>> > ??????? timeout???????????????????????????????? { catch {close}; catch {wait}; >>>> > ????????????????????????????????????????????????? return 0 >>>> > ??????????????????????????????????????????????? } >>>> > ??????? eof???????????????????????????????????? { return 0 } >>>> > ??? } >>>> > ??? set in_proc 0 >>>> > } >>>> > >>>> > >>>> > Thanks much, >>>> > Josh >>>> > >>>> _______________________________________________ >>>> Rancid-discuss mailing list >>>> Rancid-discuss at shrubbery.net >>>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >>> >> >