From daniel.schmidt at wyo.gov Wed Aug 1 19:33:38 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Wed, 1 Aug 2012 13:33:38 -0600 Subject: [rancid] 6500 Doubts In-Reply-To: References: Message-ID: <3c42b461caac4abf9ca66fe586161960@mail.gmail.com> Try the commands manually as the rancid user. Maybe one of them is hanging. *From:* rancid-discuss-bounces at shrubbery.net [mailto: rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Danilo Gouveia *Sent:* Tuesday, July 31, 2012 12:05 PM *To:* rancid-discuss at shrubbery.net *Subject:* [rancid] 6500 Doubts Hello, I have RANCID installed and running on a mix of Cisco IOS, CatOS (6500 and 5500) and Foundry switches. The backup of these devices is running to all expect one which is a Cisco CatOS 6500. The config into the routed.db is hostname:cat5:up and I can ping the switch with the hostname. I can also use clogin hostname and I'll be prompted to the (enable) console, however when I do rancid-run into the log files I have this message: Trying to get all of the configs. hostname: missed cmd(s): write term all,show port ifindex,show module,dir sup-microcode:,dir sup-bootflash:,dir bootflash:,dir slot0:,show version,show flash,show running-config,write term,show boot,dir slot1:,show inventory raw I do have other 6500 in the network which rancid works perfectly only this one is not working. Any ideas ? Thanks in advance, -- Danilo Marques de Gouveia E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxb368 at motorola.com Wed Aug 1 19:44:06 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Wed, 1 Aug 2012 16:44:06 -0300 Subject: [rancid] 6500 Doubts In-Reply-To: <3c42b461caac4abf9ca66fe586161960@mail.gmail.com> References: <3c42b461caac4abf9ca66fe586161960@mail.gmail.com> Message-ID: The unique command I had problem was show inventory raw, the other were ok, however in both switches (the one it works and the one it doesn't) the show inventory raw fails, if I try only show inventory that is ok. Any other ideas? On Wed, Aug 1, 2012 at 4:33 PM, Daniel Schmidt wrote: > Try the commands manually as the rancid user. Maybe one of them is > hanging. > > > > *From:* rancid-discuss-bounces at shrubbery.net [mailto: > rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Danilo Gouveia > *Sent:* Tuesday, July 31, 2012 12:05 PM > *To:* rancid-discuss at shrubbery.net > *Subject:* [rancid] 6500 Doubts > > > > Hello, > > > > I have RANCID installed and running on a mix of Cisco IOS, CatOS (6500 and > 5500) and Foundry switches. The backup of these devices is running to all > expect one which is a Cisco CatOS 6500. The config into the routed.db is > hostname:cat5:up and I can ping the switch with the hostname. I can also > use clogin hostname and I'll be prompted to the (enable) console, however > when I do rancid-run into the log files I have this message: > > > > Trying to get all of the configs. > > hostname: missed cmd(s): write term all,show port ifindex,show module,dir > sup-microcode:,dir sup-bootflash:,dir bootflash:,dir slot0:,show > version,show flash,show running-config,write term,show boot,dir slot1:,show > inventory raw > > > > I do have other 6500 in the network which rancid works perfectly only this > one is not working. > > > > Any ideas ? > > > > Thanks in advance, > > > > -- > Danilo Marques de Gouveia > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. > > > -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From emarkiewicz at cricketcommunications.com Thu Aug 2 15:06:55 2012 From: emarkiewicz at cricketcommunications.com (Edward Markiewicz) Date: Thu, 2 Aug 2012 15:06:55 +0000 Subject: [rancid] Cannot log into Cisco Message-ID: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> Hello, Here is my problem. I have new devices I want to add to RANCID but it looks like my old devices use a "#" at the end of a prompt and the new devices use a ">". The error I get is; ! clogin error: Error: TIMEOUT reached : missed cmd(s): write term,show running-config,more system:running-config : End of run not found ! I've added in the .cloginrc file the following; add user add password {} add method ssh telnet add noenable 1 But it still doesn't work. I thought I saw at one time a patch that addressed this but can't fine it now. Can someone point me in the right direction? -------------- next part -------------- An HTML attachment was scrubbed... URL: From tyler at tolaris.com Thu Aug 2 15:29:01 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Thu, 02 Aug 2012 17:29:01 +0200 Subject: [rancid] Cannot log into Cisco In-Reply-To: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> Message-ID: <501A9CBD.9060906@tolaris.com> Judging from the > prompt, the new devices need to set enable mode first. Remove the "noenable" line or set it to 0. Regards, Tyler On 2012-08-02 17:06, Edward Markiewicz wrote: > Hello, > > > > Here is my problem. I have new devices I want to add to RANCID but it > looks like my old devices use a ?#? at the end of a prompt and the new > devices use a ?>?. The error I get is; > > > > ! > > clogin error: Error: TIMEOUT reached > > : missed cmd(s): write term,show running-config,more > system:running-config > > : End of run not found > > ! > > > > I?ve added in the .cloginrc file the following; > > > > add user > > add password {} > > add method ssh telnet > > add noenable 1 > > > > But it still doesn?t work. I thought I saw at one time a patch that > addressed this but can?t fine it now. Can someone point me in the right > direction? > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "By definition ... alternative medicine ... has either not been proved to work, or has been proved not to work. You know what they call alternative medicine that?s been proved to work? Medicine." -- Tim Minchin From emarkiewicz at cricketcommunications.com Thu Aug 2 15:41:06 2012 From: emarkiewicz at cricketcommunications.com (Edward Markiewicz) Date: Thu, 2 Aug 2012 15:41:06 +0000 Subject: [rancid] Cannot log into Cisco In-Reply-To: References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> Message-ID: <50AE3F2845BE4841B5E2C508AF9750E29CD13A@DENEXMB3.cricketcommunications.com> Danilo, Thank you for your suggestion but it did not work. ~Ed From: Danilo Gouveia [mailto:pxb368 at motorola.com] Sent: Thursday, August 02, 2012 9:23 AM To: Edward Markiewicz Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco I fixed my problem with a similar issue using autoenable instead of noenable: # SW1 add password swt1 XXXX YYYY add method swt1 ssh add autoenable swt1 0 On Thu, Aug 2, 2012 at 12:06 PM, Edward Markiewicz > wrote: Hello, Here is my problem. I have new devices I want to add to RANCID but it looks like my old devices use a "#" at the end of a prompt and the new devices use a ">". The error I get is; ! clogin error: Error: TIMEOUT reached : missed cmd(s): write term,show running-config,more system:running-config : End of run not found ! I've added in the .cloginrc file the following; add user add password {} add method ssh telnet add noenable 1 But it still doesn't work. I thought I saw at one time a patch that addressed this but can't fine it now. Can someone point me in the right direction? _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From emarkiewicz at cricketcommunications.com Thu Aug 2 15:42:52 2012 From: emarkiewicz at cricketcommunications.com (Edward Markiewicz) Date: Thu, 2 Aug 2012 15:42:52 +0000 Subject: [rancid] Cannot log into Cisco In-Reply-To: <501A9CBD.9060906@tolaris.com> References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> <501A9CBD.9060906@tolaris.com> Message-ID: <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> Tyler, I made the changes as you suggested, but unfortunately it did not work. I still get the following errors; ! clogin error: Error: TIMEOUT reached : missed cmd(s): write term,show running-config,more system:running-config : End of run not found ! ~Ed -----Original Message----- From: Tyler J. Wagner [mailto:tyler at tolaris.com] Sent: Thursday, August 02, 2012 9:29 AM To: Edward Markiewicz Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco Judging from the > prompt, the new devices need to set enable mode first. Remove the "noenable" line or set it to 0. Regards, Tyler On 2012-08-02 17:06, Edward Markiewicz wrote: > Hello, > > > > Here is my problem. I have new devices I want to add to RANCID but it > looks like my old devices use a "#" at the end of a prompt and the new > devices use a ">". The error I get is; > > > > ! > > clogin error: Error: TIMEOUT reached > > : missed cmd(s): write term,show running-config,more > system:running-config > > : End of run not found > > ! > > > > I've added in the .cloginrc file the following; > > > > add user > > add password {} > > add method ssh telnet > > add noenable 1 > > > > But it still doesn't work. I thought I saw at one time a patch that > addressed this but can't fine it now. Can someone point me in the > right direction? > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "By definition ... alternative medicine ... has either not been proved to work, or has been proved not to work. You know what they call alternative medicine that's been proved to work? Medicine." -- Tim Minchin From pxb368 at motorola.com Thu Aug 2 15:46:40 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Thu, 2 Aug 2012 12:46:40 -0300 Subject: [rancid] Cannot log into Cisco In-Reply-To: <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> <501A9CBD.9060906@tolaris.com> <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> Message-ID: Can you ping it using the hostname ? On Thu, Aug 2, 2012 at 12:42 PM, Edward Markiewicz < emarkiewicz at cricketcommunications.com> wrote: > Tyler, > I made the changes as you suggested, but unfortunately it did not work. I > still get the following errors; > > ! > clogin error: Error: TIMEOUT reached > : missed cmd(s): write term,show running-config,more > system:running-config > : End of run not found > ! > > ~Ed > > > > -----Original Message----- > From: Tyler J. Wagner [mailto:tyler at tolaris.com] > Sent: Thursday, August 02, 2012 9:29 AM > To: Edward Markiewicz > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] Cannot log into Cisco > > Judging from the > prompt, the new devices need to set enable mode first. > Remove the "noenable" line or set it to 0. > > Regards, > Tyler > > On 2012-08-02 17:06, Edward Markiewicz wrote: > > Hello, > > > > > > > > Here is my problem. I have new devices I want to add to RANCID but it > > looks like my old devices use a "#" at the end of a prompt and the new > > devices use a ">". The error I get is; > > > > > > > > ! > > > > clogin error: Error: TIMEOUT reached > > > > : missed cmd(s): write term,show running-config,more > > system:running-config > > > > : End of run not found > > > > ! > > > > > > > > I've added in the .cloginrc file the following; > > > > > > > > add user > > > > add password {} > > > > add method ssh telnet > > > > add noenable 1 > > > > > > > > But it still doesn't work. I thought I saw at one time a patch that > > addressed this but can't fine it now. Can someone point me in the > > right direction? > > > > > > > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > -- > "By definition ... alternative medicine ... has either not been proved to > work, or has been proved not to work. You know what they call alternative > medicine that's been proved to work? Medicine." > -- Tim Minchin > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Thu Aug 2 16:01:43 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 2 Aug 2012 10:01:43 -0600 Subject: [rancid] Cannot log into Cisco In-Reply-To: <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> <501A9CBD.9060906@tolaris.com> <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> Message-ID: <5a2583bea896bb45de6f8a07c230cbae@mail.gmail.com> Have you tried clogin alone to see if it can login? -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Edward Markiewicz Sent: Thursday, August 02, 2012 9:43 AM To: Tyler J. Wagner Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco Tyler, I made the changes as you suggested, but unfortunately it did not work. I still get the following errors; ! clogin error: Error: TIMEOUT reached : missed cmd(s): write term,show running-config,more system:running-config : End of run not found ! ~Ed -----Original Message----- From: Tyler J. Wagner [mailto:tyler at tolaris.com] Sent: Thursday, August 02, 2012 9:29 AM To: Edward Markiewicz Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco Judging from the > prompt, the new devices need to set enable mode first. Remove the "noenable" line or set it to 0. Regards, Tyler On 2012-08-02 17:06, Edward Markiewicz wrote: > Hello, > > > > Here is my problem. I have new devices I want to add to RANCID but it > looks like my old devices use a "#" at the end of a prompt and the new > devices use a ">". The error I get is; > > > > ! > > clogin error: Error: TIMEOUT reached > > : missed cmd(s): write term,show running-config,more > system:running-config > > : End of run not found > > ! > > > > I've added in the .cloginrc file the following; > > > > add user > > add password {} > > add method ssh telnet > > add noenable 1 > > > > But it still doesn't work. I thought I saw at one time a patch that > addressed this but can't fine it now. Can someone point me in the > right direction? > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "By definition ... alternative medicine ... has either not been proved to work, or has been proved not to work. You know what they call alternative medicine that's been proved to work? Medicine." -- Tim Minchin _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. From emarkiewicz at cricketcommunications.com Thu Aug 2 16:07:04 2012 From: emarkiewicz at cricketcommunications.com (Edward Markiewicz) Date: Thu, 2 Aug 2012 16:07:04 +0000 Subject: [rancid] Cannot log into Cisco In-Reply-To: References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> <501A9CBD.9060906@tolaris.com> <50AE3F2845BE4841B5E2C508AF9750E29CD160@DENEXMB3.cricketcommunications.com> Message-ID: <50AE3F2845BE4841B5E2C508AF9750E29CD1AC@DENEXMB3.cricketcommunications.com> Oh yes. And I can ssh with no issues; >ssh @ Warning: Permanently added ',' (RSA) to the list of known hosts. ******************************************************************* This is a private computer system containing information that is proprietary and confidential to the owner of the system. Only individuals or entities authorized by the owner of the system are allowed to access or use them. Any unauthorized access or use of the system or information is strictly prohibited. All violators will be prosecuted to the fullest extent permitted by law. ******************************************************************* @'s password: > show version Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVENTERPRISEK9-M), Version 12.2(33)SRE3, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Wed 26-Jan-11 03:05 by prod_rel_team ~A bunch more verbiage~ >quit From: Danilo Gouveia [mailto:pxb368 at motorola.com] Sent: Thursday, August 02, 2012 9:47 AM To: Edward Markiewicz Cc: Tyler J. Wagner; rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco Can you ping it using the hostname ? On Thu, Aug 2, 2012 at 12:42 PM, Edward Markiewicz > wrote: Tyler, I made the changes as you suggested, but unfortunately it did not work. I still get the following errors; ! clogin error: Error: TIMEOUT reached : missed cmd(s): write term,show running-config,more system:running-config : End of run not found ! ~Ed -----Original Message----- From: Tyler J. Wagner [mailto:tyler at tolaris.com] Sent: Thursday, August 02, 2012 9:29 AM To: Edward Markiewicz Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Cannot log into Cisco Judging from the > prompt, the new devices need to set enable mode first. Remove the "noenable" line or set it to 0. Regards, Tyler On 2012-08-02 17:06, Edward Markiewicz wrote: > Hello, > > > > Here is my problem. I have new devices I want to add to RANCID but it > looks like my old devices use a "#" at the end of a prompt and the new > devices use a ">". The error I get is; > > > > ! > > clogin error: Error: TIMEOUT reached > > : missed cmd(s): write term,show running-config,more > system:running-config > > : End of run not found > > ! > > > > I've added in the .cloginrc file the following; > > > > add user > > add password {} > > add method ssh telnet > > add noenable 1 > > > > But it still doesn't work. I thought I saw at one time a patch that > addressed this but can't fine it now. Can someone point me in the > right direction? > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "By definition ... alternative medicine ... has either not been proved to work, or has been proved not to work. You know what they call alternative medicine that's been proved to work? Medicine." -- Tim Minchin _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxb368 at motorola.com Thu Aug 2 15:23:23 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Thu, 2 Aug 2012 12:23:23 -0300 Subject: [rancid] Cannot log into Cisco In-Reply-To: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> References: <50AE3F2845BE4841B5E2C508AF9750E29CD0DB@DENEXMB3.cricketcommunications.com> Message-ID: I fixed my problem with a similar issue using autoenable instead of noenable: # SW1 add password swt1 XXXX YYYY add method swt1 ssh add autoenable swt1 0 On Thu, Aug 2, 2012 at 12:06 PM, Edward Markiewicz < emarkiewicz at cricketcommunications.com> wrote: > Hello,**** > > ** ** > > Here is my problem. I have new devices I want to add to RANCID but it > looks like my old devices use a ?#? at the end of a prompt and the new > devices use a ?>?. The error I get is;**** > > ** ** > > !**** > > clogin error: Error: TIMEOUT reached**** > > : missed cmd(s): write term,show running-config,more > system:running-config**** > > : End of run not found**** > > !**** > > ** ** > > I?ve added in the .cloginrc file the following;**** > > ** ** > > add user **** > > add password {}**** > > add method ssh telnet**** > > add noenable 1**** > > ** ** > > But it still doesn?t work. I thought I saw at one time a patch that > addressed this but can?t fine it now. Can someone point me in the right > direction?**** > > ** ** > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxb368 at motorola.com Wed Aug 1 19:45:12 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Wed, 1 Aug 2012 16:45:12 -0300 Subject: [rancid] 6500 Doubts In-Reply-To: References: <3c42b461caac4abf9ca66fe586161960@mail.gmail.com> Message-ID: There isn't any "verbose" or debug mode I can turn it on to find out where I'm receiving this error? On Wed, Aug 1, 2012 at 4:44 PM, Danilo Gouveia wrote: > The unique command I had problem was show inventory raw, the other were > ok, however in both switches (the one it works and the one it doesn't) the > show inventory raw fails, if I try only show inventory that is ok. > > Any other ideas? > > > On Wed, Aug 1, 2012 at 4:33 PM, Daniel Schmidt wrote: > >> Try the commands manually as the rancid user. Maybe one of them is >> hanging. >> >> >> >> *From:* rancid-discuss-bounces at shrubbery.net [mailto: >> rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Danilo Gouveia >> *Sent:* Tuesday, July 31, 2012 12:05 PM >> *To:* rancid-discuss at shrubbery.net >> *Subject:* [rancid] 6500 Doubts >> >> >> >> Hello, >> >> >> >> I have RANCID installed and running on a mix of Cisco IOS, CatOS (6500 >> and 5500) and Foundry switches. The backup of these devices is running to >> all expect one which is a Cisco CatOS 6500. The config into the routed.db >> is hostname:cat5:up and I can ping the switch with the hostname. I can also >> use clogin hostname and I'll be prompted to the (enable) console, however >> when I do rancid-run into the log files I have this message: >> >> >> >> Trying to get all of the configs. >> >> hostname: missed cmd(s): write term all,show port ifindex,show module,dir >> sup-microcode:,dir sup-bootflash:,dir bootflash:,dir slot0:,show >> version,show flash,show running-config,write term,show boot,dir slot1:,show >> inventory raw >> >> >> >> I do have other 6500 in the network which rancid works perfectly only >> this one is not working. >> >> >> >> Any ideas ? >> >> >> >> Thanks in advance, >> >> >> >> -- >> Danilo Marques de Gouveia >> >> E-Mail to and from me, in connection with the transaction >> of public business, is subject to the Wyoming Public Records >> Act and may be disclosed to third parties. >> >> >> > > > -- > Atenciosamente / Best Regards, > > Danilo Marques de Gouveia > IT - Network Administrator > (19) 3847 8424 > -- Atenciosamente / Best Regards, Danilo Marques de Gouveia IT - Network Administrator (19) 3847 8424 -------------- next part -------------- An HTML attachment was scrubbed... URL: From thenetworkfun at gmail.com Fri Aug 3 07:37:03 2012 From: thenetworkfun at gmail.com (TNF) Date: Fri, 03 Aug 2012 13:07:03 +0530 Subject: [rancid] Tab completion and up arrow keys not working clogin Message-ID: <501B7F9F.30209@gmail.com> hi all , i need help just installed rancid and am using clogin to telnet to a cisco switch works good except i cannot use tab completion or up arrow keys i have tried setting the TERM variable to vt100 and ansi although i must clarify i am getting to machine over ssh so machine A -> ssh over to Machine B -> telnet to Switch A can someone please help ? regards tnf From roman.hochuli at nexellent.ch Fri Aug 3 13:44:36 2012 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Fri, 03 Aug 2012 15:44:36 +0200 Subject: [rancid] diff for newer Fou^H^H^HBrocade NetIron releases Message-ID: <501BD5C4.7070906@nexellent.ch> Dear All Attached a small patch that removes a newly introduced uptime-line for switch fabrics on Brocade NetIron-platform hardware from the ouput. -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier -------------- next part -------------- --- bin/francid.in 2011-03-09 18:19:15.000000000 +0100 +++ bin/francid.in 2012-08-03 14:32:43.000000000 +0200 @@ -178,7 +178,7 @@ last if (/^$prompt/); next if (/^(The system |Crash time)/); - next if (/^(System|(Active|Standby) Management|LP Slot \d+) uptime is/); + next if (/^(System|(Active|Standby) Management|LP Slot \d+|Switch Fabric Module \d+) (uptime|Up Time) is/); # remove uptime on newer switches s/(STACKID \d+)\s+system uptime is.*$/$1/; From Mike.Rosile at viterahealthcare.com Mon Aug 6 14:52:40 2012 From: Mike.Rosile at viterahealthcare.com (Rosile, Mike) Date: Mon, 6 Aug 2012 14:52:40 +0000 Subject: [rancid] Need the RANCID Dell extension Message-ID: I'm setting up a new RANCID installation and require the Dell extension (drancid/dlogin/rancid-fe), however the site it was original hosted from (web.rickyninja.net) is no longer available. Anyone know where else I might be able to get this extension? Has the project moved? -- Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From matej.vadnjal at arnes.si Mon Aug 6 16:53:04 2012 From: matej.vadnjal at arnes.si (Matej Vadnjal) Date: Mon, 06 Aug 2012 18:53:04 +0200 Subject: [rancid] Need the RANCID Dell extension In-Reply-To: References: Message-ID: <2329859.LhePC7JKjJ@slon> On Monday 06 of August 2012 14:52:40 Rosile, Mike wrote: > I'm setting up a new RANCID installation and require the Dell extension > (drancid/dlogin/rancid-fe), however the site it was original hosted from > (web.rickyninja.net) is no longer available. > > Anyone know where else I might be able to get this extension? Has the > project moved? -- > Mike Hi Mike Take a look at: https://github.com/ArnesSI/rancid-git/tree/dell Our dell branch is based on original scripts by Jeremy Singletary that you are looking for. We just added a bunch of fixes for use with the latest racind version. Kind regards Matej Vadnjal Arnes From roman.hochuli at nexellent.ch Tue Aug 7 09:27:56 2012 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Tue, 07 Aug 2012 11:27:56 +0200 Subject: [rancid] ignoring toggling/changing output lines Message-ID: <5020DF9C.8070307@nexellent.ch> Dear All As much as I love RANCID I am fighting with two anoyances which I, at the moment, have no ideas how to fix them. The first one I do not seem to be the only one beeing hit by: changing type 7 passwords within l2tp-class-sections on Cisco routers. As from what the archives say this is probably even expected behaviour according to TAC. Changesets look something like this: --snip l2tp-class NAME hidden authentication - password 7 abcabcabcabcabcabc + password 7 xyzxyzxyzxyzxyzxyz ! --snap To be honest: I would be glad with a solution that simply ingores the password, but only the l2tp-class one. I would like to keep the other passwords in the config. Any ideas? The second issue involves Brocades (former Foundry Networks) Metro Ring Protocol. You have to specify two interfaces which are defining the east and west side of the ring as from this boxes perspective. Sure, they might change if a break in the ring happens. But I am seeing toggling between these interfaces way more than we have ring-breaks... A typical output of such a changeset would look like this: --snip metro-ring ID - ring-interfaces ethernet 1 ethernet 7 + ring-interfaces ethernet 7 ethernet 1 --snap Any ideas how to filter this toggling, but still keep the informations about the ring-interfaces in the output? -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From heas at shrubbery.net Tue Aug 7 16:57:18 2012 From: heas at shrubbery.net (heasley) Date: Tue, 7 Aug 2012 09:57:18 -0700 Subject: [rancid] ignoring toggling/changing output lines In-Reply-To: <5020DF9C.8070307@nexellent.ch> References: <5020DF9C.8070307@nexellent.ch> Message-ID: <20120807165718.GI32238@shrubbery.net> Tue, Aug 07, 2012 at 11:27:56AM +0200, Roman Hochuli: > Dear All > > As much as I love RANCID I am fighting with two anoyances which I, at > the moment, have no ideas how to fix them. > > > The first one I do not seem to be the only one beeing hit by: changing > type 7 passwords within l2tp-class-sections on Cisco routers. As from > what the archives say this is probably even expected behaviour according > to TAC. Changesets look something like this: > --snip > l2tp-class NAME > hidden > authentication > - password 7 abcabcabcabcabcabc > + password 7 xyzxyzxyzxyzxyzxyz > ! > --snap > > To be honest: I would be glad with a solution that simply ingores the > password, but only the l2tp-class one. I would like to keep the other > passwords in the config. Any ideas? that must be an ios bug. you should contact TAC and insist that they open a ticket. the only way to filter it would be to filter all passwords, or write a filter that kept state to know when it enters/leaves a l2t-class def. > The second issue involves Brocades (former Foundry Networks) Metro Ring > Protocol. You have to specify two interfaces which are defining the east > and west side of the ring as from this boxes perspective. Sure, they > might change if a break in the ring happens. But I am seeing toggling > between these interfaces way more than we have ring-breaks... > > A typical output of such a changeset would look like this: > --snip > metro-ring ID > - ring-interfaces ethernet 1 ethernet 7 > + ring-interfaces ethernet 7 ethernet 1 > --snap > > Any ideas how to filter this toggling, but still keep the informations > about the ring-interfaces in the output? same answer; the state should never be reflected in the configuration. of course, i do not know if foundry has ever fixed a UI bug, so they're unlikely to fix it. so, you will need a filter or some sorting; if ring interfaces can be configured one per-line, like ring-interfaces ethernet 7 ring-interfaces ethernet 1 then i would split those lines like this and use ProcessHistory to sort on the interface. > -- > Best regards, > Roman Hochuli > Operations Manager > > nexellent ag > Saegereistrasse 33 > CH-8152 Glattbrugg > > Phone: +41 44 872 20 00 > Fax: +41 44 872 20 01 > URL: www.nexellent.ch > X-NCC-RegID: ch.nexellent > > Imagination is the one weapon in the war > against reality. > -- Jules de Gaultier > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Aug 7 23:18:18 2012 From: heas at shrubbery.net (heasley) Date: Tue, 7 Aug 2012 16:18:18 -0700 Subject: [rancid] ignoring toggling/changing output lines In-Reply-To: <20120807165718.GI32238@shrubbery.net> References: <5020DF9C.8070307@nexellent.ch> <20120807165718.GI32238@shrubbery.net> Message-ID: <20120807231818.GA50643@shrubbery.net> Tue, Aug 07, 2012 at 09:57:18AM -0700, heasley: > Tue, Aug 07, 2012 at 11:27:56AM +0200, Roman Hochuli: > > Dear All > > > > As much as I love RANCID I am fighting with two anoyances which I, at > > the moment, have no ideas how to fix them. > > > > > > The first one I do not seem to be the only one beeing hit by: changing > > type 7 passwords within l2tp-class-sections on Cisco routers. As from > > what the archives say this is probably even expected behaviour according > > to TAC. Changesets look something like this: > > --snip > > l2tp-class NAME > > hidden > > authentication > > - password 7 abcabcabcabcabcabc > > + password 7 xyzxyzxyzxyzxyzxyz > > ! > > --snap > > > > To be honest: I would be glad with a solution that simply ingores the > > password, but only the l2tp-class one. I would like to keep the other > > passwords in the config. Any ideas? > > that must be an ios bug. you should contact TAC and insist that they open > a ticket. > > the only way to filter it would be to filter all passwords, or write a > filter that kept state to know when it enters/leaves a l2t-class def. I came across these; tell us if it works: http://www.shrubbery.net/pipermail/rancid-discuss/2010-July/005023.html Thu, Jul 08, 2010 at 08:34:46AM +0200, Martin Moens: > Hi John, > > I have tested several sw and hw combinations, a few of them: > 3925: c3900-universalk9-mz.SPA.150-1 and c3900-universalk9-mz.SPA.150-1.M2 > 2811: c2800nm-advipservicesk9-mz.124-24.T > 7206: c7200-advipservicesk9-mz.122-33.SRD1 > 7606: c7600rsp72043-advipservicesk9-mz.122-33.SRD4 > As you can see the problem is not specific to a certain hardware or software > version, I suppuse I can assume all versions have this problem.... Hack for rancid 2.3.4 > > > >Index: rancid.in > >=================================================================== > >--- rancid.in (revision 2211) > >+++ rancid.in (working copy) > >@@ -1523,6 +1523,7 @@ > > sub WriteTerm { > > print STDERR " In WriteTerm: $_" if ($debug); > > my($lineauto,$comment,$linecnt) = (0,0,0); > >+ my($subconfig) = ""; > > > > while () { > > tr/\015//d; > >@@ -1539,6 +1540,9 @@ > > my($len) = length($1); > > s/^$1\s{$len}//; > > } > >+ if (/^\S/) { > >+ $subconfig = ""; > >+ } > > /^! no configuration change since last restart/i && next; > > # skip emtpy lines at the beginning > > if (!$linecnt && /^\s*$/) { > >@@ -1579,6 +1583,21 @@ > > } > > $comment = 0; > > > >+ # l2tp-class > >+ if (/^l2tp-class /) { $subconfig = "l2tp-class"; } > >+ if ($subconfig == "l2tp-class" && /password ((\d) \S+|\S+)/) { > >+ if ($filter_pwds >= 2) { > >+ ProcessHistory("L2TP","keysort","$subconfig", > >+ "! password \n"); > >+ } elsif ($filter_pwds >= 1 && $4 ne "5"){ > >+ ProcessHistory("L2TP","keysort","$subconfig", > >+ "! password \n"); > >+ } else { > >+ ProcessHistory("L2TP","keysort","$subconfig","$_"); > >+ } > >+ next; > >+ } > >+ > > # Dog gone Cool matches to process the rest of the config > > The second issue involves Brocades (former Foundry Networks) Metro Ring > > Protocol. You have to specify two interfaces which are defining the east > > and west side of the ring as from this boxes perspective. Sure, they > > might change if a break in the ring happens. But I am seeing toggling > > between these interfaces way more than we have ring-breaks... > > > > A typical output of such a changeset would look like this: > > --snip > > metro-ring ID > > - ring-interfaces ethernet 1 ethernet 7 > > + ring-interfaces ethernet 7 ethernet 1 > > --snap > > > > Any ideas how to filter this toggling, but still keep the informations > > about the ring-interfaces in the output? > > same answer; the state should never be reflected in the configuration. of > course, i do not know if foundry has ever fixed a UI bug, so they're > unlikely to fix it. so, you will need a filter or some sorting; if ring > interfaces can be configured one per-line, like > ring-interfaces ethernet 7 > ring-interfaces ethernet 1 > then i would split those lines like this and use ProcessHistory to sort on > the interface. > > > -- > > Best regards, > > Roman Hochuli > > Operations Manager > > > > nexellent ag > > Saegereistrasse 33 > > CH-8152 Glattbrugg > > > > Phone: +41 44 872 20 00 > > Fax: +41 44 872 20 01 > > URL: www.nexellent.ch > > X-NCC-RegID: ch.nexellent > > > > Imagination is the one weapon in the war > > against reality. > > -- Jules de Gaultier > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From roman.hochuli at nexellent.ch Thu Aug 9 11:09:50 2012 From: roman.hochuli at nexellent.ch (Roman Hochuli) Date: Thu, 09 Aug 2012 13:09:50 +0200 Subject: [rancid] ignoring toggling/changing output lines In-Reply-To: <20120807165718.GI32238@shrubbery.net> References: <5020DF9C.8070307@nexellent.ch> <20120807165718.GI32238@shrubbery.net> Message-ID: <50239A7E.5030609@nexellent.ch> Hi > the only way to filter it would be to filter all passwords, or write a > filter that kept state to know when it enters/leaves a l2t-class def. I was already afraid you would say so... Will give the patch/hack you sent a try and see how it works. > so, you will need a filter or some sorting; if ring > interfaces can be configured one per-line, like > then i would split those lines like this and use ProcessHistory to sort on > the interface. Unfortuneatly no. :-/ Will have a chat with their support to have them fix this behaviour someway in future releases. Thank you for your help. -- Best regards, Roman Hochuli Operations Manager nexellent ag Saegereistrasse 33 CH-8152 Glattbrugg Phone: +41 44 872 20 00 Fax: +41 44 872 20 01 URL: www.nexellent.ch X-NCC-RegID: ch.nexellent Imagination is the one weapon in the war against reality. -- Jules de Gaultier From Douglas.Hughes at DEShawResearch.com Fri Aug 10 01:17:44 2012 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Fri, 10 Aug 2012 01:17:44 +0000 Subject: [rancid] palo alto rancid Message-ID: I saw some stuff for this in 2008 and didn't see any followup. It's a bit of a hack job. There's a whole lot that could be cleaned up with a couple extra hours of effort, but it does work. I made a panlogin and a panrancid that will archive a palo alto show config running plus show system info which includes the serial number, dynamic update information, and other useful things. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rps at cheater.ru Mon Aug 13 14:46:13 2012 From: rps at cheater.ru (Roman Sokolov) Date: Mon, 13 Aug 2012 18:46:13 +0400 Subject: [rancid] xrrancid destroys ipv[46] ACLs In-Reply-To: <4F188B6E.9010800@nero.net> References: <0654E66C-4029-4E5F-89F9-53134A10AEC5@code.de> <20120110173644.GK7866@shrubbery.net> <014B1488-2F21-432E-9D3B-3D3F54B2B497@code.de> <20120110194025.GT7866@shrubbery.net> <6DBC3ED8-E174-4639-B323-356A7885910D@code.de> <4F188B6E.9010800@nero.net> Message-ID: <50291335.2010406@cheater.ru> Hello, It was really awful to see that the problem still exists... So here is adopted patch from Josh for rancid 2.3.8 with rancid-2.3.8.p2 applied. It also contain quick fix for ending ip addresses being eated by sorting routine for thous who like sorting. cat /usr/ports/net-mgmt/rancid/files/xrrrancid.acl.sort --- bin/xrrancid.in Mon Aug 13 15:41:30 2012 +++ bin/xrrancid.in Mon Aug 13 18:11:03 2012 @@ -67,6 +67,7 @@ my($config_register); # configuration register value my($filter_commstr); # SNMP community string filtering my($filter_pwds); # password filtering mode +my($aclstripseq); # Strip ACL sequence numbers # This routine is used to print out the router configuration sub ProcessHistory { @@ -1094,12 +1095,22 @@ while () { tr/\015//d; last if (/^$prompt/ || /^\S/); - ($seq, $cmd, $misc, $ip) = ($_ =~ /^\s+(\d+) (\w+) (.*\s)(\w+)/); + ($seq, $cmd, $misc, $ip, $other) = ($_ =~ /^\s+(\d+) (\w+) (.*\s)(\w+)(.*)$/); if ($cmd =~ /(permit|deny)/) { - ProcessHistory("ACL $nlri $key $cmd","$aclsort","$ip", - " $cmd $misc$ip\n"); + if ($aclstripseq == 0) { + ProcessHistory("ACL $seq $nlri $key $cmd","$aclsort","$ip","$_"); + } + if ($aclstripseq == 1) { + ProcessHistory("ACL $nlri $key $cmd","$aclsort","$ip", + " $cmd $misc$ip$other\n"); + } } else { - ProcessHistory("ACL $nlri $key","",""," $cmd $misc$ip\n"); + if ($aclstripseq == 0) { + ProcessHistory("ACL $seq $nlri $key","","","$_"); + } + if ($aclstripseq == 1) { + ProcessHistory("ACL $nlri $key","",""," $cmd $misc$ip$other\n"); + } } } } @@ -1319,6 +1330,16 @@ # determine ACL sorting mode if ($ENV{"ACLSORT"} =~ /no/i) { + $aclsort = ""; +} +# determine if we want to strip ACL sequence numbers +if ($ENV{"ACLSTRIPSEQ"} =~ /yes/i) { + $aclstripseq = 1; +} +else { +# If you are not stripping ACL sequence numbers +# you cannot sort ACLs + $aclstripseq = 0; $aclsort = ""; } # determine community string filtering mode -- wbr, Roman Sokolov mailto:rps at cheater.ru From Douglas.Hughes at DEShawResearch.com Tue Aug 14 14:23:00 2012 From: Douglas.Hughes at DEShawResearch.com (Hughes, Doug) Date: Tue, 14 Aug 2012 14:23:00 +0000 Subject: [rancid] rancid login etc. for palo alto and silver peak Message-ID: A few people have requested this, so I'm attaching the few hours of work I put into making the rancid login/auth/archive for SilverPeak and for PaloAlto devices. Both of these use ssh for authentication, but I didn't setup or test RSA key auth in either case. The SilverPeak has been tested with 'enable' mode. By default they ship with no enable password. (Apologies for the Windows style attachments.) Both have been copied from another script and modified, so there's probably quite a bit of cruft in there that doesn't need to be, but I cleaned up the worst of it. I'm sure there are a lot of gratuitous regular expressions that could still be eliminated. Here's what you need in rancid-fe: %vendortable = ( ... 'silverpeak' => 'silverrancid', 'paloalto' => 'panrancid', ... You can figure our .cloginrc yourself, just don't forget the enable password for the silverpeak, if you have any. ;) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: panrancid Type: application/octet-stream Size: 7632 bytes Desc: panrancid URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: panlogin Type: application/octet-stream Size: 13993 bytes Desc: panlogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: silverlogin Type: application/octet-stream Size: 15910 bytes Desc: silverlogin URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: silverrancid Type: application/octet-stream Size: 8261 bytes Desc: silverrancid URL: From matthew at walster.org Thu Aug 16 14:16:37 2012 From: matthew at walster.org (Matthew Walster) Date: Thu, 16 Aug 2012 15:16:37 +0100 Subject: [rancid] Linux Networking Support Message-ID: It strikes me that someone must have created a RANCID script that does the following: * iptables-save - Removing the counters from the output * lspci / lsusb / lscpu / lsblk * ip a - i.e. the useful bits of ifconfig without the counters etc Has anyone produced such a script? If not, would others be interested in seeing one? Are there any other suggested commands that could be run of interest? Matthew Walster -------------- next part -------------- An HTML attachment was scrubbed... URL: From tyler at tolaris.com Thu Aug 16 14:40:00 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Thu, 16 Aug 2012 15:40:00 +0100 Subject: [rancid] Linux Networking Support In-Reply-To: References: Message-ID: <502D0640.2010406@tolaris.com> I have scripts like that, but not for RANCID. I collect all the useful output and dump to files, mostly for questions like "What kernel modules and what firewall rules were loaded on machine X at time T"? But for configuration backup of Linux machines, I use BackupPC. Regards, Tyler On 2012-08-16 15:16, Matthew Walster wrote: > It strikes me that someone must have created a RANCID script that does the > following: > > * iptables-save > - Removing the counters from the output > * lspci / lsusb / lscpu / lsblk > * ip a > - i.e. the useful bits of ifconfig without the counters etc > > Has anyone produced such a script? If not, would others be interested in > seeing one? Are there any other suggested commands that could be run of > interest? > > Matthew Walster > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- "The price of apathy towards public affairs is to be ruled by evil men." -- Plato From rancid at gheek.net Thu Aug 16 15:44:12 2012 From: rancid at gheek.net (Lance Vermilion) Date: Thu, 16 Aug 2012 08:44:12 -0700 Subject: [rancid] Linux Networking Support In-Reply-To: References: Message-ID: John H, I recall years back that you had clogin or another login script adjusted to support Linux. A couple of questions? 1. Does it still have support the Linux login prompt (I know F5 BigIP is very similar but I recall you doing a mod to clogin instead of creating something new)? 2. Did you ever create a lrancid to collect basics? On Thu, Aug 16, 2012 at 7:16 AM, Matthew Walster wrote: > It strikes me that someone must have created a RANCID script that does the > following: > > * iptables-save > - Removing the counters from the output > * lspci / lsusb / lscpu / lsblk > * ip a > - i.e. the useful bits of ifconfig without the counters etc > > Has anyone produced such a script? If not, would others be interested in > seeing one? Are there any other suggested commands that could be run of > interest? > > Matthew Walster > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Aug 16 16:15:27 2012 From: heas at shrubbery.net (heasley) Date: Thu, 16 Aug 2012 09:15:27 -0700 Subject: [rancid] Linux Networking Support In-Reply-To: References: Message-ID: <20120816161527.GC57826@shrubbery.net> Thu, Aug 16, 2012 at 08:44:12AM -0700, Lance Vermilion: > John H, > > I recall years back that you had clogin or another login script adjusted to > support Linux. > > A couple of questions? > 1. Does it still have support the Linux login prompt (I know F5 BigIP is > very similar but I recall you doing a mod to clogin instead of creating > something new)? i think hlogin would be the one to use, to avoid screen handling output. but I havent fooled with the idea much. > 2. Did you ever create a lrancid to collect basics? nope; we discussed it a bit, but thats as far as we'd gone. frankly, netbsd has daily/weekly/monthly/security scripts that are quite nice and useful. one thing the security script does is use a changelist file for a list of files it will backup and each file is separate vs being rolled into one as rancid would do, and it sends diffs of the files, a few of which it will "filter", and the backups are then local to the machine (which seems both positive and negative). this is one solution, not within rancid, but might be useful in combination. > On Thu, Aug 16, 2012 at 7:16 AM, Matthew Walster wrote: > > > It strikes me that someone must have created a RANCID script that does the > > following: > > > > * iptables-save > > - Removing the counters from the output > > * lspci / lsusb / lscpu / lsblk > > * ip a > > - i.e. the useful bits of ifconfig without the counters etc > > > > Has anyone produced such a script? If not, would others be interested in > > seeing one? Are there any other suggested commands that could be run of > > interest? > > > > Matthew Walster > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Thu Aug 16 21:12:08 2012 From: heas at shrubbery.net (heasley) Date: Thu, 16 Aug 2012 14:12:08 -0700 Subject: [rancid] missed cmd(s): show full-configuration, get system status In-Reply-To: <20120816211034.28A869AC0F@guelah.shrubbery.net> <312FF37225924E42A1D3D228EDBD11930E67F9C5@PRIVALEX.PrivalODC.lan> Message-ID: <20120816211208.GC66949@shrubbery.net> Thu, May 31, 2012 at 12:20:30PM +0000, Gerhard Mourani: > Thanks Gareth, > > That's worked for me too. > > Gerhard, > > From: Gareth Hopkins [mailto:gabbawp at gmail.com] > Sent: May-31-12 4:30 AM > To: Gerhard Mourani > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] missed cmd(s): show full-configuration,get system status > > Hi, > > If you run fnlogin instead of clogin, you'll see it complains about an ssh port not being specified. I ran into exactly the same problem and mailed the list a couple of weeks ago but heard nothing back unfortunately. > > A quick work around is to add the following to your cloginrc file > > add method device_name {ssh:22} > > I hope someone can take a look at this though. Does this patch to fnlogin fix your problem: Index: bin/fnlogin.in =================================================================== --- bin/fnlogin.in (revision 2376) +++ bin/fnlogin.in (revision 2435) @@ -303,7 +303,7 @@ } elseif [string match "ssh*" $prog] { regexp {ssh(:([^[:space:]]+))*} $prog methcmd suffix port set cmd $sshcmd - if {"$port" == ""} { + if {"$port" != ""} { set cmd "$cmd -p $port" } set retval [ catch {eval spawn [split "$cmd -c $cyphertype -x -l $user $router" { }]} reason ] > > Cheers, > > Gareth > > On 30 May 2012, at 7:06 PM, Gerhard Mourani wrote: > > > Helo list, > > After an update to Rancid version 2.3.8, the method used to login into FortiGate device no longer work and report the following error in the log file. > > Getting missed routers: round 4. > 192.168.2.1 fnlogin error: Error: Couldn't login: 192.168.2.1 > 192.168.2.1: missed cmd(s): show full-configuration,get system status > 0: found end > 192.168.2.1: End of run not found > > With previous version of Rancid, everything worked correctly. According to the above error I've run the following commands to verify if the missed cmd is true or not. > > /usr/bin/clogin -f /usr/share/rancid/.cloginrc 192.168.2.1 > The above works and I can manually run the 'show full-configuration' or 'get system status' command without problem! > > Therefore no idea about why this error occur now and from which part it's really coming from! > > Gerhard, From daniel.schmidt at wyo.gov Mon Aug 20 20:42:41 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Mon, 20 Aug 2012 14:42:41 -0600 Subject: [rancid] Attic Message-ID: This may be kind of a stupid cvs question but? If one wanted to search the attic, where would those files be stored? E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From birjparekh at gmail.com Mon Aug 20 20:47:27 2012 From: birjparekh at gmail.com (birju parekh) Date: Mon, 20 Aug 2012 15:47:27 -0500 Subject: [rancid] Attic In-Reply-To: References: Message-ID: The Attic folder is hidden in configs folder. I usally use command Locate device name or IP address of the device. Thanks On Mon, Aug 20, 2012 at 3:42 PM, Daniel Schmidt wrote: > This may be kind of a stupid cvs question but? > > > > If one wanted to search the attic, where would those files be stored? > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jason.Lewis at TRILOGYFF.com Tue Aug 21 15:40:05 2012 From: Jason.Lewis at TRILOGYFF.com (Jason Lewis) Date: Tue, 21 Aug 2012 15:40:05 +0000 Subject: [rancid] Why does RANCID continue to show old diffs? Message-ID: <1AF84686D9EBE94D8D65B500407C4376C1FD07@TGP1PEXCHG02.trilogyff.net> Hello everyone, I've just finished setting up email from our RANCID server, and we've started getting messages from it. However, every diff email contains every diff for every device I've added over the last few days, it never quits notifying us of the same changes. I don't think this is expected behavior: I would expect RANCID to display a diff one time and move on. Does anyone know what is causing this behavior and what to do about it? Thank you, Jason Lewis | Senior Server Specialist Phone:614.497.1994 | Mobile:614.657.2300 email: Jason.Lewis at trilogyff.com [Description: Description: Description: Description: Trilogy Logo color] ##################################################################################### Scanned by MailMarshal - M86 Security's comprehensive email content security solution. ##################################################################################### -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3895 bytes Desc: image001.png URL: From rg at cosma.name Thu Aug 23 08:37:55 2012 From: rg at cosma.name (Razvan Cosma) Date: Thu, 23 Aug 2012 10:37:55 +0200 Subject: [rancid] BlueCoat SG Proxy Message-ID: Hello, I'm trying to understand how rancid parses the output of various commands, to adapt it for BlueCoat; the console is similar with Cisco's and clogin works for it, can't figure out exactly what /usr/libexec/rancid/rancid does though. I've replaced the executed commands with these three: show configuration noprompts, show version and show advanced-url /Diagnostics/Hardware/Info/ The output is something like su - rancid -c 'clogin labhost' labhost spawn ssh -c 3des -x -l root labhost root at labhost's password: Lab_Host>enable Enable Password: Lab_Host# ^^ so far so good Lab_Host#show version show version Version: SGOS 5.5.9.1 Proxy Edition Release id: 81874 UI Version: 5.5.9.1 Build: 81874 Serial number: 1234567890 NIC 0 MAC: 00AABBCCDDEE Lab_Host#show advanced-url /Diagnostics/Hardware/Info/ show advanced-url /Diagnostics/Hardware/Info/ Hardware Information Model: 510-A RAM: 1024 MB DIMM 1: empty DIMM 2: 1024 MB SDRAM DDR Number of CPUs: 1 CPU frequency: 2000 MHz Bus speed: 100 MHz Storage: 1 drive Disk in slot 1: 80 GB (SEAGATE ST3808110AS, rev:3.AAH, serial:ABCD123) Disk in slot 2: empty Network: Interface 0:0: Intel Gigabit running at 1 Gbps full duplex (MAC 00:AA:BB:CC:DD:EE) Interface 1:0: Intel Gigabit running at 1 Gbps full duplex (MAC 00:AA:BB:CC:EE:DD) Accelerators: none Lab_Host# I'll skip the sh conf no as it's very long, output looks very much like a cisco sh runn though so I was hoping just editing @commandtable and using the cisco functions would collect the output. After adding it in %vendortable in rancid-fe and doing a su - rancid -c 'rancid-run -m myaddress -r labhost' it seems to do the trick, I'm sure it can be improved though so suggestions welcome. The bcrancid file is attached. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: bcrancid.pl Type: application/octet-stream Size: 30407 bytes Desc: not available URL: From bparekh at nmff.org Thu Aug 23 19:28:25 2012 From: bparekh at nmff.org (Parekh, Birju) Date: Thu, 23 Aug 2012 14:28:25 -0500 Subject: [rancid] FW: Re: Clogin error Message-ID: Hi, I cannot telnet into my devices but SSH works with the same username and password. When I ran clogin device name. I got the following error clogin error: Error: Check your passwd This is in my .clogin #RANCID USER add user * username add password * {password} add method * {telnet} {ssh} The devices which have ssh enabled can login fine but the devices with telnet I am not able to login. The screen stops at username. spawn telnet x.x.x.x Trying x.x.x.x Connected to x.x.x.x Escape character is '^]'. username: I was initially polling using IP address. I have changed that to adding device names in host file and updated the router.db with the host file. But now I am unable to login or retrieve config from the devices using rancid. Birju Parekh Network & Voice Engineer Northwestern Medical Faculty Foundation 680 N Lake Shore Driver Suite 1118 Chicago, IL 60611 Phone (312) 695 4775 Email: Bparekh at nmff.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From shouldbeq931 at gmail.com Thu Aug 23 21:15:18 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Thu, 23 Aug 2012 22:15:18 +0100 Subject: [rancid] FW: Re: Clogin error In-Reply-To: References: Message-ID: On Thu, Aug 23, 2012 at 8:28 PM, Parekh, Birju wrote: > Hi, > > I cannot telnet into my devices but SSH works with the same username and > password. When I ran clogin device name. I got the following error > > clogin error: Error: Check your passwd > > > > This is in my .clogin > > > > #RANCID USER > > add user * username > > add password * {password} > > add method * {telnet} {ssh} > > > > The devices which have ssh enabled can login fine but the devices with > telnet I am not able to login. The screen stops at username. > > spawn telnet x.x.x.x > > Trying x.x.x.x > > Connected to x.x.x.x > > Escape character is '^]'. > > > > username: > > > > I was initially polling using IP address. I have changed that to adding > device names in host file and updated the router.db with the host file. But > now I am unable to login or retrieve config from the devices using rancid. > > > > > > Birju Parekh > > Network & Voice Engineer > > Northwestern Medical Faculty Foundation > > 680 N Lake Shore Driver Suite 1118 > > Chicago, IL 60611 > > Phone (312) 695 4775 > > Email: Bparekh at nmff.org > > you haven;t given the reason why you can't telnet into the device, but it would appear to be sitting at a username prompt and not progfressing have you tried just using ssh (removing telnet from the method) ? From bparekh at nmff.org Thu Aug 23 21:17:11 2012 From: bparekh at nmff.org (Parekh, Birju) Date: Thu, 23 Aug 2012 16:17:11 -0500 Subject: [rancid] FW: Re: Clogin error In-Reply-To: References: Message-ID: I cannot do that since some of my switches are running an older IOS and don't have SSH availbe. It is hanging at the user prompt when I test it with clogin. I got check your password error when I ran rancid-run. Thanks Birju Parekh Network & Voice Engineer Northwestern Medical Faculty Foundation 680 N Lake Shore Driver Suite 1118 Chicago, IL 60611 Phone (312) 695 4775 Email: Bparekh at nmff.org -----Original Message----- From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] Sent: Thursday, August 23, 2012 4:15 PM To: Parekh, Birju Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] FW: Re: Clogin error On Thu, Aug 23, 2012 at 8:28 PM, Parekh, Birju wrote: > Hi, > > I cannot telnet into my devices but SSH works with the same username > and password. When I ran clogin device name. I got the following error > > clogin error: Error: Check your passwd > > > > This is in my .clogin > > > > #RANCID USER > > add user * username > > add password * {password} > > add method * {telnet} {ssh} > > > > The devices which have ssh enabled can login fine but the devices with > telnet I am not able to login. The screen stops at username. > > spawn telnet x.x.x.x > > Trying x.x.x.x > > Connected to x.x.x.x > > Escape character is '^]'. > > > > username: > > > > I was initially polling using IP address. I have changed that to > adding device names in host file and updated the router.db with the > host file. But now I am unable to login or retrieve config from the devices using rancid. > > > > > > Birju Parekh > > Network & Voice Engineer > > Northwestern Medical Faculty Foundation > > 680 N Lake Shore Driver Suite 1118 > > Chicago, IL 60611 > > Phone (312) 695 4775 > > Email: Bparekh at nmff.org > > you haven;t given the reason why you can't telnet into the device, but it would appear to be sitting at a username prompt and not progfressing have you tried just using ssh (removing telnet from the method) ? From shouldbeq931 at gmail.com Thu Aug 23 21:21:22 2012 From: shouldbeq931 at gmail.com (shouldbe q931) Date: Thu, 23 Aug 2012 22:21:22 +0100 Subject: [rancid] FW: Re: Clogin error In-Reply-To: References: Message-ID: On Thu, Aug 23, 2012 at 10:17 PM, Parekh, Birju wrote: > I cannot do that since some of my switches are running an older IOS and don't have SSH availbe. It is hanging at the user prompt when I test it with clogin. I got check your password error when I ran rancid-run. > Thanks > > Birju Parekh > Network & Voice Engineer > Northwestern Medical Faculty Foundation > 680 N Lake Shore Driver Suite 1118 > Chicago, IL 60611 > Phone (312) 695 4775 > Email: Bparekh at nmff.org > > > -----Original Message----- > From: shouldbe q931 [mailto:shouldbeq931 at gmail.com] > Sent: Thursday, August 23, 2012 4:15 PM > To: Parekh, Birju > Cc: rancid-discuss at shrubbery.net > Subject: Re: [rancid] FW: Re: Clogin error > > On Thu, Aug 23, 2012 at 8:28 PM, Parekh, Birju wrote: >> Hi, >> >> I cannot telnet into my devices but SSH works with the same username >> and password. When I ran clogin device name. I got the following error >> >> clogin error: Error: Check your passwd >> >> >> >> This is in my .clogin >> >> >> >> #RANCID USER >> >> add user * username >> >> add password * {password} >> >> add method * {telnet} {ssh} >> >> >> >> The devices which have ssh enabled can login fine but the devices with >> telnet I am not able to login. The screen stops at username. >> >> spawn telnet x.x.x.x >> >> Trying x.x.x.x >> >> Connected to x.x.x.x >> >> Escape character is '^]'. >> >> >> >> username: >> >> >> >> I was initially polling using IP address. I have changed that to >> adding device names in host file and updated the router.db with the >> host file. But now I am unable to login or retrieve config from the devices using rancid. >> >> >> >> >> >> Birju Parekh >> >> Network & Voice Engineer >> >> Northwestern Medical Faculty Foundation >> >> 680 N Lake Shore Driver Suite 1118 >> >> Chicago, IL 60611 >> >> Phone (312) 695 4775 >> >> Email: Bparekh at nmff.org >> >> > > you haven;t given the reason why you can't telnet into the device, but it would appear to be sitting at a username prompt and not progfressing > > have you tried just using ssh (removing telnet from the method) ? > you can set the method per device... From bejoy.bnair at gmail.com Thu Aug 23 16:28:13 2012 From: bejoy.bnair at gmail.com (bejoybkn) Date: Thu, 23 Aug 2012 09:28:13 -0700 (PDT) Subject: [rancid] How can I modify nslogin to manage my netscaler running v9.x In-Reply-To: References: Message-ID: <73047b35-956c-4ae1-ad73-605cd5a9151f@googlegroups.com> I have got the changes to make netscaler working http://bejoybkn.blogspot.in/2011/07/how-to-setup-and-configure-rancid.html Script is given at the last section Its working nicely. On Friday, October 7, 2011 7:37:31 AM UTC+5:30, Jerome Boutin wrote: > > Hi guys, > > I have hard time to modify the original nslogin script to logon and send > command to my netscalers running v9.3. Can someone help me out please? I > read on the archive that a slight change to the script could do the trick > but I don't know how to find the patch and apply it. > > -- > Jerome > -------------- next part -------------- An HTML attachment was scrubbed... URL: From birjparekh at gmail.com Fri Aug 24 23:53:48 2012 From: birjparekh at gmail.com (birju parekh) Date: Fri, 24 Aug 2012 18:53:48 -0500 Subject: [rancid] FW: Re: Clogin error In-Reply-To: References: Message-ID: Hi, Can you let me know if there is any solution to the issue. Thanks On Thu, Aug 23, 2012 at 4:15 PM, shouldbe q931 wrote: > On Thu, Aug 23, 2012 at 8:28 PM, Parekh, Birju wrote: > > Hi, > > > > I cannot telnet into my devices but SSH works with the same username and > > password. When I ran clogin device name. I got the following error > > > > clogin error: Error: Check your passwd > > > > > > > > This is in my .clogin > > > > > > > > #RANCID USER > > > > add user * username > > > > add password * {password} > > > > add method * {telnet} {ssh} > > > > > > > > The devices which have ssh enabled can login fine but the devices with > > telnet I am not able to login. The screen stops at username. > > > > spawn telnet x.x.x.x > > > > Trying x.x.x.x > > > > Connected to x.x.x.x > > > > Escape character is '^]'. > > > > > > > > username: > > > > > > > > I was initially polling using IP address. I have changed that to adding > > device names in host file and updated the router.db with the host file. > But > > now I am unable to login or retrieve config from the devices using > rancid. > > > > > > > > > > > > Birju Parekh > > > > Network & Voice Engineer > > > > Northwestern Medical Faculty Foundation > > > > 680 N Lake Shore Driver Suite 1118 > > > > Chicago, IL 60611 > > > > Phone (312) 695 4775 > > > > Email: Bparekh at nmff.org > > > > > > you haven;t given the reason why you can't telnet into the device, but > it would appear to be sitting at a username prompt and not > progfressing > > have you tried just using ssh (removing telnet from the method) ? > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jason.Lewis at TRILOGYFF.com Mon Aug 27 14:04:37 2012 From: Jason.Lewis at TRILOGYFF.com (Jason Lewis) Date: Mon, 27 Aug 2012 14:04:37 +0000 Subject: [rancid] Can RANCID compare running and startup configs for differences? Message-ID: <1AF84686D9EBE94D8D65B500407C4376C23F66@TGP1PEXCHG02.trilogyff.net> All, After a recent audit, we need RANCID to be able to alert us if the running and startup config on a device are out of sync. I've been through the scripts in 2.3.2 to see if there's anything in there to handle that, and all I see is a prompt check in clogin, which won't do any good on most Cisco devices since it doesn't display any prompt for unsaved changes. Has anyone seen a module/customization to do this, or is there a feature that I've missed in RANCID? Thank you, Jason Lewis | Senior Server Specialist Phone:614.497.1994 | Mobile:614.657.2300 email: Jason.Lewis at trilogyff.com [Description: Description: Description: Description: Trilogy Logo color] ##################################################################################### Scanned by MailMarshal - M86 Security's comprehensive email content security solution. ##################################################################################### -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3895 bytes Desc: image001.png URL: From GMourani at prival.ca Mon Aug 27 14:11:46 2012 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 27 Aug 2012 14:11:46 +0000 Subject: [rancid] Avoid diff when flash memory change Message-ID: <312FF37225924E42A1D3D228EDBD119315CE8F75@PRIVALEX.PrivalODC.lan> Hello List, I've a small issue with Foundry/Brocade devices and Rancid (latest version). Every time flash bytes change on the Foundry/Brocade devices, Rancid generate a new diff and send alerts on it generating almost 10 messages per day just for that. The question is -> How to avoid diff when flash memory change with Foundry/Brocade devices (see example below)? - !Flash: Bytes Used : 9269248 bytes - !Flash: Bytes Free : 4093083648 bytes + !Flash: Bytes Used : 9273344 bytes + !Flash: Bytes Free : 4093079552 bytes Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jason.Lewis at TRILOGYFF.com Mon Aug 27 14:39:26 2012 From: Jason.Lewis at TRILOGYFF.com (Jason Lewis) Date: Mon, 27 Aug 2012 14:39:26 +0000 Subject: [rancid] Avoid diff when flash memory change In-Reply-To: <312FF37225924E42A1D3D228EDBD119315CE8F75@PRIVALEX.PrivalODC.lan> References: <312FF37225924E42A1D3D228EDBD119315CE8F75@PRIVALEX.PrivalODC.lan> Message-ID: <1AF84686D9EBE94D8D65B500407C4376C23FCF@TGP1PEXCHG02.trilogyff.net> Gerhard, I just had to do something similar for our Nexus switches this morning; you need to comment the relevant command(s) out of the module for your switch. Just edit the module (found in ~rancid/bin), find the command table, and comment out the command that's generating the output you don't want anymore. Unfortunately, I haven't dealt with Foundry switches before, so I can't help you with the command itself. Good luck with it, and let us know if you need additional help. Jason Lewis | Senior Server Specialist Phone:614.497.1994 | Mobile:614.657.2300 email: Jason.Lewis at trilogyff.com [Description: Description: Description: Description: Trilogy Logo color] From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani Sent: Monday, August 27, 2012 10:13 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Avoid diff when flash memory change Hello List, I've a small issue with Foundry/Brocade devices and Rancid (latest version). Every time flash bytes change on the Foundry/Brocade devices, Rancid generate a new diff and send alerts on it generating almost 10 messages per day just for that. The question is -> How to avoid diff when flash memory change with Foundry/Brocade devices (see example below)? - !Flash: Bytes Used : 9269248 bytes - !Flash: Bytes Free : 4093083648 bytes + !Flash: Bytes Used : 9273344 bytes + !Flash: Bytes Free : 4093079552 bytes Regards, ##################################################################################### Scanned by MailMarshal - M86 Security's comprehensive email content security solution. ##################################################################################### -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3895 bytes Desc: image001.png URL: From GMourani at prival.ca Mon Aug 27 14:45:06 2012 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 27 Aug 2012 14:45:06 +0000 Subject: [rancid] Avoid diff when flash memory change In-Reply-To: <1AF84686D9EBE94D8D65B500407C4376C23FCF@TGP1PEXCHG02.trilogyff.net> References: <312FF37225924E42A1D3D228EDBD119315CE8F75@PRIVALEX.PrivalODC.lan> <1AF84686D9EBE94D8D65B500407C4376C23FCF@TGP1PEXCHG02.trilogyff.net> Message-ID: <312FF37225924E42A1D3D228EDBD119315CE9007@PRIVALEX.PrivalODC.lan> Jason, Thanks, I found the related command table and codes, then removed the corresponding lines, references and now it work! Here a diff for those interested about what has been removed: diff -ur rancid-2.3.8.orig/bin/francid.in rancid-2.3.8/bin/francid.in --- rancid-2.3.8.orig/bin/francid.in 2011-03-09 12:19:15.000000000 -0500 +++ rancid-2.3.8/bin/francid.in 2012-08-27 10:42:39.000000000 -0400 @@ -244,22 +244,6 @@ return(0); } -# This routine parses "show flash" -sub ShowFlash { - print STDERR " In ShowFlash: $_" if ($debug); - - while () { - tr/\015//d; - last if (/^$prompt/); - next if (/^\s*$/); - return(1) if (/^\s+\^$/); # edgeiron invalid command - - ProcessHistory("FLASH","","","!Flash: $_"); - } - ProcessHistory("","","","!\n"); - return; -} - # This routine parses "show module" sub ShowModule { print STDERR " In ShowModule: $_" if ($debug); @@ -418,7 +402,6 @@ {'show version' => 'ShowVersion'}, {'show chassis' => 'ShowChassis'}, {'show module' => 'ShowModule'}, - {'show flash' => 'ShowFlash'}, {'write term' => 'WriteTerm'}, {'show running-config' => 'WriteTerm'}, ); Regards, From: Jason Lewis [mailto:Jason.Lewis at TRILOGYFF.com] Sent: August-27-12 10:39 AM To: Gerhard Mourani; rancid-discuss at shrubbery.net Subject: RE: Avoid diff when flash memory change Gerhard, I just had to do something similar for our Nexus switches this morning; you need to comment the relevant command(s) out of the module for your switch. Just edit the module (found in ~rancid/bin), find the command table, and comment out the command that's generating the output you don't want anymore. Unfortunately, I haven't dealt with Foundry switches before, so I can't help you with the command itself. Good luck with it, and let us know if you need additional help. Jason Lewis | Senior Server Specialist Phone:614.497.1994 | Mobile:614.657.2300 email: Jason.Lewis at trilogyff.com [Description: Description: Description: Description: Trilogy Logo color] From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Gerhard Mourani Sent: Monday, August 27, 2012 10:13 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Avoid diff when flash memory change Hello List, I've a small issue with Foundry/Brocade devices and Rancid (latest version). Every time flash bytes change on the Foundry/Brocade devices, Rancid generate a new diff and send alerts on it generating almost 10 messages per day just for that. The question is -> How to avoid diff when flash memory change with Foundry/Brocade devices (see example below)? - !Flash: Bytes Used : 9269248 bytes - !Flash: Bytes Free : 4093083648 bytes + !Flash: Bytes Used : 9273344 bytes + !Flash: Bytes Free : 4093079552 bytes Regards, ________________________________ Scanned by MailMarshal - M86 Security's comprehensive email content security solution. ________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 3895 bytes Desc: image001.png URL: From GMourani at prival.ca Mon Aug 27 14:59:57 2012 From: GMourani at prival.ca (Gerhard Mourani) Date: Mon, 27 Aug 2012 14:59:57 +0000 Subject: [rancid] FortiAnalyzer & FortiMail Message-ID: <312FF37225924E42A1D3D228EDBD119315CE9046@PRIVALEX.PrivalODC.lan> Hello, The 'fn-rancid' script work fine with FortiGate devices but I don't know if someone on the list has something for the FortiAnalyzer or FortiMail devices. It look like the commands are not identical and this make 'fn-rancid' script to fail to return information for the other FortiNet devices. Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Aug 27 16:40:06 2012 From: heas at shrubbery.net (heasley) Date: Mon, 27 Aug 2012 16:40:06 +0000 Subject: [rancid] Can RANCID compare running and startup configs for differences? In-Reply-To: <1AF84686D9EBE94D8D65B500407C4376C23F66@TGP1PEXCHG02.trilogyff.net> References: <1AF84686D9EBE94D8D65B500407C4376C23F66@TGP1PEXCHG02.trilogyff.net> Message-ID: <20120827164006.GM36809@shrubbery.net> Mon, Aug 27, 2012 at 02:04:37PM +0000, Jason Lewis: > After a recent audit, we need RANCID to be able to alert us if the running and startup config on a device are out of sync. I've been through the scripts in 2.3.2 to see if there's anything in there to handle that, and all I see is a prompt check in clogin, which won't do any good on most Cisco devices since it doesn't display any prompt for unsaved changes. > > Has anyone seen a module/customization to do this, or is there a feature that I've missed in RANCID? assuming you are not generating configs, why don't you just save the config periodically? for router in ~rancid/*/router.db clogin -c 'write mem' router more to it, but the general idea. From mwilson at northwestern.edu Mon Aug 27 16:25:54 2012 From: mwilson at northwestern.edu (Matthew J Wilson) Date: Mon, 27 Aug 2012 16:25:54 +0000 Subject: [rancid] expect-hack1 not applied to patched version of expect-5.4.3 on the FTP site? Message-ID: <4B2EF5CC66DF534491B244623C5A1334270AB7BF@evcspmbx2.ads.northwestern.edu> Hi - My read of the "O/S-specific information" section at is that "expect-hack1" should be already applied to the expect-5.43.0.tar.bz2 file available from . But when I download this file and look at exp_chan.c , I don't see the line fcntl(esPtr->fdin, F_SETFL, O_NONBLOCK); added to sub ExpInputProc . Has the unpatched version of exp_chan.c been incorrectly included in expect-5.43.0.tar.bz2 ? Or am I missing something? Thanks! Matt From heas at shrubbery.net Tue Aug 28 18:21:39 2012 From: heas at shrubbery.net (heasley) Date: Tue, 28 Aug 2012 18:21:39 +0000 Subject: [rancid] expect-hack1 not applied to patched version of expect-5.4.3 on the FTP site? In-Reply-To: <4B2EF5CC66DF534491B244623C5A1334270AB7BF@evcspmbx2.ads.northwestern.edu> References: <4B2EF5CC66DF534491B244623C5A1334270AB7BF@evcspmbx2.ads.northwestern.edu> Message-ID: <20120828182139.GO78808@shrubbery.net> Mon, Aug 27, 2012 at 04:25:54PM +0000, Matthew J Wilson: > My read of the "O/S-specific information" section at > is that "expect-hack1" should > be already applied to the expect-5.43.0.tar.bz2 file available from > . But when I download this file and > look at exp_chan.c , I don't see the line > fcntl(esPtr->fdin, F_SETFL, O_NONBLOCK); > > added to sub ExpInputProc . > > Has the unpatched version of exp_chan.c been incorrectly included in > expect-5.43.0.tar.bz2 ? Or am I missing something? thats the virgin, iirc, ftp://ftp.shrubbery.net/pub/rancid/expect-5.43.0_hack.tar.bz2 From mwilson at northwestern.edu Tue Aug 28 19:17:53 2012 From: mwilson at northwestern.edu (Matthew J Wilson) Date: Tue, 28 Aug 2012 19:17:53 +0000 Subject: [rancid] expect-hack1 not applied to patched version of expect-5.4.3 on the FTP site? In-Reply-To: <20120828182139.GO78808@shrubbery.net> Message-ID: <4B2EF5CC66DF534491B244623C5A1334270ADD5A@evcspmbx2.ads.northwestern.edu> On 8/28/12 1:21 PM, "heasley" wrote: >thats the virgin, iirc, > >ftp://ftp.shrubbery.net/pub/rancid/expect-5.43.0_hack.tar.bz2 That tarball (when I download it anyway) has expect-hack2 applied to it for solaris, not expect-hack1 for linux (diff -u output appended at the bottom of this email). When I look at the tarballs from the FTP site: expect-5.40.1.tar.gz - has linux expect-hack1 applied expect-5.40.1_hack2.tar.gz - has solaris expect-hack2 applied expect-5.43.0.tar.bz2 - vanilla: no hack patch applied expect-5.43.0_hack.tar.bz2 - has solaris expect-hack2 applied I don't see an expect-5.43 tarball on the FTP site that has the linux expect-hack1 applied to it. Thanks for taking a look at this. Matt $ diff -u expect-5.43/exp_chan.c.orig expect-5.43/exp_chan.c --- expect-5.43/exp_chan.c.orig 2005-02-07 20:01:20.000000000 -0600 +++ expect-5.43/exp_chan.c 2010-11-12 15:10:44.000000000 -0600 @@ -12,6 +12,7 @@ #include #include /* for isspace */ #include /* for time(3) */ +#include #include "expect_cf.h" @@ -190,6 +191,7 @@ ExpState *esPtr = (ExpState *) instanceData; int bytesRead; /* How many bytes were actually * read from the input device? */ +struct pollfd fds[1]; *errorCodePtr = 0; @@ -199,6 +201,16 @@ * possible, if the channel is in blocking mode. If the channel is * nonblocking, the read will never block. */ +fds[0].fd = esPtr->fdin; +fds[0].events = POLLIN | POLLERR | POLLHUP | POLLNVAL; +bytesRead = poll(fds, 1, 0); +if (bytesRead <= 0) { + *errorCodePtr = EWOULDBLOCK; + return(-1); +} else if (fds[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { + *errorCodePtr = EBADF; + return(-1); +} bytesRead = read(esPtr->fdin, buf, (size_t) toRead); /*printf("ExpInputProc: read(%d,,) = %d\r\n",esPtr->fdin,bytesRead);*/ From heas at shrubbery.net Tue Aug 28 19:36:48 2012 From: heas at shrubbery.net (heasley) Date: Tue, 28 Aug 2012 19:36:48 +0000 Subject: [rancid] expect-hack1 not applied to patched version of expect-5.4.3 on the FTP site? In-Reply-To: <4B2EF5CC66DF534491B244623C5A1334270ADD5A@evcspmbx2.ads.northwestern.edu> References: <20120828182139.GO78808@shrubbery.net> <4B2EF5CC66DF534491B244623C5A1334270ADD5A@evcspmbx2.ads.northwestern.edu> Message-ID: <20120828193648.GC84461@shrubbery.net> Tue, Aug 28, 2012 at 07:17:53PM +0000, Matthew J Wilson: > On 8/28/12 1:21 PM, "heasley" wrote: > >thats the virgin, iirc, > > > >ftp://ftp.shrubbery.net/pub/rancid/expect-5.43.0_hack.tar.bz2 > > > That tarball (when I download it anyway) has expect-hack2 applied to it > for solaris, not expect-hack1 for linux (diff -u output appended at the > bottom of this email). it should work just fine; the one for solaris is just more "complete" and avoids a problem that affect bash if an expect timeout followed. it should compile on linux. > When I look at the tarballs from the FTP site: > expect-5.40.1.tar.gz - has linux expect-hack1 applied > expect-5.40.1_hack2.tar.gz - has solaris expect-hack2 applied > expect-5.43.0.tar.bz2 - vanilla: no hack patch applied > expect-5.43.0_hack.tar.bz2 - has solaris expect-hack2 applied > > I don't see an expect-5.43 tarball on the FTP site that has the linux > expect-hack1 applied to it. > > Thanks for taking a look at this. > Matt > > > > $ diff -u expect-5.43/exp_chan.c.orig expect-5.43/exp_chan.c > --- expect-5.43/exp_chan.c.orig 2005-02-07 20:01:20.000000000 -0600 > +++ expect-5.43/exp_chan.c 2010-11-12 15:10:44.000000000 -0600 > @@ -12,6 +12,7 @@ > #include > #include /* for isspace */ > #include /* for time(3) */ > +#include > > #include "expect_cf.h" > > @@ -190,6 +191,7 @@ > ExpState *esPtr = (ExpState *) instanceData; > int bytesRead; /* How many bytes were actually > * read from the input device? */ > +struct pollfd fds[1]; > > *errorCodePtr = 0; > > @@ -199,6 +201,16 @@ > * possible, if the channel is in blocking mode. If the channel is > * nonblocking, the read will never block. > */ > +fds[0].fd = esPtr->fdin; > +fds[0].events = POLLIN | POLLERR | POLLHUP | POLLNVAL; > +bytesRead = poll(fds, 1, 0); > +if (bytesRead <= 0) { > + *errorCodePtr = EWOULDBLOCK; > + return(-1); > +} else if (fds[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { > + *errorCodePtr = EBADF; > + return(-1); > +} > > bytesRead = read(esPtr->fdin, buf, (size_t) toRead); > /*printf("ExpInputProc: read(%d,,) = %d\r\n",esPtr->fdin,bytesRead);*/ > From mwilson at northwestern.edu Tue Aug 28 19:41:40 2012 From: mwilson at northwestern.edu (Matthew J Wilson) Date: Tue, 28 Aug 2012 19:41:40 +0000 Subject: [rancid] expect-hack1 not applied to patched version of expect-5.4.3 on the FTP site? In-Reply-To: <20120828193648.GC84461@shrubbery.net> Message-ID: <4B2EF5CC66DF534491B244623C5A1334270ADED4@evcspmbx2.ads.northwestern.edu> On 8/28/12 2:36 PM, "heasley" wrote: >Tue, Aug 28, 2012 at 07:17:53PM +0000, Matthew J Wilson: >> On 8/28/12 1:21 PM, "heasley" wrote: >> >thats the virgin, iirc, >> > >> >ftp://ftp.shrubbery.net/pub/rancid/expect-5.43.0_hack.tar.bz2 >> >> >> That tarball (when I download it anyway) has expect-hack2 applied to it >> for solaris, not expect-hack1 for linux (diff -u output appended at the >> bottom of this email). > >it should work just fine; the one for solaris is just more "complete" and >avoids a problem that affect bash if an expect timeout followed. it >should >compile on linux. That's what I was missing. Thanks! -Matt From tim.moermond at capitol.net Thu Aug 30 14:49:01 2012 From: tim.moermond at capitol.net (Moermond, Timothy) Date: Thu, 30 Aug 2012 09:49:01 -0500 Subject: [rancid] Nexus 7000 series backup issues. Message-ID: <35D785F5BF16414D8316BEB65FFE2C3013242B86@khonsu.capitolindemnity.com> I know this has been discussed before, but I still do not seem to be able to find the solution to backing up the Nexus 7000 that I have. nexus_1 clogin error: Error: TIMEOUT reached nexus_1: missed cmd(s): show module,show environment fex all fan,show license,dir usb1:,dir debug:,show debug,show version build-info all,show cores vdc-all,show vtp status,show environment fan,show module xbar,show environment power,show license host-id,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,term no monitor-force,show processes log vdc-all,show environment clock,dir logflash:,show license usage,show version,show running-config,show system redundancy status,show environment temperature,show boot nexus_1: End of run not found ! If I use clogin I notice that it is getting hung up at the password prompt. The prompt has not been changed from the standard Cisco uses. If I enter the password in .cloginrc, everything is fine. I haven't been able to figure out why it stops at this point, it is using the same login paramters as my other devices and they are all working fine. Not sure where to go next. Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Thu Aug 30 18:41:16 2012 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Thu, 30 Aug 2012 12:41:16 -0600 Subject: [rancid] Nexus 7000 series backup issues. In-Reply-To: <35D785F5BF16414D8316BEB65FFE2C3013242B86@khonsu.capitolindemnity.com> References: <35D785F5BF16414D8316BEB65FFE2C3013242B86@khonsu.capitolindemnity.com> Message-ID: <63550590f6b321f990dbacadc176293b@mail.gmail.com> Does it go away if you remove all your banner/motd? *From:* rancid-discuss-bounces at shrubbery.net [mailto: rancid-discuss-bounces at shrubbery.net] *On Behalf Of *Moermond, Timothy *Sent:* Thursday, August 30, 2012 8:49 AM *To:* rancid-discuss at shrubbery.net *Subject:* [rancid] Nexus 7000 series backup issues. I know this has been discussed before, but I still do not seem to be able to find the solution to backing up the Nexus 7000 that I have. nexus_1 clogin error: Error: TIMEOUT reached nexus_1: missed cmd(s): show module,show environment fex all fan,show license,dir usb1:,dir debug:,show debug,show version build-info all,show cores vdc-all,show vtp status,show environment fan,show module xbar,show environment power,show license host-id,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,term no monitor-force,show processes log vdc-all,show environment clock,dir logflash:,show license usage,show version,show running-config,show system redundancy status,show environment temperature,show boot nexus_1: End of run not found ! If I use clogin I notice that it is getting hung up at the password prompt. The prompt has not been changed from the standard Cisco uses. If I enter the password in .cloginrc, everything is fine. I haven?t been able to figure out why it stops at this point, it is using the same login paramters as my other devices and they are all working fine. Not sure where to go next. Tim E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim.moermond at capitol.net Thu Aug 30 19:52:47 2012 From: tim.moermond at capitol.net (Moermond, Timothy) Date: Thu, 30 Aug 2012 14:52:47 -0500 Subject: [rancid] Nexus 7000 series backup issues. In-Reply-To: <63550590f6b321f990dbacadc176293b@mail.gmail.com> References: <35D785F5BF16414D8316BEB65FFE2C3013242B86@khonsu.capitolindemnity.com> <63550590f6b321f990dbacadc176293b@mail.gmail.com> Message-ID: <35D785F5BF16414D8316BEB65FFE2C3013242C1F@khonsu.capitolindemnity.com> Quick clarification, I did not need to load the linux expect hack on our Redhat Enterprise 64 Bit 5.8 server, however we were not able to determine if Redhat had actually included it or not already in their implementation of expect 5.43. Okay I figured it out. On my Nexus 7000 version of NXOS 5.1(3) if you remove the banner motd completely the system defaults to the following " #User Access Verification#Using keyboard-interactive authentication." Which of course includes the "#" symbol preventing the rancid from logging in properly. As soon as I set a new banner motd then the problem goes away. So this all worked and the linux expect hack did not have to be used. From: Daniel Schmidt [mailto:daniel.schmidt at wyo.gov] Sent: Thursday, August 30, 2012 1:41 PM To: Moermond, Timothy; rancid-discuss at shrubbery.net Subject: RE: [rancid] Nexus 7000 series backup issues. Does it go away if you remove all your banner/motd? From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Moermond, Timothy Sent: Thursday, August 30, 2012 8:49 AM To: rancid-discuss at shrubbery.net Subject: [rancid] Nexus 7000 series backup issues. I know this has been discussed before, but I still do not seem to be able to find the solution to backing up the Nexus 7000 that I have. nexus_1 clogin error: Error: TIMEOUT reached nexus_1: missed cmd(s): show module,show environment fex all fan,show license,dir usb1:,dir debug:,show debug,show version build-info all,show cores vdc-all,show vtp status,show environment fan,show module xbar,show environment power,show license host-id,show inventory,dir usb2:,show vlan,dir volatile:,dir bootflash:,dir slot0:,term no monitor-force,show processes log vdc-all,show environment clock,dir logflash:,show license usage,show version,show running-config,show system redundancy status,show environment temperature,show boot nexus_1: End of run not found ! If I use clogin I notice that it is getting hung up at the password prompt. The prompt has not been changed from the standard Cisco uses. If I enter the password in .cloginrc, everything is fine. I haven't been able to figure out why it stops at this point, it is using the same login paramters as my other devices and they are all working fine. Not sure where to go next. Tim E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Aug 30 20:19:43 2012 From: heas at shrubbery.net (heasley) Date: Thu, 30 Aug 2012 20:19:43 +0000 Subject: [rancid] Nexus 7000 series backup issues. In-Reply-To: <35D785F5BF16414D8316BEB65FFE2C3013242C1F@khonsu.capitolindemnity.com> References: <35D785F5BF16414D8316BEB65FFE2C3013242B86@khonsu.capitolindemnity.com> <63550590f6b321f990dbacadc176293b@mail.gmail.com> <35D785F5BF16414D8316BEB65FFE2C3013242C1F@khonsu.capitolindemnity.com> Message-ID: <20120830201943.GA71628@shrubbery.net> Thu, Aug 30, 2012 at 02:52:47PM -0500, Moermond, Timothy: > Quick clarification, I did not need to load the linux expect hack on our > Redhat Enterprise 64 Bit 5.8 server, however we were not able to determine if > Redhat had actually included it or not already in their implementation of > expect 5.43. I do not know if the problem persists in recent Linux or Solaris and expect combinations. The symptom of the problem is that expect hangs, permanently or until the device's idle timer breaks the connection. it is highly network, device and host timing dependent. For those reasons, I'd stick with the patch, if you've already built it. > Okay I figured it out. On my Nexus 7000 version of NXOS 5.1(3) if you remove > the banner motd completely the system defaults to the following " #User > Access Verification#Using keyboard-interactive authentication." Which of > course includes the "#" symbol preventing the rancid from logging in > properly. As soon as I set a new banner motd then the problem goes away. Cisco, you are our nemesis. From heas at shrubbery.net Thu Aug 30 22:17:30 2012 From: heas at shrubbery.net (heasley) Date: Thu, 30 Aug 2012 22:17:30 +0000 Subject: [rancid] Nexus 7000 series backup issues. In-Reply-To: <20120830215942.58F449A69D@guelah.shrubbery.net> <20120830201943.GA71628@shrubbery.net> Message-ID: <20120830221730.GH71628@shrubbery.net> Thu, Aug 30, 2012 at 08:19:43PM +0000, heasley: > > Okay I figured it out. On my Nexus 7000 version of NXOS 5.1(3) if you remove > > the banner motd completely the system defaults to the following " #User > > Access Verification#Using keyboard-interactive authentication." Which of > > course includes the "#" symbol preventing the rancid from logging in > > properly. As soon as I set a new banner motd then the problem goes away. I tried to come up with a way around this, such as this: Index: bin/clogin.in =================================================================== --- bin/clogin.in (revision 2618) +++ bin/clogin.in (working copy) @@ -567,6 +567,12 @@ } exp_continue } + "#User Access Verification# { + # NXOS 5.1(3) on 7000, perhaps earlier and on + # other Nexus, has this default banner, which + # breaks autoenable. + exp_continue + } -re "$prompt" { set prompt_match $expect_out(0,string); break; but that is not reliable. If the timing were off, which is very likely, it would fail. I suppose it could be anchored at the beginning of the line, but we can't expect that Cisco will not randomly change its placement or format. If it were possible to know the full prompt with certainty before login, that could be avoided. A possibility is to alter the regex for the prompt to expect at least one printable character preceeding it. Something like "^[^ ]*[^ ] ?#", but I am always weary of how such changes will affect other platforms. Another possibility is that folks complain to cisco and either use a banner or do not use autoenable until it is fixed. Suggestions?