From stefan.jakob at de-cix.net Mon Jul 2 07:53:06 2012 From: stefan.jakob at de-cix.net (Stefan Jakob) Date: Mon, 02 Jul 2012 09:53:06 +0200 Subject: [rancid] arrancid (2.3.4) - ignore bytes free in ShowFlash In-Reply-To: <20120320235329.GL39349@shrubbery.net> References: <20120320235329.GL39349@shrubbery.net> Message-ID: <4FF15362.9090400@de-cix.net> Am 21.03.12 00:53, schrieb heasley: > Fri, Mar 16, 2012 at 11:24:53AM +0100, Stefan Jakob: >> Hi rancid list, >> >> Is it rancid style to ignore the output of bytes free in sub ShowFlash >> of arrancid? >> >> Versions: >> >> arrancid: rancid 2.3.4, Debian Squeeze >> EOS: Software image version: 4.8.3, Arista DCS-7124SX-F >> >> >> Looks like Arista stores some ntp drift info on a regular base to the flash: >> >> happens. Guess this is just noise? > > until it gets to zero? > >> - !Flash: 1779585024 bytes total (1318834176 bytes free) >> + !Flash: 1779585024 bytes total (1318830080 bytes free) >> >> @Arista: Why not in tmpfs? This might hurt the flash. If there is ntp >> configured, this shouldn't matter to lose the drift info, after a reboot. This byte drift only occures for the first couple of days and is caused by the automatic rotation of the tech support logs: /mnt/flash/schedule/tech-support [admin at localhost tech-support]$ ls -rtl total 240 -rwxrwx--- 1 root eosadmin 17998 Jul 2 05:03 tech-support_2012-07-02.0503.log.gz -rwxrwx--- 1 root eosadmin 17997 Jul 2 05:18 tech-support_2012-07-02.0518.log.gz -rwxrwx--- 1 root eosadmin 17998 Jul 2 05:33 tech-support_2012-07-02.0533.log.gz -rwxrwx--- 1 root eosadmin 17996 Jul 2 05:48 tech-support_2012-07-02.0548.log.gz -rwxrwx--- 1 root eosadmin 18024 Jul 2 06:03 tech-support_2012-07-02.0603.log.gz -rwxrwx--- 1 root eosadmin 18005 Jul 2 06:18 tech-support_2012-07-02.0618.log.gz -rwxrwx--- 1 root eosadmin 18034 Jul 2 06:33 tech-support_2012-07-02.0633.log.gz -rwxrwx--- 1 root eosadmin 18026 Jul 2 06:48 tech-support_2012-07-02.0648.log.gz -rwxrwx--- 1 root eosadmin 18040 Jul 2 07:03 tech-support_2012-07-02.0703.log.gz -rwxrwx--- 1 root eosadmin 18035 Jul 2 07:18 tech-support_2012-07-02.0718.log.gz -rwxrwx--- 1 root eosadmin 17999 Jul 2 07:33 tech-support_2012-07-02.0733.log.gz -rwxrwx--- 1 root eosadmin 17999 Jul 2 07:48 tech-support_2012-07-02.0748.log.gz > for XR, it summarized as follows. does this work for arista? > > Index: bin/arrancid.in > =================================================================== > --- bin/arrancid.in (revision 2431) > +++ bin/arrancid.in (working copy) > @@ -304,6 +304,21 @@ > # persist changes constantly if you're running ntp, so > # skip its updates. > /\spersist$/ && next; > + > + if (/.*\((\d+) bytes free\)/) { > + my($tmp) = $1; > + if ($tmp >= (1024 * 1024 * 1024)) { > + $tmp = int($tmp / (1024 * 1024 * 1024)); > + s/$1 bytes free/$tmp GB free/; > + } elsif ($tmp >= (1024 * 1024)) { > + $tmp = int($tmp / (1024 * 1024)); > + s/$1 bytes free/$tmp MB free/; > + } else { > + $tmp = int($tmp / 1024); > + s/$1 bytes free/$tmp KB free/; > + } > + } > + > ProcessHistory("FLASH","","","!Flash: $_"); > } > ProcessHistory("","","","!\n"); As discussed off list, this patch is working, with special thx to my colleague Petr. # cvs diff -r 1.118 -r 1.117 /var/lib/rancid/arista/configs/10.254.0.200 Index: /var/lib/rancid/arista/configs/10.254.0.200 =================================================================== RCS file: /var/lib/rancid/CVS/arista/configs/10.254.0.200,v retrieving revision 1.118 retrieving revision 1.117 diff -r1.118 -r1.117 37c37 < !Flash: 931745792 bytes total (268541952 bytes free) --- > !Flash: 931745792 bytes total (268562432 bytes free) And here's the one with the patch applied to arrancid: # cvs diff -r 1.122 -r 1.121 /var/lib/rancid/arista/configs/10.254.0.200 Index: /var/lib/rancid/arista/configs/10.254.0.200 =================================================================== RCS file: /var/lib/rancid/CVS/arista/configs/10.254.0.200,v retrieving revision 1.122 retrieving revision 1.121 diff -r1.122 -r1.121 37c37 < !Flash: 931745792 bytes total (257 MB free) --- > !Flash: 931745792 bytes total (258 MB free) Rgds, Stefan From ml at kenweb.org Tue Jul 3 18:16:38 2012 From: ml at kenweb.org (ML) Date: Tue, 03 Jul 2012 14:16:38 -0400 Subject: [rancid] Avoiding variable expansion with clogin Message-ID: <4FF33706.5050802@kenweb.org> I'm trying to script out the change of an enable secret password. Expect seems to get hungup on the '$' in the md5 hash. I haven't figured out the the right way to escape or tell expect that I'm not passing a variable. Has anyone found a solution to this yet? Thanks From m_vbhat at yahoo.com Tue Jul 10 13:12:48 2012 From: m_vbhat at yahoo.com (M Venkatesha Bhat) Date: Tue, 10 Jul 2012 21:12:48 +0800 (SGT) Subject: [rancid] Rancid issue Message-ID: <1341925968.43905.YahooMailNeo@web193202.mail.sg3.yahoo.com> ???hi All, ? I have installed the RANCID 2.3.8 on RHEL5.6 ?64bit version OS and i get below errors after running rancid-run. I did Clogin and all works fine. Any one seen this issue and any fix?? I have loaded all the packages from Shrubbery from FTP site. ? Connection to router? closed. bad spawn_id (process died earlier?) ??? while executing "expect -nobrace -re {^[^ ?*]*router ([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { ????????????????????????????????????????????????? # the Cisco CE and Jnx ERX ????????????????????????????????????????????????? # return to non-enabled mode ..." ??? invoked from within "expect { ??????? -re "^\[^\n\r *]*$reprompt"???????????? { ????????????????????????????????????????????????? # the Cisco CE and Jnx ERX ????????????????????????????????????????????????? # return to non-enabled mode ????????????????????????????????????????????????? # on exit in enabled mode. ??????????????? ..." ??? (procedure "run_commands" line 65) ??? invoked from within "run_commands $prompt $command" ??? ("foreach" body line 186) ??? invoked from within "foreach router [lrange $argv $i end] { ??? set router [string tolower $router] ??? # attempt at platform switching. ??? set platform "" ??? send_user ..." ??? (file "/usr/local/rancid/bin/clogin" line 740) ? Thanks you in advance. ? Regards, Venky -------------- next part -------------- An HTML attachment was scrubbed... URL: From johan at securit.se Fri Jul 13 08:59:45 2012 From: johan at securit.se (Johan Ryberg) Date: Fri, 13 Jul 2012 10:59:45 +0200 Subject: [rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication Message-ID: Hi. I where having big problems when I enabled tacacs authentication for HP 2810-24G switches and I found two issues that made rancid (hpuifilder) to consume 100% cpu and it hang there forever. First problem, the enable prompt The switch are using "Login:" and I think this could be changed in the default userprompt from "(Username|login|user name):" to "(Username|[Ll]ogin|user name):" --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 +++ hlogin Fri Jul 13 10:58:19 2012 @@ -697,7 +697,7 @@ # Figure out prompts set u_prompt [find userprompt $router] if { "$u_prompt" == "" } { - set u_prompt "(Username|login|user name):" + set u_prompt "(Username|[Ll]ogin|user name):" } else { set u_prompt [join [lindex $u_prompt 0] ""] } Second problem, hlogin was to fast to enter the enable command after login. The only letters that where written to the console was "nable". I could reproduce this every time. The fix was to add a sleep in hlogin after the "welcome prompt" --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012 +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 @@ -394,6 +394,7 @@ expect { "Press any key to continue" { send " " + sleep 1 exp_continue } "Enter switch number to connect to or :" { For the record. I'm using rancid 2.3.8 on OpenBSD 5.1 Best regards Johan Ryberg From brconflict at gmail.com Wed Jul 18 15:23:15 2012 From: brconflict at gmail.com (brain conflict) Date: Wed, 18 Jul 2012 10:23:15 -0500 Subject: [rancid] Dell 3548P Switches with Rancid Message-ID: Got a strange issue, that I'm sure others have come across: With a Dell 3548P switch, code rev: 2.0.0.29, "stacked", Rancid (v. 2.3.2) is having an issue backing them up. The error is that the switches have not been successfully contacted in x hours. What I found in debugging and test (Switch IP is 10.2.2.1, btw): dlogin -t 90 -c"show version" 10.2.2.1 attempts to connect to the switch, logs in successfully, but doesn't do anything beyond that. I looked at a tcpdump from the server RANCID runs on and found that, (using telnet for non-encrypted viewing), the switch responds to the successful login with its prompt, "switch#". The server does nothing beyond that, and soon Errors on a "TIMEOUT reached". I'm concerned that the script doesn't actually "see" the correct prompt, or that there's something of a hack that needs to be implemented beyond the latest Dell modules from ftp.shrubbery.net/pub/rancid/contrib. Any ideas? I'm about to test this with a single 3548P, not stacked, then on an older version of code. The 6248 switches operate fine here, even stacked. -brconflict From me_gogorza at hotmail.com Wed Jul 18 23:52:14 2012 From: me_gogorza at hotmail.com (Marito ...) Date: Wed, 18 Jul 2012 20:52:14 -0300 Subject: [rancid] Dell 3548P Switches with Rancid In-Reply-To: References: Message-ID: Hi, Have you tried setting autoenable to 1 in .cloginrc ?I would try it first, and if it doesn't work, I would run in debug mode to see what happens. Best regards.Mario > Date: Wed, 18 Jul 2012 10:23:15 -0500 > From: brconflict at gmail.com > To: rancid-discuss at shrubbery.net > Subject: [rancid] Dell 3548P Switches with Rancid > > Got a strange issue, that I'm sure others have come across: > > With a Dell 3548P switch, code rev: 2.0.0.29, "stacked", Rancid (v. > 2.3.2) is having an issue backing them up. The error is that the > switches have not been successfully contacted in x hours. > > What I found in debugging and test (Switch IP is 10.2.2.1, btw): > dlogin -t 90 -c"show version" 10.2.2.1 attempts to connect to the > switch, logs in successfully, but doesn't do anything beyond that. I > looked at a tcpdump from the server RANCID runs on and found that, > (using telnet for non-encrypted viewing), the switch responds to the > successful login with its prompt, "switch#". The server does nothing > beyond that, and soon Errors on a "TIMEOUT reached". I'm concerned > that the script doesn't actually "see" the correct prompt, or that > there's something of a hack that needs to be implemented beyond the > latest Dell modules from ftp.shrubbery.net/pub/rancid/contrib. > > Any ideas? I'm about to test this with a single 3548P, not stacked, > then on an older version of code. The 6248 switches operate fine here, > even stacked. > > -brconflict > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at puzza.org Thu Jul 19 03:23:21 2012 From: lists at puzza.org (James Paussa) Date: Thu, 19 Jul 2012 13:23:21 +1000 Subject: [rancid] Brocade 6910 Backups Message-ID: <50077DA9.2020107@puzza.org> Hi, I am trying to get rancid working with Brocade 6910 switches. Login works correctly however the device doesn't support skip-page-display so I to send the a character to the device to disable the paging which I thought I could do by adding the following to flogin around line 525 in "proc run_commands": -- "--- \[Space] Next page, \[Enter] Next line, \[A] All, Others to exit ---" { send "a" exp_continue } Running 'flogin -d -t 90 -c"show running-config" 10.4.1.100', at the moment it gets stuck at: expect: does "--- [Space] Next page, [Enter] Next line, [A] All, Others to exit ---" (spawn_id exp4) match regular expression "^[^\n\r]*VLL-100#."? no "^[^\n\r *]*VLL-100#"? no "[\n\r]"? no "--- [Space] Next page, [Enter] Next line, [A] All, Others to exit ---"? no "---More---"? no expect: timed out I did a search and the two string are the same, I am guessing I am missing a character I can't see, just not sure what it might be. Kind Regards, James Paussa. From hugo.deprez at gmail.com Tue Jul 24 10:27:10 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Tue, 24 Jul 2012 12:27:10 +0200 Subject: [rancid] Restore fortinet backups Message-ID: Hello, I am using to backup some fortinet firewall (300A). Everything seems going good. Now I would like to restore a backup from rancid. I used the shortcut on the web interface in order to restore the config file with the content of the rancid backups. The unit is still saying "error of configuration file". Does anyone already restore a backup for a fortigate unit ? Regards, Hugo From tyler at tolaris.com Tue Jul 24 10:47:52 2012 From: tyler at tolaris.com (Tyler J. Wagner) Date: Tue, 24 Jul 2012 11:47:52 +0100 Subject: [rancid] Restore fortinet backups In-Reply-To: References: Message-ID: <500E7D58.20504@tolaris.com> Try using the USB restore method. http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key Regards, Tyler On 2012-07-24 11:27, Hugo Deprez wrote: > Hello, > > I am using to backup some fortinet firewall (300A). Everything seems going good. > Now I would like to restore a backup from rancid. > > I used the shortcut on the web interface in order to restore the > config file with the content of the rancid backups. > The unit is still saying "error of configuration file". > > Does anyone already restore a backup for a fortigate unit ? > > Regards, > > Hugo > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -- Before emailing me, please watch "Stop Forwarding That Crap To Me": http://www.youtube.com/watch?v=KCSA7kKNu2Y From hugo.deprez at gmail.com Tue Jul 24 13:35:34 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Tue, 24 Jul 2012 15:35:34 +0200 Subject: [rancid] Restore fortinet backups In-Reply-To: <500E7D58.20504@tolaris.com> References: <500E7D58.20504@tolaris.com> Message-ID: Hello, I found something : the original conf file from rancid is not working, but when I added the following header in the config File it does work : #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER #conf_file_ver=8207861108533980666 #buildno=0513 #global_vdom=1 This header is coming from an export of the config from the fortigate web interface. Any idea ? Regards, On 24 July 2012 12:47, Tyler J. Wagner wrote: > Try using the USB restore method. > > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key > > Regards, > Tyler > > On 2012-07-24 11:27, Hugo Deprez wrote: >> Hello, >> >> I am using to backup some fortinet firewall (300A). Everything seems going good. >> Now I would like to restore a backup from rancid. >> >> I used the shortcut on the web interface in order to restore the >> config file with the content of the rancid backups. >> The unit is still saying "error of configuration file". >> >> Does anyone already restore a backup for a fortigate unit ? >> >> Regards, >> >> Hugo >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -- > Before emailing me, please watch "Stop Forwarding That Crap To Me": > http://www.youtube.com/watch?v=KCSA7kKNu2Y From Michael.Boll at SSRC.myflorida.com Tue Jul 24 13:48:28 2012 From: Michael.Boll at SSRC.myflorida.com (Boll, Michael) Date: Tue, 24 Jul 2012 09:48:28 -0400 Subject: [rancid] Restore fortinet backups In-Reply-To: References: <500E7D58.20504@tolaris.com> Message-ID: <24AD03A7D54AF640B2474D0D6FC44BDEDA48D1@dit00sesmail01.services.ds.state.fl.us> I noticed this on the newer versions of the firmware too. The show full-config command no longer displays the header info you need. It appears Fortinet made this change with release 4 of the firmware. If anyone knows a fix for this, please let me know. Thanks, Mike -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Hugo Deprez Sent: Tuesday, July 24, 2012 9:36 AM To: Tyler J. Wagner Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Restore fortinet backups Hello, I found something : the original conf file from rancid is not working, but when I added the following header in the config File it does work : #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER #conf_file_ver=8207861108533980666 #buildno=0513 #global_vdom=1 This header is coming from an export of the config from the fortigate web interface. Any idea ? Regards, On 24 July 2012 12:47, Tyler J. Wagner wrote: > Try using the USB restore method. > > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-ke > y > > Regards, > Tyler > > On 2012-07-24 11:27, Hugo Deprez wrote: >> Hello, >> >> I am using to backup some fortinet firewall (300A). Everything seems going good. >> Now I would like to restore a backup from rancid. >> >> I used the shortcut on the web interface in order to restore the >> config file with the content of the rancid backups. >> The unit is still saying "error of configuration file". >> >> Does anyone already restore a backup for a fortigate unit ? >> >> Regards, >> >> Hugo >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> > > -- > Before emailing me, please watch "Stop Forwarding That Crap To Me": > http://www.youtube.com/watch?v=KCSA7kKNu2Y _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From johan at securit.se Tue Jul 24 13:56:14 2012 From: johan at securit.se (Johan Ryberg) Date: Tue, 24 Jul 2012 15:56:14 +0200 Subject: [rancid] Restore fortinet backups In-Reply-To: References: <500E7D58.20504@tolaris.com> Message-ID: Do you have that header at all from the backup from rancid? -- Johan On Jul 24, 2012 3:35 PM, "Hugo Deprez" wrote: > Hello, > > I found something : > > the original conf file from rancid is not working, but when I added > the following header in the config File it does work : > > #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER > #conf_file_ver=8207861108533980666 > #buildno=0513 > #global_vdom=1 > > This header is coming from an export of the config from the fortigate > web interface. > > Any idea ? > > Regards, > > On 24 July 2012 12:47, Tyler J. Wagner wrote: > > Try using the USB restore method. > > > > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key > > > > Regards, > > Tyler > > > > On 2012-07-24 11:27, Hugo Deprez wrote: > >> Hello, > >> > >> I am using to backup some fortinet firewall (300A). Everything seems > going good. > >> Now I would like to restore a backup from rancid. > >> > >> I used the shortcut on the web interface in order to restore the > >> config file with the content of the rancid backups. > >> The unit is still saying "error of configuration file". > >> > >> Does anyone already restore a backup for a fortigate unit ? > >> > >> Regards, > >> > >> Hugo > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> > > > > -- > > Before emailing me, please watch "Stop Forwarding That Crap To Me": > > http://www.youtube.com/watch?v=KCSA7kKNu2Y > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugo.deprez at gmail.com Tue Jul 24 15:40:21 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Tue, 24 Jul 2012 17:40:21 +0200 Subject: [rancid] Restore fortinet backups In-Reply-To: References: <500E7D58.20504@tolaris.com> Message-ID: Yes I am running fortigate os 4 On Rancid the header is like : !RANCID-CONTENT-TYPE: fortigate !Version: Fortigate-300A v4.0,build0513,120130 (MR3 Patch 5) !Serial-Number: FG300A********* !BIOS version: 03006001 !Log hard disk: Available !Hostname: hostname !Operation Mode: NAT !Current virtual domain: root !Max number of virtual domains: 10 !Virtual domains status: 1 in NAT mode, 0 in TP mode !Virtual domain configuration: disable !FIPS-CC mode: disable !Current HA mode: standalone !Distribution: International !Branch point: 513 !Release Version Information: MR3 Patch 5 !System time: Mon Jul 23 07:00:25 2012 By the way System time in the header is causing a new revision each time the fortigate is backup by rancid. On 24 July 2012 15:56, Johan Ryberg wrote: > Do you have that header at all from the backup from rancid? > > -- Johan > > On Jul 24, 2012 3:35 PM, "Hugo Deprez" wrote: >> >> Hello, >> >> I found something : >> >> the original conf file from rancid is not working, but when I added >> the following header in the config File it does work : >> >> #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER >> #conf_file_ver=8207861108533980666 >> #buildno=0513 >> #global_vdom=1 >> >> This header is coming from an export of the config from the fortigate >> web interface. >> >> Any idea ? >> >> Regards, >> >> On 24 July 2012 12:47, Tyler J. Wagner wrote: >> > Try using the USB restore method. >> > >> > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key >> > >> > Regards, >> > Tyler >> > >> > On 2012-07-24 11:27, Hugo Deprez wrote: >> >> Hello, >> >> >> >> I am using to backup some fortinet firewall (300A). Everything seems >> >> going good. >> >> Now I would like to restore a backup from rancid. >> >> >> >> I used the shortcut on the web interface in order to restore the >> >> config file with the content of the rancid backups. >> >> The unit is still saying "error of configuration file". >> >> >> >> Does anyone already restore a backup for a fortigate unit ? >> >> >> >> Regards, >> >> >> >> Hugo >> >> _______________________________________________ >> >> Rancid-discuss mailing list >> >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> > >> > -- >> > Before emailing me, please watch "Stop Forwarding That Crap To Me": >> > http://www.youtube.com/watch?v=KCSA7kKNu2Y >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Tue Jul 24 16:10:20 2012 From: heas at shrubbery.net (heasley) Date: Tue, 24 Jul 2012 16:10:20 +0000 Subject: [rancid] Restore fortinet backups In-Reply-To: References: <500E7D58.20504@tolaris.com> Message-ID: <20120724161020.GD14496@shrubbery.net> Tue, Jul 24, 2012 at 05:40:21PM +0200, Hugo Deprez: > Yes I am running fortigate os 4 > > On Rancid the header is like : > !RANCID-CONTENT-TYPE: fortigate > > !Version: Fortigate-300A v4.0,build0513,120130 (MR3 Patch 5) > !Serial-Number: FG300A********* > !BIOS version: 03006001 > !Log hard disk: Available > !Hostname: hostname > !Operation Mode: NAT > !Current virtual domain: root > !Max number of virtual domains: 10 > !Virtual domains status: 1 in NAT mode, 0 in TP mode > !Virtual domain configuration: disable > !FIPS-CC mode: disable > !Current HA mode: standalone > !Distribution: International > !Branch point: 513 > !Release Version Information: MR3 Patch 5 > !System time: Mon Jul 23 07:00:25 2012 > > By the way System time in the header is causing a new revision each > time the fortigate is backup by rancid. rancid 2.3.7 should have the filter for that. > > On 24 July 2012 15:56, Johan Ryberg wrote: > > Do you have that header at all from the backup from rancid? > > > > -- Johan > > > > On Jul 24, 2012 3:35 PM, "Hugo Deprez" wrote: > >> > >> Hello, > >> > >> I found something : > >> > >> the original conf file from rancid is not working, but when I added > >> the following header in the config File it does work : > >> > >> #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER > >> #conf_file_ver=8207861108533980666 > >> #buildno=0513 > >> #global_vdom=1 > >> > >> This header is coming from an export of the config from the fortigate > >> web interface. > >> > >> Any idea ? > >> > >> Regards, > >> > >> On 24 July 2012 12:47, Tyler J. Wagner wrote: > >> > Try using the USB restore method. > >> > > >> > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key > >> > > >> > Regards, > >> > Tyler > >> > > >> > On 2012-07-24 11:27, Hugo Deprez wrote: > >> >> Hello, > >> >> > >> >> I am using to backup some fortinet firewall (300A). Everything seems > >> >> going good. > >> >> Now I would like to restore a backup from rancid. > >> >> > >> >> I used the shortcut on the web interface in order to restore the > >> >> config file with the content of the rancid backups. > >> >> The unit is still saying "error of configuration file". > >> >> > >> >> Does anyone already restore a backup for a fortigate unit ? > >> >> > >> >> Regards, > >> >> > >> >> Hugo > >> >> _______________________________________________ > >> >> Rancid-discuss mailing list > >> >> Rancid-discuss at shrubbery.net > >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > >> >> > >> > > >> > -- > >> > Before emailing me, please watch "Stop Forwarding That Crap To Me": > >> > http://www.youtube.com/watch?v=KCSA7kKNu2Y > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From hugo.deprez at gmail.com Tue Jul 24 16:19:57 2012 From: hugo.deprez at gmail.com (Hugo Deprez) Date: Tue, 24 Jul 2012 18:19:57 +0200 Subject: [rancid] Restore fortinet backups In-Reply-To: <20120724161020.GD14496@shrubbery.net> References: <500E7D58.20504@tolaris.com> <20120724161020.GD14496@shrubbery.net> Message-ID: Right, I am currently using 2.3.6 I'll upgrade to the lastest and let you know. Regards, On 24 July 2012 18:10, heasley wrote: > Tue, Jul 24, 2012 at 05:40:21PM +0200, Hugo Deprez: >> Yes I am running fortigate os 4 >> >> On Rancid the header is like : >> !RANCID-CONTENT-TYPE: fortigate >> >> !Version: Fortigate-300A v4.0,build0513,120130 (MR3 Patch 5) >> !Serial-Number: FG300A********* >> !BIOS version: 03006001 >> !Log hard disk: Available >> !Hostname: hostname >> !Operation Mode: NAT >> !Current virtual domain: root >> !Max number of virtual domains: 10 >> !Virtual domains status: 1 in NAT mode, 0 in TP mode >> !Virtual domain configuration: disable >> !FIPS-CC mode: disable >> !Current HA mode: standalone >> !Distribution: International >> !Branch point: 513 >> !Release Version Information: MR3 Patch 5 >> !System time: Mon Jul 23 07:00:25 2012 >> >> By the way System time in the header is causing a new revision each >> time the fortigate is backup by rancid. > > rancid 2.3.7 should have the filter for that. > >> >> On 24 July 2012 15:56, Johan Ryberg wrote: >> > Do you have that header at all from the backup from rancid? >> > >> > -- Johan >> > >> > On Jul 24, 2012 3:35 PM, "Hugo Deprez" wrote: >> >> >> >> Hello, >> >> >> >> I found something : >> >> >> >> the original conf file from rancid is not working, but when I added >> >> the following header in the config File it does work : >> >> >> >> #config-version=FG300A-4.00-FW-build513-120130:opmode=0:vdom=0:user=USER >> >> #conf_file_ver=8207861108533980666 >> >> #buildno=0513 >> >> #global_vdom=1 >> >> >> >> This header is coming from an export of the config from the fortigate >> >> web interface. >> >> >> >> Any idea ? >> >> >> >> Regards, >> >> >> >> On 24 July 2012 12:47, Tyler J. Wagner wrote: >> >> > Try using the USB restore method. >> >> > >> >> > http://www.scribd.com/doc/57493012/61/Backup-and-Restore-from-a-USB-key >> >> > >> >> > Regards, >> >> > Tyler >> >> > >> >> > On 2012-07-24 11:27, Hugo Deprez wrote: >> >> >> Hello, >> >> >> >> >> >> I am using to backup some fortinet firewall (300A). Everything seems >> >> >> going good. >> >> >> Now I would like to restore a backup from rancid. >> >> >> >> >> >> I used the shortcut on the web interface in order to restore the >> >> >> config file with the content of the rancid backups. >> >> >> The unit is still saying "error of configuration file". >> >> >> >> >> >> Does anyone already restore a backup for a fortigate unit ? >> >> >> >> >> >> Regards, >> >> >> >> >> >> Hugo >> >> >> _______________________________________________ >> >> >> Rancid-discuss mailing list >> >> >> Rancid-discuss at shrubbery.net >> >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> >> >> >> >> > >> >> > -- >> >> > Before emailing me, please watch "Stop Forwarding That Crap To Me": >> >> > http://www.youtube.com/watch?v=KCSA7kKNu2Y >> >> _______________________________________________ >> >> Rancid-discuss mailing list >> >> Rancid-discuss at shrubbery.net >> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From Richard.Laxton at applicable.com Tue Jul 24 16:59:42 2012 From: Richard.Laxton at applicable.com (Richard Laxton) Date: Tue, 24 Jul 2012 16:59:42 +0000 Subject: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode Message-ID: Hi everyone, Forgive me if I'm breaching etiquette here, I've never posted to a mailling list before. I'm eager to get a resolution to the issue of how to grab the "system" context configuration when using ASA in multiple context mode. I've accommodated the individual contexts by simply adding them to router.db as additional 'cisco' devices and ensuring that they are reachable on an interface from RANCID. I'm (personally) happy with that solution. The issue I've got is then how to get into the system context reliably. I've copied rancid to asarancid and added it to rancid-fe as "asa" - I've then added my firewall as firewall:asa:up in router.db. Inside asarancid I've trimmed the commandtable down a bit for now, to get started: @commandtable = ( {'changeto system' => 'DoNothing'}, {'show version' => 'ShowVersion'}, {'show boot' => 'ShowBoot'}, {'show flash' => 'ShowFlash'}, {'show running-config' => 'WriteTerm'}, ); In order to bypass the "prompt has changed" issue, I've simply commented out those lines, however it then rejects the 'changeto system' command as follows: firewall: found unexpected command - "changeto system" I'm unable to resolve how I define this as an expected command. Can you please assist me in my endeavours? I'll post the script at the end for anyone who may find it useful, or alternatively if anyone has resolved this could you kindly provide me a copy of your own scripts? I've tried a web search and searching on the web interface but despite some comments about people looking at this before I can't see any (obvious) place where a user script has been published. Thanks, Rich. This electronic message contains information from Applicable, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please notify the sender. Activity and use of the Applicable Ltd e-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. Applicable Ltd. Registered office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE.? Registered in England no: 03426111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt.arguin at currensee.com Tue Jul 24 16:06:09 2012 From: matt.arguin at currensee.com (Matthew Arguin) Date: Tue, 24 Jul 2012 12:06:09 -0400 Subject: [rancid] F10 - S50 and rancid 2.3.6 Message-ID: <500EC7F1.3030708@currensee.com> Hello all, i have been trying to get my Force10 switch in to my rancid repository, i configured it as a Forec10 (docuementation says Force 10 router, but i was hoping that the switch would work as well). but nothing seems to be working. I confirmed that rancid is working by making a minor change to one of my C3650's and verifying the change in the repo after forcing a run. nothing is showing for my F10. I tested the login bin/clogin and that was successful. executing the run against just the one host with -x and checking the logs does not yeild much either: $ cat networking.20120724.112705 ++ date + echo starting: Tue Jul 24 11:27:05 EDT 2012 starting: Tue Jul 24 11:27:05 EDT 2012 + echo + '[' -f /tmp/.networking.run.lock ']' + trap 'rm -fr $LOCKFILE;exit 1' 1 2 3 6 10 15 + touch /tmp/.networking.run.lock + '[' 0 -eq 0 ']' + control_rancid -r 192.168.20.243 networking + rm -f /tmp/.networking.run.lock + trap '' 1 2 3 6 10 15 + echo ++ date + echo ending: Tue Jul 24 11:27:05 EDT 2012 ending: Tue Jul 24 11:27:05 EDT 2012 should rancid work with force10 as the type for a switch or do i have to do it as an unsupported type? i am running rancid 2.3.6 -- Matthew Arguin Currensee, Inc. 54 Canal St, 4th Floor Boston, MA 02114 (617) 986-4758 (Office) _________________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. ? 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 From b225ccc at gmail.com Tue Jul 24 18:37:39 2012 From: b225ccc at gmail.com (Brian Talley) Date: Tue, 24 Jul 2012 12:37:39 -0600 Subject: [rancid] F10 - S50 and rancid 2.3.6 In-Reply-To: <500EC7F1.3030708@currensee.com> References: <500EC7F1.3030708@currensee.com> Message-ID: What model of switch and, more importantly, is it FTOS or SFTOS? FTOS will work w/ RANCID out of the box using f10rancid, but SFTOS will not. (IME, anyway.) On Tue, Jul 24, 2012 at 10:06 AM, Matthew Arguin wrote: > Hello all, > i have been trying to get my Force10 switch in to my rancid repository, > i configured it as a Forec10 (docuementation says Force 10 router, but i > was hoping that the switch would work as well). but nothing seems to be > working. I confirmed that rancid is working by making a minor change to > one of my C3650's and verifying the change in the repo after forcing a run. > nothing is showing for my F10. I tested the login bin/clogin and > that was successful. executing the run against just the one host with -x > and checking the logs does not yeild much either: > > $ cat networking.20120724.112705 > ++ date > + echo starting: Tue Jul 24 11:27:05 EDT 2012 > starting: Tue Jul 24 11:27:05 EDT 2012 > + echo > > + '[' -f /tmp/.networking.run.lock ']' > + trap 'rm -fr $LOCKFILE;exit 1' 1 2 3 6 10 15 > + touch /tmp/.networking.run.lock > + '[' 0 -eq 0 ']' > + control_rancid -r 192.168.20.243 networking > > + rm -f /tmp/.networking.run.lock > + trap '' 1 2 3 6 10 15 > + echo > > ++ date > + echo ending: Tue Jul 24 11:27:05 EDT 2012 > ending: Tue Jul 24 11:27:05 EDT 2012 > > > should rancid work with force10 as the type for a switch or do i have to > do it as an unsupported type? i am running rancid 2.3.6 > > -- > Matthew Arguin > Currensee, Inc. > 54 Canal St, 4th Floor > Boston, MA 02114 > (617) 986-4758 (Office) > ______________________________**______________________________** > _____________ > This email and any files transmitted with it are confidential and intended > solely for the addressee. If you received this email in error, please do > not disclose the contents to anyone; kindly notify the sender by return > email and delete this email and any attachments from your system. > > ? 2011 Currensee Inc. is a member of the National Futures Association > (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) > trading may involve significant risk of loss. It is not suitable for all > investors and you should make sure you understand the risks involved before > trading and seek independent advice if necessary. Performance, strategies > and charts shown are not necessarily predictive of any particular result > and past performance is no indication of future results. Investor returns > may vary from Trade Leader returns based on slippage, fees, broker spreads, > volatility or other market conditions. > > Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 > > ______________________________**_________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/**mailman/listinfo.cgi/rancid-**discuss > -- Brian Talley -------------- next part -------------- An HTML attachment was scrubbed... URL: From brconflict at gmail.com Tue Jul 24 19:27:14 2012 From: brconflict at gmail.com (brain conflict) Date: Tue, 24 Jul 2012 14:27:14 -0500 Subject: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode In-Reply-To: References: Message-ID: Richard, My advice for the multi-context ASA question is to start with backing up each context, along with the Admin context individually. Even Cisco doesn't really offer a "Back up entire device", which is likely why you have to "changeto" each context. Unless Cisco offers a unique command like "more system:running-config" for the whole device, you're pretty limited there. But to be honest, to restore the entire device config, the only way I know is to back up the FLASH to a CF card local to the unit (disk1:). There's not a single config file that you can deploy (that I know of) to "paste" or copy into flash that will correctly re-create all of the contexts AND configure each one as needed. Hope this helps! On Tue, Jul 24, 2012 at 11:59 AM, Richard Laxton wrote: > Hi everyone, > > Forgive me if I'm breaching etiquette here, I've never posted to a mailling > list before. I'm eager to get a resolution to the issue of how to grab the > "system" context configuration when using ASA in multiple context mode. > > I've accommodated the individual contexts by simply adding them to router.db > as additional 'cisco' devices and ensuring that they are reachable on an > interface from RANCID. I'm (personally) happy with that solution. > > The issue I've got is then how to get into the system context reliably. > > I've copied rancid to asarancid and added it to rancid-fe as "asa" - I've > then added my firewall as firewall:asa:up in router.db. > > Inside asarancid I've trimmed the commandtable down a bit for now, to get > started: > > @commandtable = ( > {'changeto system' => 'DoNothing'}, > {'show version' => 'ShowVersion'}, > {'show boot' => 'ShowBoot'}, > {'show flash' => 'ShowFlash'}, > {'show running-config' => 'WriteTerm'}, > ); > > In order to bypass the "prompt has changed" issue, I've simply commented out > those lines, however it then rejects the 'changeto system' command as > follows: > > firewall: found unexpected command - "changeto system" > > I'm unable to resolve how I define this as an expected command. > > Can you please assist me in my endeavours? I'll post the script at the end > for anyone who may find it useful, or alternatively if anyone has resolved > this could you kindly provide me a copy of your own scripts? I've tried a > web search and searching on the web interface but despite some comments > about people looking at this before I can't see any (obvious) place where a > user script has been published. > > Thanks, > > Rich. > > ________________________________ > This electronic message contains information from Applicable, which may be > privileged or confidential. The information is intended for use only by the > individual(s) or entity named above. If you are not the intended recipient, > be aware that any disclosure, copying, distribution or use of the contents > of this information is strictly prohibited. If you have received this > electronic message in error, please notify the sender. Activity and use of > the Applicable Ltd e-mail system is monitored to secure its effective > operation and for other lawful business purposes. Communications using this > system will also be monitored and may be recorded to secure effective > operation and for other lawful business purposes. Applicable Ltd. Registered > office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE. > Registered in England no: 03426111 > ________________________________ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From rwest at zyedge.com Tue Jul 24 19:46:39 2012 From: rwest at zyedge.com (Ryan West) Date: Tue, 24 Jul 2012 19:46:39 +0000 Subject: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode In-Reply-To: References: Message-ID: <5DC4853C6CC3EE4788779E0726E034DD015E9A5B@zy-ex1.zyedge.local> Have a look at usercmd, you can issue the changeto command then pull the system context. -----Original Message----- From: rancid-discuss-bounces at shrubbery.net [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of brain conflict Sent: Tuesday, July 24, 2012 3:27 PM To: Richard Laxton Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode Richard, My advice for the multi-context ASA question is to start with backing up each context, along with the Admin context individually. Even Cisco doesn't really offer a "Back up entire device", which is likely why you have to "changeto" each context. Unless Cisco offers a unique command like "more system:running-config" for the whole device, you're pretty limited there. But to be honest, to restore the entire device config, the only way I know is to back up the FLASH to a CF card local to the unit (disk1:). There's not a single config file that you can deploy (that I know of) to "paste" or copy into flash that will correctly re-create all of the contexts AND configure each one as needed. Hope this helps! On Tue, Jul 24, 2012 at 11:59 AM, Richard Laxton wrote: > Hi everyone, > > Forgive me if I'm breaching etiquette here, I've never posted to a > mailling list before. I'm eager to get a resolution to the issue of > how to grab the "system" context configuration when using ASA in multiple context mode. > > I've accommodated the individual contexts by simply adding them to > router.db as additional 'cisco' devices and ensuring that they are > reachable on an interface from RANCID. I'm (personally) happy with that solution. > > The issue I've got is then how to get into the system context reliably. > > I've copied rancid to asarancid and added it to rancid-fe as "asa" - > I've then added my firewall as firewall:asa:up in router.db. > > Inside asarancid I've trimmed the commandtable down a bit for now, to > get > started: > > @commandtable = ( > {'changeto system' => 'DoNothing'}, > {'show version' => 'ShowVersion'}, > {'show boot' => 'ShowBoot'}, > {'show flash' => 'ShowFlash'}, > {'show running-config' => 'WriteTerm'}, ); > > In order to bypass the "prompt has changed" issue, I've simply > commented out those lines, however it then rejects the 'changeto > system' command as > follows: > > firewall: found unexpected command - "changeto system" > > I'm unable to resolve how I define this as an expected command. > > Can you please assist me in my endeavours? I'll post the script at the > end for anyone who may find it useful, or alternatively if anyone has > resolved this could you kindly provide me a copy of your own scripts? > I've tried a web search and searching on the web interface but despite > some comments about people looking at this before I can't see any > (obvious) place where a user script has been published. > > Thanks, > > Rich. > > ________________________________ > This electronic message contains information from Applicable, which > may be privileged or confidential. The information is intended for use > only by the > individual(s) or entity named above. If you are not the intended > recipient, be aware that any disclosure, copying, distribution or use > of the contents of this information is strictly prohibited. If you > have received this electronic message in error, please notify the > sender. Activity and use of the Applicable Ltd e-mail system is > monitored to secure its effective operation and for other lawful > business purposes. Communications using this system will also be > monitored and may be recorded to secure effective operation and for > other lawful business purposes. Applicable Ltd. Registered > office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE. > Registered in England no: 03426111 > ________________________________ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From matt.arguin at currensee.com Wed Jul 25 16:25:28 2012 From: matt.arguin at currensee.com (Matthew Arguin) Date: Wed, 25 Jul 2012 12:25:28 -0400 Subject: [rancid] F10 - S50 and rancid 2.3.6 In-Reply-To: References: <500EC7F1.3030708@currensee.com> Message-ID: <50101DF8.5000404@currensee.com> ok....i am running the latest FTOS...and running f10rancid in debug seems to look pretty good... [rancid at s6xen1 ~]$ bin/f10rancid -d 192.168.C.D executing clogin -t 90 -c"show version;show bootvar;dir flash:;dir slot0:;show chassis;show system;show inventory;show vlan;show running" 192.168.C.D PROMPT MATCH: csw3-1# HIT COMMAND:csw3-1#show version In ShowVersion: csw3-1#show version HIT COMMAND:csw3-1#show bootvar In ShowBoot: csw3-1#show bootvar HIT COMMAND:csw3-1#dir flash: In DirSlotN: csw3-1#dir flash: HIT COMMAND:csw3-1#dir slot0: In DirSlotN: csw3-1#dir slot0: HIT COMMAND:csw3-1#show chassis In ShowChassis: csw3-1#show chassis HIT COMMAND:csw3-1#show system In ShowChassis: csw3-1#show system HIT COMMAND:csw3-1#show inventory In ShowInventory: csw3-1#show inventory HIT COMMAND:csw3-1#show vlan In ShowVLAN: csw3-1#show vlan HIT COMMAND:csw3-1#show running In WriteTerm: csw3-1#show running and it writes a nice new file with the results 192.168.C.D.new in the dir i ran it from, but does not seem to put it in to the repository... i have not used Rancid for anything other than just cisco devices before and have not need to run anything other than the rancid-run, so forgive my ignorance on this one. also, using f10rancid, do i still put the entry in the router.db file that my other network stuff is in? Do i schedule a cronjob to run the f10rancid script, or when i have everything correct should the rancid-run call this? thanks in advance, matt On 7/24/2012 2:37 PM, Brian Talley wrote: > What model of switch and, more importantly, is it FTOS or SFTOS? FTOS > will work w/ RANCID out of the box using f10rancid, but SFTOS will > not. (IME, anyway.) > > On Tue, Jul 24, 2012 at 10:06 AM, Matthew Arguin > > wrote: > > Hello all, > i have been trying to get my Force10 switch in to my rancid > repository, i configured it as a Forec10 (docuementation says > Force 10 router, but i was hoping that the switch would work as > well). but nothing seems to be working. I confirmed that rancid > is working by making a minor change to one of my C3650's and > verifying the change in the repo after forcing a run. nothing is > showing for my F10. I tested the login bin/clogin and > that was successful. executing the run against just the one host > with -x and checking the logs does not yeild much either: > > $ cat networking.20120724.112705 > ++ date > + echo starting: Tue Jul 24 11:27:05 EDT 2012 > starting: Tue Jul 24 11:27:05 EDT 2012 > + echo > > + '[' -f /tmp/.networking.run.lock ']' > + trap 'rm -fr $LOCKFILE;exit 1' 1 2 3 6 10 15 > + touch /tmp/.networking.run.lock > + '[' 0 -eq 0 ']' > + control_rancid -r 192.168.20.243 networking > > + rm -f /tmp/.networking.run.lock > + trap '' 1 2 3 6 10 15 > + echo > > ++ date > + echo ending: Tue Jul 24 11:27:05 EDT 2012 > ending: Tue Jul 24 11:27:05 EDT 2012 > > > should rancid work with force10 as the type for a switch or do i > have to do it as an unsupported type? i am running rancid 2.3.6 > > -- > Matthew Arguin > Currensee, Inc. > 54 Canal St, 4th Floor > Boston, MA 02114 > (617) 986-4758 (Office) > _________________________________________________________________________ > This email and any files transmitted with it are confidential and > intended solely for the addressee. If you received this email in > error, please do not disclose the contents to anyone; kindly > notify the sender by return email and delete this email and any > attachments from your system. > > ? 2011 Currensee Inc. is a member of the National Futures > Association (NFA) Member ID 0403251 | Over the counter retail > foreign currency (Forex) trading may involve significant risk of > loss. It is not suitable for all investors and you should make > sure you understand the risks involved before trading and seek > independent advice if necessary. Performance, strategies and > charts shown are not necessarily predictive of any particular > result and past performance is no indication of future results. > Investor returns may vary from Trade Leader returns based on > slippage, fees, broker spreads, volatility or other market conditions. > > Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | > +1.617.624.3824 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > -- > Brian Talley > -- Matthew Arguin Currensee, Inc. 54 Canal St, 4th Floor Boston, MA 02114 (617) 986-4758 (Office) _________________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. ? 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt.arguin at currensee.com Wed Jul 25 16:42:12 2012 From: matt.arguin at currensee.com (Matthew Arguin) Date: Wed, 25 Jul 2012 12:42:12 -0400 Subject: [rancid] F10 - S50 and rancid 2.3.6 In-Reply-To: References: <500EC7F1.3030708@currensee.com> Message-ID: <501021E4.9080308@currensee.com> dis-regard my last. typos typos typos. thanks for your help! - On 7/24/2012 2:37 PM, Brian Talley wrote: > What model of switch and, more importantly, is it FTOS or SFTOS? FTOS > will work w/ RANCID out of the box using f10rancid, but SFTOS will > not. (IME, anyway.) > > On Tue, Jul 24, 2012 at 10:06 AM, Matthew Arguin > > wrote: > > Hello all, > i have been trying to get my Force10 switch in to my rancid > repository, i configured it as a Forec10 (docuementation says > Force 10 router, but i was hoping that the switch would work as > well). but nothing seems to be working. I confirmed that rancid > is working by making a minor change to one of my C3650's and > verifying the change in the repo after forcing a run. nothing is > showing for my F10. I tested the login bin/clogin and > that was successful. executing the run against just the one host > with -x and checking the logs does not yeild much either: > > $ cat networking.20120724.112705 > ++ date > + echo starting: Tue Jul 24 11:27:05 EDT 2012 > starting: Tue Jul 24 11:27:05 EDT 2012 > + echo > > + '[' -f /tmp/.networking.run.lock ']' > + trap 'rm -fr $LOCKFILE;exit 1' 1 2 3 6 10 15 > + touch /tmp/.networking.run.lock > + '[' 0 -eq 0 ']' > + control_rancid -r 192.168.20.243 networking > > + rm -f /tmp/.networking.run.lock > + trap '' 1 2 3 6 10 15 > + echo > > ++ date > + echo ending: Tue Jul 24 11:27:05 EDT 2012 > ending: Tue Jul 24 11:27:05 EDT 2012 > > > should rancid work with force10 as the type for a switch or do i > have to do it as an unsupported type? i am running rancid 2.3.6 > > -- > Matthew Arguin > Currensee, Inc. > 54 Canal St, 4th Floor > Boston, MA 02114 > (617) 986-4758 (Office) > _________________________________________________________________________ > This email and any files transmitted with it are confidential and > intended solely for the addressee. If you received this email in > error, please do not disclose the contents to anyone; kindly > notify the sender by return email and delete this email and any > attachments from your system. > > ? 2011 Currensee Inc. is a member of the National Futures > Association (NFA) Member ID 0403251 | Over the counter retail > foreign currency (Forex) trading may involve significant risk of > loss. It is not suitable for all investors and you should make > sure you understand the risks involved before trading and seek > independent advice if necessary. Performance, strategies and > charts shown are not necessarily predictive of any particular > result and past performance is no indication of future results. > Investor returns may vary from Trade Leader returns based on > slippage, fees, broker spreads, volatility or other market conditions. > > Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | > +1.617.624.3824 > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss > > > > > -- > Brian Talley > -- Matthew Arguin Currensee, Inc. 54 Canal St, 4th Floor Boston, MA 02114 (617) 986-4758 (Office) _________________________________________________________________________ This email and any files transmitted with it are confidential and intended solely for the addressee. If you received this email in error, please do not disclose the contents to anyone; kindly notify the sender by return email and delete this email and any attachments from your system. ? 2011 Currensee Inc. is a member of the National Futures Association (NFA) Member ID 0403251 | Over the counter retail foreign currency (Forex) trading may involve significant risk of loss. It is not suitable for all investors and you should make sure you understand the risks involved before trading and seek independent advice if necessary. Performance, strategies and charts shown are not necessarily predictive of any particular result and past performance is no indication of future results. Investor returns may vary from Trade Leader returns based on slippage, fees, broker spreads, volatility or other market conditions. Currensee Inc | 54 Canal St 4th Floor | Boston, MA 02114 | +1.617.624.3824 -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt.arguin at currensee.com Thu Jul 26 00:24:19 2012 From: matt.arguin at currensee.com (Matthew Arguin) Date: Wed, 25 Jul 2012 20:24:19 -0400 Subject: [rancid] Netscalars and rancid Message-ID: <50108E33.4030904@currensee.com> ok, i just resolved an issue with my F10 switch and getting it in Rancid this morning, so i figured I would resolve my issue with my Netscalars. I am running NS 9.2 and did some tweaking of the nslogin and nsrancid scripts and they now work. Now, when i run rancid-run, it is not excuting on the netscalar stuff. this happened earlier today with the F10's and i found a typo on my F10 IP addr. no ip typo here. Found a typo in the hardware name (was netscaler, fixed to netscalar). when i run nsrancid, i am getting the .new and .raw in the directory i run from...full of good data... but still nothing when i run rancid-run, just my others get updated. i am sure i am missing something simple stupid here once again, but i can't find it. anyone able to shine any light on this for me? thanks, router.db in my network folder: 192.168.0.201:netscalar:up *** This is the one i am testing 192.168.0.202:netscalar:down 192.168.20.241:cisco:up 192.168.20.243:force10:up -- Matthew Arguin From Richard.Laxton at applicable.com Thu Jul 26 05:00:30 2012 From: Richard.Laxton at applicable.com (Richard Laxton) Date: Thu, 26 Jul 2012 05:00:30 +0000 Subject: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode Message-ID: Sorry to reply to my own message, but I was on digest only and didn't get the individual replies. Newbie moment over. I've got a 99% working solution in place now; once I have dealt with the last issue I will post the code for consideration and re-use. I've done as follows: site/router.db =========== firewall1-context1:cisco:up firewall1-context2:cisco:up firewall1-admincontext:cisco:up firewall1-system:cisco:up In DNS =========== firewall1-context1 A 10.10.10.10 firewall1-context2 A 10.10.20.20 firewall1-admincontext A 10.1.1.1 firewall1-system CNAME firewall1-admincontext I've then patched CLOGIN to check for "-system" in the $router hostname variable. If its there, it'll issue a "changeto system" once, and then assume the prompt is now firewall1 instead of firewall1/admincontext. The script proceeds through all the commands as normal, except for some reason it misses command show running-config, despite the fact that you can type that at the command line normally and more system:running-config works. I'll try and work out why, or have that skipped for "-system". This is the last issue I mentioned. Is this a perfect automated solution? No. Does it get your configs backed up without any manual intervention? Yep, just set the DNS records and off you go. This method assumes of course that you need to be able to SSH to each context directly. All contexts are for my internal customer separation as part of a managed service so no direct user access - therefore its not an issue for me to allow this, however I see no reason why this method couldn't be expanded upon quite simply so you can do the following in router.db, based on some older posts from 2009 I saw suggesting a similar thing: firewall1[context context1]:cisco:up firewall1[context context2]:cisco:up firewall1[system]:cisco:up (or indeed to make a new var in .cloginrc) Then instead of where I've put a static command to 'changeto system', you can issue 'changeto $some_var'. If I ever get round to making this happen I'll post that code too. -----Original Message----- From: Richard Laxton Sent: 24 July 2012 18:00 To: 'rancid-discuss at shrubbery.net' Subject: Revisiting Cisco ASA 5500 / FWSM in multiple context mode Hi everyone, Forgive me if I'm breaching etiquette here, I've never posted to a mailling list before. I'm eager to get a resolution to the issue of how to grab the "system" context configuration when using ASA in multiple context mode. I've accommodated the individual contexts by simply adding them to router.db as additional 'cisco' devices and ensuring that they are reachable on an interface from RANCID. I'm (personally) happy with that solution. The issue I've got is then how to get into the system context reliably. I've copied rancid to asarancid and added it to rancid-fe as "asa" - I've then added my firewall as firewall:asa:up in router.db. Inside asarancid I've trimmed the commandtable down a bit for now, to get started: @commandtable = ( {'changeto system' => 'DoNothing'}, {'show version' => 'ShowVersion'}, {'show boot' => 'ShowBoot'}, {'show flash' => 'ShowFlash'}, {'show running-config' => 'WriteTerm'}, ); In order to bypass the "prompt has changed" issue, I've simply commented out those lines, however it then rejects the 'changeto system' command as follows: firewall: found unexpected command - "changeto system" I'm unable to resolve how I define this as an expected command. Can you please assist me in my endeavours? I'll post the script at the end for anyone who may find it useful, or alternatively if anyone has resolved this could you kindly provide me a copy of your own scripts? I've tried a web search and searching on the web interface but despite some comments about people looking at this before I can't see any (obvious) place where a user script has been published. Thanks, Rich. This electronic message contains information from Applicable, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please notify the sender. Activity and use of the Applicable Ltd e-mail system is monitored to secure its effective operation and for other lawful business purposes. Communications using this system will also be monitored and may be recorded to secure effective operation and for other lawful business purposes. Applicable Ltd. Registered office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE.? Registered in England no: 03426111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From dtuecks at googlemail.com Thu Jul 26 09:26:00 2012 From: dtuecks at googlemail.com (Daniel Tuecks) Date: Thu, 26 Jul 2012 11:26:00 +0200 Subject: [rancid] Revisiting Cisco ASA 5500 / FWSM in multiple context mode In-Reply-To: References: Message-ID: Hi Rich, if it's possible I would also treat each context as its own device. Unfortunately this wasn't possible for me as policies only allowed to access a context by the 'changeto context' command. I also fiddled with dns CNAMES and custom scripts but it turned out to be rather complicated. Then I tried the usercmd patch (Thats the patch Ryan West also suggested -> http://www.shrubbery.net/pipermail/rancid-discuss/2006-May/001490.html). This patch makes it really easy to backup contexts / most out-of-band devices plus I don't need all the CNAMES. I'll show you a sample config: # Backup device aka 'admin context' # 'my-context-enabled-device' has an A RECORD and is accessible via ssh. This is a standard rancid .clogin config. add user my-context-enabled-device-standby ADMINUSER add password my-context-enabled-device-standby PWD ENAPWD add method my-context-enabled-device-standby {ssh:22} add autoenable my-context-enabled-device-standby {0} add cyphertype my-context-enabled-device-standby 3des # Backup system context # 'my-context-enabled-device-sys' is just a name for rancid. No DNS or address is needed. # The magic happens one line below: login to my-context-enabled-device-sys via {clogin} for {my-context-enabled-device} # When logged in, change to system context and backup add method my-context-enabled-device-sys {usercmd} add usercmd my-context-enabled-device-sys {clogin} {my-context-enabled-device} add usercmd_chat my-context-enabled-device-sys {my-context-enabled-device/admin#} {changeto system\r} {my-context-enabled-device#} {\r} # Backup SOMECONTEXT # same as for the 'system' backup but changeto 'SOMECONTEXT' afterwards. Backup. Done. # again 'my-context-enabled-device-SOMECONTEXT' is just a name for rancid. No DNS or address is needed. add method my-context-enabled-device-SOMECONTEXT {usercmd} add usercmd my-context-enabled-device-SOMECONTEXT {clogin} {my-context-enabled-device} add usercmd_chat my-context-enabled-device-SOMECONTEXT {my-context-enabled-device/admin#} {changeto system\r} {my-context-enabled-device#} {changeto context SOMECONTEXT\r} {my-context-enabled-device/SOMECONTEXT#} {\r} The router.db looks like this: my-context-enabled-device:cisco:up my-context-enabled-device-sys:cisco:up my-context-enabled-device-SOMECONTEXT:cisco:up Daniel 2012/7/26 Richard Laxton : > Sorry to reply to my own message, but I was on digest only and didn't get > the individual replies. Newbie moment over. > > I've got a 99% working solution in place now; once I have dealt with the > last issue I will post the code for consideration and re-use. > > I've done as follows: > > site/router.db > =========== > firewall1-context1:cisco:up > firewall1-context2:cisco:up > firewall1-admincontext:cisco:up > firewall1-system:cisco:up > > In DNS > =========== > firewall1-context1 A 10.10.10.10 > firewall1-context2 A 10.10.20.20 > firewall1-admincontext A 10.1.1.1 > firewall1-system CNAME firewall1-admincontext > > I've then patched CLOGIN to check for "-system" in the $router hostname > variable. If its there, it'll issue a "changeto system" once, and then > assume the prompt is now firewall1 instead of firewall1/admincontext. > > The script proceeds through all the commands as normal, except for some > reason it misses command show running-config, despite the fact that you can > type that at the command line normally and more system:running-config works. > I'll try and work out why, or have that skipped for "-system". This is the > last issue I mentioned. > > Is this a perfect automated solution? No. Does it get your configs backed up > without any manual intervention? Yep, just set the DNS records and off you > go. This method assumes of course that you need to be able to SSH to each > context directly. All contexts are for my internal customer separation as > part of a managed service so no direct user access - therefore its not an > issue for me to allow this, however I see no reason why this method couldn't > be expanded upon quite simply so you can do the following in router.db, > based on some older posts from 2009 I saw suggesting a similar thing: > > firewall1[context context1]:cisco:up > firewall1[context context2]:cisco:up > firewall1[system]:cisco:up > > (or indeed to make a new var in .cloginrc) > > Then instead of where I've put a static command to 'changeto system', you > can issue 'changeto $some_var'. > > If I ever get round to making this happen I'll post that code too. > > -----Original Message----- > From: Richard Laxton > Sent: 24 July 2012 18:00 > To: 'rancid-discuss at shrubbery.net' > Subject: Revisiting Cisco ASA 5500 / FWSM in multiple context mode > > Hi everyone, > > Forgive me if I'm breaching etiquette here, I've never posted to a mailling > list before. I'm eager to get a resolution to the issue of how to grab the > "system" context configuration when using ASA in multiple context mode. > > I've accommodated the individual contexts by simply adding them to router.db > as additional 'cisco' devices and ensuring that they are reachable on an > interface from RANCID. I'm (personally) happy with that solution. > > The issue I've got is then how to get into the system context reliably. > > I've copied rancid to asarancid and added it to rancid-fe as "asa" - I've > then added my firewall as firewall:asa:up in router.db. > > Inside asarancid I've trimmed the commandtable down a bit for now, to get > started: > > @commandtable = ( > {'changeto system' => 'DoNothing'}, > {'show version' => 'ShowVersion'}, > {'show boot' => 'ShowBoot'}, > {'show flash' => 'ShowFlash'}, > {'show running-config' => 'WriteTerm'}, > ); > > In order to bypass the "prompt has changed" issue, I've simply commented out > those lines, however it then rejects the 'changeto system' command as > follows: > > firewall: found unexpected command - "changeto system" > > I'm unable to resolve how I define this as an expected command. > > Can you please assist me in my endeavours? I'll post the script at the end > for anyone who may find it useful, or alternatively if anyone has resolved > this could you kindly provide me a copy of your own scripts? I've tried a > web search and searching on the web interface but despite some comments > about people looking at this before I can't see any (obvious) place where a > user script has been published. > > Thanks, > > Rich. > > ________________________________ > This electronic message contains information from Applicable, which may be > privileged or confidential. The information is intended for use only by the > individual(s) or entity named above. If you are not the intended recipient, > be aware that any disclosure, copying, distribution or use of the contents > of this information is strictly prohibited. If you have received this > electronic message in error, please notify the sender. Activity and use of > the Applicable Ltd e-mail system is monitored to secure its effective > operation and for other lawful business purposes. Communications using this > system will also be monitored and may be recorded to secure effective > operation and for other lawful business purposes. Applicable Ltd. Registered > office: 5-6 Northumberland Buildings, Queen Square, Bath, Somerset, BA1 2JE. > Registered in England no: 03426111 > ________________________________ > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From mayur.shastrakar at gmail.com Thu Jul 26 09:17:16 2012 From: mayur.shastrakar at gmail.com (Mayur Shastrakar) Date: Thu, 26 Jul 2012 14:47:16 +0530 Subject: [rancid] stop sending emails on my id mayur.shastrakar@gmail.com Message-ID: Mayur - 9158900739 -------------- next part -------------- An HTML attachment was scrubbed... URL: From johan at securit.se Thu Jul 26 10:21:31 2012 From: johan at securit.se (Johan Ryberg) Date: Thu, 26 Jul 2012 12:21:31 +0200 Subject: [rancid] stop sending emails on my id mayur.shastrakar@gmail.com In-Reply-To: References: Message-ID: You will have to unsubscibe. Follow the instructions in the e-mail footer (http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss) // Johan 2012/7/26 Mayur Shastrakar : > > > > Mayur - 9158900739 > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss From heas at shrubbery.net Fri Jul 27 18:35:53 2012 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jul 2012 11:35:53 -0700 Subject: [rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication In-Reply-To: References: Message-ID: <20120727183553.GW55270@shrubbery.net> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg: > Hi. > > I where having big problems when I enabled tacacs authentication for > HP 2810-24G switches and I found two issues that made rancid > (hpuifilder) to consume 100% cpu and it hang there forever. > > First problem, the enable prompt > The switch are using "Login:" and I think this could be changed in the > default userprompt from "(Username|login|user name):" to > "(Username|[Ll]ogin|user name):" > --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 > +++ hlogin Fri Jul 13 10:58:19 2012 > @@ -697,7 +697,7 @@ > # Figure out prompts > set u_prompt [find userprompt $router] > if { "$u_prompt" == "" } { > - set u_prompt "(Username|login|user name):" > + set u_prompt "(Username|[Ll]ogin|user name):" > } else { > set u_prompt [join [lindex $u_prompt 0] ""] > } committed. > Second problem, hlogin was to fast to enter the enable command after > login. The only letters that where written to the console was "nable". > I could reproduce this every time. The fix was to add a sleep in > hlogin after the "welcome prompt" > > --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012 > +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 > @@ -394,6 +394,7 @@ > expect { > "Press any key to continue" { > send " " > + sleep 1 > exp_continue > } > "Enter switch number to connect to or :" { > > For the record. I'm using rancid 2.3.8 on OpenBSD 5.1 Are you sure? usually when behavior like occurs, its more likely that it matched something in the preceeding output. i asked because this kind of usually just moves the problem elsewhere. it might just be better to deal with recovering from the error and re-enter 'enable'. From johan at securit.se Fri Jul 27 19:35:44 2012 From: johan at securit.se (Johan Ryberg) Date: Fri, 27 Jul 2012 21:35:44 +0200 Subject: [rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication In-Reply-To: <20120727183553.GW55270@shrubbery.net> References: <20120727183553.GW55270@shrubbery.net> Message-ID: Thanks =) I have been running this code with both tacacs enabled switches and with local only authentication since the post without any problems. All changes are committed to cvs and I have not noticed any other issues. I will however look at the banner to see if it match something else. If I got time I will look at it on Monday. Best regards Johan 2012/7/27 heasley : > Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg: >> Hi. >> >> I where having big problems when I enabled tacacs authentication for >> HP 2810-24G switches and I found two issues that made rancid >> (hpuifilder) to consume 100% cpu and it hang there forever. >> >> First problem, the enable prompt >> The switch are using "Login:" and I think this could be changed in the >> default userprompt from "(Username|login|user name):" to >> "(Username|[Ll]ogin|user name):" >> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 >> +++ hlogin Fri Jul 13 10:58:19 2012 >> @@ -697,7 +697,7 @@ >> # Figure out prompts >> set u_prompt [find userprompt $router] >> if { "$u_prompt" == "" } { >> - set u_prompt "(Username|login|user name):" >> + set u_prompt "(Username|[Ll]ogin|user name):" >> } else { >> set u_prompt [join [lindex $u_prompt 0] ""] >> } > > committed. > >> Second problem, hlogin was to fast to enter the enable command after >> login. The only letters that where written to the console was "nable". >> I could reproduce this every time. The fix was to add a sleep in >> hlogin after the "welcome prompt" >> >> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012 >> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 >> @@ -394,6 +394,7 @@ >> expect { >> "Press any key to continue" { >> send " " >> + sleep 1 >> exp_continue >> } >> "Enter switch number to connect to or :" { >> >> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1 > > Are you sure? usually when behavior like occurs, its more likely that it > matched something in the preceeding output. i asked because this kind of > usually just moves the problem elsewhere. it might just be better to deal > with recovering from the error and re-enter 'enable'. From CDeRemer at caron.org Sun Jul 29 11:40:21 2012 From: CDeRemer at caron.org (Chris DeRemer) Date: Sun, 29 Jul 2012 11:40:21 +0000 Subject: [rancid] path variable with ciscowlc and wlogin Message-ID: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> Hello all, I think I'm having a newbie linux user issue. I just downloaded and put the wlogin and ciscowlc/5 scripts into my rancid users's bin directory along with all the other scripts. Can execute wlogin and successfully have it logging into my WLC. I also edited the rancid-fe to add the new device types. However if I try to execute an individual backup run of the wlc I get this output: rancid at CaronRANCID:~/bin$ ./ciscowlc5 -d bs-air-5508-1 executing wlogin -t 90 -c"show udi;show sysinfo;show run-config commands" bs-air-5508-1 sh: wlogin: not found bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands bs-air-5508-1: End of run not found bs-air-5508-1: End of run not found ! rancid at CaronRANCID:~/bin$ .... Weird ... So I run this: rancid at CaronRANCID:~/bin$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games rancid at CaronRANCID:~/bin$ I expected that my /~/bin (or full path /home/rancid/bin) would be there, but it's not... however the rest of rancid works just peachy.... Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: From johan at securit.se Mon Jul 30 07:58:32 2012 From: johan at securit.se (Johan Ryberg) Date: Mon, 30 Jul 2012 09:58:32 +0200 Subject: [rancid] diff to make rancid work with HP 2810-24G and tacacs+ authentication In-Reply-To: References: <20120727183553.GW55270@shrubbery.net> Message-ID: This is the banner. I have replaced username and hostname. Maybe it's the "Press any key to continuesome.host.name>" that is the problem. The switch does not put any space between continue and the hostname. This may fail expect { "Press any key to continue" { send " " exp_continue } -- Johan Ryberg spawn hpuifilter -- ssh -c 3des -x -l someusername some.host.name We'd like to keep you up to date about: * Software feature updates * New product announcements * Special events Please register your products now at: www.ProCurve.com someusername at some.host.name's password: ProCurve J9021A Switch 2810-24G Software revision N.11.52 Copyright (C) 1991-2011 Hewlett-Packard Co. All Rights Reserved. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subdivision (b) (3) (ii) of the Rights in Technical Data and Computer Software clause at 52.227-7013. HEWLETT-PACKARD COMPANY, 3000 Hanover St., Palo Alto, CA 94303 Press any key to continuesome.host.name> enable Login:someusername Enable password: hostname# 2012/7/27 Johan Ryberg : > Thanks =) > > I have been running this code with both tacacs enabled switches and > with local only authentication since the post without any problems. > > All changes are committed to cvs and I have not noticed any other issues. > > I will however look at the banner to see if it match something else. > If I got time I will look at it on Monday. > > Best regards Johan > > 2012/7/27 heasley : >> Fri, Jul 13, 2012 at 10:59:45AM +0200, Johan Ryberg: >>> Hi. >>> >>> I where having big problems when I enabled tacacs authentication for >>> HP 2810-24G switches and I found two issues that made rancid >>> (hpuifilder) to consume 100% cpu and it hang there forever. >>> >>> First problem, the enable prompt >>> The switch are using "Login:" and I think this could be changed in the >>> default userprompt from "(Username|login|user name):" to >>> "(Username|[Ll]ogin|user name):" >>> --- /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 >>> +++ hlogin Fri Jul 13 10:58:19 2012 >>> @@ -697,7 +697,7 @@ >>> # Figure out prompts >>> set u_prompt [find userprompt $router] >>> if { "$u_prompt" == "" } { >>> - set u_prompt "(Username|login|user name):" >>> + set u_prompt "(Username|[Ll]ogin|user name):" >>> } else { >>> set u_prompt [join [lindex $u_prompt 0] ""] >>> } >> >> committed. >> >>> Second problem, hlogin was to fast to enter the enable command after >>> login. The only letters that where written to the console was "nable". >>> I could reproduce this every time. The fix was to add a sleep in >>> hlogin after the "welcome prompt" >>> >>> --- /usr/local/bin/hlogin Fri Jul 13 10:40:23 2012 >>> +++ /usr/local/bin/hlogin Fri Jul 13 10:12:12 2012 >>> @@ -394,6 +394,7 @@ >>> expect { >>> "Press any key to continue" { >>> send " " >>> + sleep 1 >>> exp_continue >>> } >>> "Enter switch number to connect to or :" { >>> >>> For the record. I'm using rancid 2.3.8 on OpenBSD 5.1 >> >> Are you sure? usually when behavior like occurs, its more likely that it >> matched something in the preceeding output. i asked because this kind of >> usually just moves the problem elsewhere. it might just be better to deal >> with recovering from the error and re-enter 'enable'. From atazevedo at yahoo.com.br Mon Jul 30 15:08:54 2012 From: atazevedo at yahoo.com.br (Alexandre Teixeira Azevedo) Date: Mon, 30 Jul 2012 08:08:54 -0700 (PDT) Subject: [rancid] =?iso-8859-1?q?rancid_and_cvsweb_-_i_can=B4t__see_my_cvs?= =?iso-8859-1?q?_repositories?= Message-ID: <1343660934.11762.YahooMailNeo@web142406.mail.bf1.yahoo.com> Hi, I?ve installed rancid in may computer and runs ok, and now i?ve installed the cvsweb but i can?t see my configs. I checked the permisssions and seems ok : ? cd /usr/local/var/rancid ls -lt drwxrwxrwx 6 rancid wheel 512 Jul 25 09:50 CVS drwxr-x------ 6 rancid wheel 512 Jul 25 09:50 CISCO => my configs ?@CVSrepositories = ( 'local' => ['My CVS Repository', '/home/cvs'], 'gpa' => ['gpa routers' , '/usr/local/var/rancid/CVS'], # 'freebsd' => ['FreeBSD', '/home/ncvs'], # 'openbsd' => ['OpenBSD', '/home/ncvs'], # 'netbsd' => ['NetBSD', '/home/ncvs'], # 'ruby' => ['Ruby', '/var/anoncvs/ruby'], ); ? When i open my browser appear the page bellow ?instead of my cvs repositories ? "Index of /NEC Parent Directory cvsweb.cgi " In my apache configuration there is the following lines ? Alias /NEC/ "/usr/local/www/cgi-bin/" AllowOverride None ??? Options Indexes MultiViews ??? Order allow,deny ??? Allow from all ?? ? I think that there is any configuration error in my apache , but i?m not what?s wrong . Please, I need of any help !! -------------- next part -------------- An HTML attachment was scrubbed... URL: From CDeRemer at caron.org Mon Jul 30 20:05:39 2012 From: CDeRemer at caron.org (Chris DeRemer) Date: Mon, 30 Jul 2012 20:05:39 +0000 Subject: [rancid] path variable with ciscowlc and wlogin In-Reply-To: <20120729181009.GD21042@shrubbery.net> References: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local>, <20120729181009.GD21042@shrubbery.net> Message-ID: <2C6B540215FBC442AD3F68684AF747E22531804E@EX10-MB01.caron.local> From: heasley [heas at shrubbery.net] Sent: Sunday, July 29, 2012 2:10 PM To: Chris DeRemer Subject: Re: [rancid] path variable with ciscowlc and wlogin Sun, Jul 29, 2012 at 11:40:21AM +0000, Chris DeRemer: > Hello all, > > I think I'm having a newbie linux user issue. I just downloaded and put the wlogin and ciscowlc/5 scripts into my rancid users's bin directory along with all the other scripts. Can execute wlogin and successfully have it logging into my WLC. I also edited the rancid-fe to add the new device types. However if I try to execute an individual backup run of the wlc I get this output: > rancid at CaronRANCID:~/bin$ ./ciscowlc5 -d bs-air-5508-1 > executing wlogin -t 90 -c"show udi;show sysinfo;show run-config commands" bs-air-5508-1 > sh: wlogin: not found > bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands > bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands > bs-air-5508-1: End of run not found > bs-air-5508-1: End of run not found > ! > rancid at CaronRANCID:~/bin$ > > .... Weird ... > > So I run this: > rancid at CaronRANCID:~/bin$ echo $PATH > /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games > rancid at CaronRANCID:~/bin$ > > I expected that my /~/bin (or full path /home/rancid/bin) would be there, but it's not... however the rest of rancid works just peachy.... Any ideas? is it executable? try running it with the full path. ============= Heasley, The files are all 755. If a run with full path i get similar results, see below: rancid at CaronRANCID:/root$ cd ~ rancid at CaronRANCID:~$ /home/rancid/bin/ciscowlc5 -d bs-air-5508-1 executing wlogin -t 90 -c"show udi;show sysinfo;show run-config commands" bs-air-5508-1 sh: wlogin: not found bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands bs-air-5508-1: End of run not found bs-air-5508-1: End of run not found ! Cheers, Chris From CDeRemer at caron.org Tue Jul 31 14:44:22 2012 From: CDeRemer at caron.org (Chris DeRemer) Date: Tue, 31 Jul 2012 14:44:22 +0000 Subject: [rancid] path variable with ciscowlc and wlogin In-Reply-To: <20120730202455.GA57673@shrubbery.net> References: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> <20120729181009.GD21042@shrubbery.net> <2C6B540215FBC442AD3F68684AF747E22531804E@EX10-MB01.caron.local>, <20120730202455.GA57673@shrubbery.net> Message-ID: <2C6B540215FBC442AD3F68684AF747E225318640@EX10-MB01.caron.local> From: heasley [heas at shrubbery.net] Sent: Monday, July 30, 2012 4:24 PM To: Chris DeRemer Subject: Re: [rancid] path variable with ciscowlc and wlogin Mon, Jul 30, 2012 at 08:05:39PM +0000, Chris DeRemer: > From: heasley [heas at shrubbery.net] > Sent: Sunday, July 29, 2012 2:10 PM > To: Chris DeRemer > Subject: Re: [rancid] path variable with ciscowlc and wlogin > > Sun, Jul 29, 2012 at 11:40:21AM +0000, Chris DeRemer: > > Hello all, > > > > I think I'm having a newbie linux user issue. I just downloaded and put the wlogin and ciscowlc/5 scripts into my rancid users's bin directory along with all the other scripts. Can execute wlogin and successfully have it logging into my WLC. I also edited the rancid-fe to add the new device types. However if I try to execute an individual backup run of the wlc I get this output: > > rancid at CaronRANCID:~/bin$ ./ciscowlc5 -d bs-air-5508-1 > > executing wlogin -t 90 -c"show udi;show sysinfo;show run-config commands" bs-air-5508-1 > > sh: wlogin: not found > > bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands > > bs-air-5508-1: missed cmd(s): show sysinfo,show udi,show run-config commands > > bs-air-5508-1: End of run not found > > bs-air-5508-1: End of run not found > > ! > > rancid at CaronRANCID:~/bin$ > > > > .... Weird ... > > > > So I run this: > > rancid at CaronRANCID:~/bin$ echo $PATH > > /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games > > rancid at CaronRANCID:~/bin$ > > > > I expected that my /~/bin (or full path /home/rancid/bin) would be there, but it's not... however the rest of rancid works just peachy.... Any ideas? > > is it executable? try running it with the full path. > > > Runs fine as full path not otherwise: rancid at CaronRANCID:~$ /home/rancid/bin/wlogin BS-AIR-5508-1 bs-air-5508-1 spawn telnet bs-air-5508-1 Trying 10.57.1.10... telnet: Unable to connect to remote host: Connection refused spawn ssh -c 3des -x -l ***** bs-air-5508-1 (Cisco Controller) User: ******* Password:*********** (Cisco Controller) > (Cisco Controller) >logout rancid at CaronRANCID:~$ wlogin BS-AIR-5508-1 bash: wlogin: command not found rancid at CaronRANCID:~$ From me at ale.cx Tue Jul 31 20:16:45 2012 From: me at ale.cx (Alex DEKKER) Date: Tue, 31 Jul 2012 21:16:45 +0100 Subject: [rancid] path variable with ciscowlc and wlogin In-Reply-To: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> References: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> Message-ID: <50183D2D.2070403@ale.cx> On 29/07/12 12:40, Chris DeRemer wrote: > > rancid at CaronRANCID:~/bin$ echo $PATH > > /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games > > I expected that my /~/bin (or full path /home/rancid/bin) would be > there, but it's not... however the rest of rancid works just > peachy.... Any ideas? > > You either need to move wlogin to somewhere in $PATH, or, preferably, amend $PATH to include wherever wlogin is for the rancid user. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From rancid at ale.cx Tue Jul 31 20:37:30 2012 From: rancid at ale.cx (Alex DEKKER) Date: Tue, 31 Jul 2012 21:37:30 +0100 Subject: [rancid] path variable with ciscowlc and wlogin In-Reply-To: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> References: <2C6B540215FBC442AD3F68684AF747E22531774B@EX10-MB01.caron.local> Message-ID: <5018420A.8050209@ale.cx> On 29/07/12 12:40, Chris DeRemer wrote: > > rancid at CaronRANCID:~/bin$ echo $PATH > > /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games > > I expected that my /~/bin (or full path /home/rancid/bin) would be > there, but it's not... however the rest of rancid works just > peachy.... Any ideas? > > You either need to move wlogin to somewhere in $PATH, or, preferably, amend $PATH to include wherever wlogin is for the rancid user. alexd -------------- next part -------------- An HTML attachment was scrubbed... URL: From pxb368 at motorola.com Tue Jul 31 18:05:01 2012 From: pxb368 at motorola.com (Danilo Gouveia) Date: Tue, 31 Jul 2012 15:05:01 -0300 Subject: [rancid] 6500 Doubts Message-ID: Hello, I have RANCID installed and running on a mix of Cisco IOS, CatOS (6500 and 5500) and Foundry switches. The backup of these devices is running to all expect one which is a Cisco CatOS 6500. The config into the routed.db is hostname:cat5:up and I can ping the switch with the hostname. I can also use clogin hostname and I'll be prompted to the (enable) console, however when I do rancid-run into the log files I have this message: Trying to get all of the configs. hostname: missed cmd(s): write term all,show port ifindex,show module,dir sup-microcode:,dir sup-bootflash:,dir bootflash:,dir slot0:,show version,show flash,show running-config,write term,show boot,dir slot1:,show inventory raw I do have other 6500 in the network which rancid works perfectly only this one is not working. Any ideas ? Thanks in advance, -- Danilo Marques de Gouveia -------------- next part -------------- An HTML attachment was scrubbed... URL: