From jcenile1983 at gmail.com Mon Jan 2 04:44:56 2017 From: jcenile1983 at gmail.com (John Cenile) Date: Mon, 2 Jan 2017 15:44:56 +1100 Subject: [rancid] RANCID recording the "quit" command Message-ID: Does anyone know how to stop RANCID from tricking itself into thinking a change has been made? For example, I get an email every so often (2-3 times a week) saying a change has been discovered: =================================================================== retrieving revision 1.68 diff -U 4 -r1.68 switch007 @@ -5,8 +5,9 @@ # # # # + qu# # Module devmgr configuration. # configure snmp sysName "switch007" configure snmp sysLocation "Auckland_A" @@ -15,8 +16,9 @@ configure slot 1 module X670-48x configure sys-recovery-level slot 1 reset configure slot 2 module X670-48x configure sys-recovery-level slot 2 reset + i # # Module vlan configuration. # configure vlan default delete ports all @@ -253,8 +255,9 @@ + t # # Module bfd configuration. # # Module bgp configuration. Notice how it's sending the command "quit" while the configuration is still being outputted? -------------- next part -------------- An HTML attachment was scrubbed... URL: From usman.hfd at gmail.com Tue Jan 3 07:10:14 2017 From: usman.hfd at gmail.com (Usman Ahmad) Date: Tue, 3 Jan 2017 11:10:14 +0400 Subject: [rancid] backup issue while taking backup for BTI switch Message-ID: *Dear RANCID Members, * I have switches from the vendor i.e BTI which isn't supported by default in rancid tool but i did modify the juniper scripts (jlogin & jrancid --> btilogin & btirancid) to make it done. But i am having some issues. Please review and support. *btilogin *script is working absolutely fine and it gives the all given commands output /var/lib/rancid/bin/btilogin -t 90 -c"show environment;show clock;show running-config" bti-switch-01 it logins to the switch and close session properly without and error. but when i am running it through rancid-run, it stucks and create file with bti-switch-01.new with following content only. $ cat 10.255.255.232.new # RANCID-CONTENT-TYPE: BTI # later on i had set environment variable export NOPIPE=YES and run `/var/lib/rancid/bin/jrancid -d bti-switch-01` and it create two files. bti-switch-01.new & bti-switch-01.raw. .new was is having the same content as given above and .raw file was having the all commands output without any error. Then i had tried to run rancid-run command keeping the NOPIPE=YES and this time found the following contents in bti-switch-01.raw & same one line in .new file. *spawn ssh -c 3des -x -l rancid bti-switch-01* *rancid at bti-switch-01's password:* *No entry for terminal type "network";* *using dumb terminal settings.* *No entry for terminal type "network";* *using dumb terminal settings.* may be i need to set some terminal setting in the scripts. please do support that how can i solve this issue. *--* *Regards,* Usman Ahmad -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 3 18:36:35 2017 From: heas at shrubbery.net (heasley) Date: Tue, 3 Jan 2017 18:36:35 +0000 Subject: [rancid] RANCID recording the "quit" command In-Reply-To: References: Message-ID: <20170103183635.GB90321@shrubbery.net> Mon, Jan 02, 2017 at 03:44:56PM +1100, John Cenile: > Does anyone know how to stop RANCID from tricking itself into thinking a > change has been made? > > For example, I get an email every so often (2-3 times a week) saying a > change has been discovered: > > > =================================================================== > retrieving revision 1.68 > diff -U 4 -r1.68 switch007 > @@ -5,8 +5,9 @@ > # > # > # > # > + qu# > # Module devmgr configuration. > # > configure snmp sysName "switch007" > configure snmp sysLocation "Auckland_A" > @@ -15,8 +16,9 @@ > configure slot 1 module X670-48x > configure sys-recovery-level slot 1 reset > configure slot 2 module X670-48x > configure sys-recovery-level slot 2 reset > + i > # > # Module vlan configuration. > # > configure vlan default delete ports all > @@ -253,8 +255,9 @@ > + t > # > # Module bfd configuration. > # > # Module bgp configuration. > > > > Notice how it's sending the command "quit" while the configuration is still > being outputted? whats a problem with the login script; it is out of sync with the prompts. From weylin at bu.edu Mon Jan 2 21:44:28 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 2 Jan 2017 21:44:28 +0000 Subject: [rancid] RANCID recording the "quit" command In-Reply-To: References: Message-ID: <04289B47-FDCC-4E5B-807C-0939EF24C7AC@bu.edu> I had the same issue with Nexus 5010s running NX-OS v4, and with a circa ~2002 version of rancid. Never did find any root cause, but about a year ago we upgraded rancid and the underlying server (it was also circa 2002), that cleared the problem for us. weylin From: John Cenile Date: Sunday, January 1, 2017 at 23:44 To: Subject: [rancid] RANCID recording the "quit" command Does anyone know how to stop RANCID from tricking itself into thinking a change has been made? For example, I get an email every so often (2-3 times a week) saying a change has been discovered: =================================================================== retrieving revision 1.68 diff -U 4 -r1.68 switch007 @@ -5,8 +5,9 @@ # # # # + qu# # Module devmgr configuration. # configure snmp sysName "switch007" configure snmp sysLocation "Auckland_A" @@ -15,8 +16,9 @@ configure slot 1 module X670-48x configure sys-recovery-level slot 1 reset configure slot 2 module X670-48x configure sys-recovery-level slot 2 reset + i # # Module vlan configuration. # configure vlan default delete ports all @@ -253,8 +255,9 @@ + t # # Module bfd configuration. # # Module bgp configuration. Notice how it's sending the command "quit" while the configuration is still being outputted? -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Tue Jan 3 20:03:08 2017 From: djones at ena.com (David Jones) Date: Tue, 3 Jan 2017 20:03:08 +0000 Subject: [rancid] IOS show crypto feature addition request Message-ID: Patch request for new feature that works with any recent Rancid version with ios.pm to show the crypto key generated or the lack thereof: lib/ios.pm (add before the 'sub?ShowDetail' -- line 560 in 3.6.1)? == begin?================================================ # This routine parses "show crypto key mypubkey rsa" sub ShowCrypto { ? ? my($INPUT, $OUTPUT, $cmd) = @_; ? ? print STDERR " ? ?In ShowCrypto: $_" if ($debug); ? ? while (<$INPUT>) { ? ? ? ? tr/\015//d; ? ? ? ? last if (/^$prompt/); ? ? ? ? next if (/^(\s*|\s*$cmd\s*)$/); ? ? ? ? return(1) if /^\s*\^\s*$/; ? ? ? ? return(1) if (/(invalid (input|command) detected|type help or )/i); ? ? ? ? return(1) if (/unrecognized command/i); ? ? ? ? next if (!(/Key name|^ssh-[dr]sa/i)); ? ? ? ? ProcessHistory("CRYPTO","","","!crypto: $_"); ? ? } ? ? ProcessHistory("","","","!\n"); ? ? return(0); } == end?================================================ etc/rancid.types.conf (could be promoted to rancid.types.base): ====================================================== cisco;command;ios::ShowCrypto;show crypto key mypubkey rsa Thanks, Dave Jones Lead Systems Engineer Education Networks of America From bob.franzke at altn.com Thu Jan 5 22:44:58 2017 From: bob.franzke at altn.com (Bob Franzke) Date: Thu, 05 Jan 2017 16:44:58 -0600 Subject: [rancid] RANCID Not Honoring cyphertype in .cloginrc In-Reply-To: <20161121154247.GA84011@shrubbery.net> Message-ID: <57e731bf.1d267a5.1c5c9ad.324c@altn.com> Thanks for the reply here. I finally got some time to upgrade rancid. See here: $ pkg version | grep rancid rancid3-3.6.1 = 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though: $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int alteon-a.colo.altn.int spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour Error: Couldn't login: alteon-a.colo.altn.int $ ssh -c aes256-ctr -x -l admin alteon-a.colo.altn.int admin at alteon-a.colo.altn.int's password: .cloginrc file entry: add cyphertype alteon*.altn.int {aes256-ctr} The client (rancid server) does seem to be able to connect using proper cypher but clogin script is still ignoring the cyphertype directive. As you can see it still spawns ssh using 3des as the cypher instead of the configured aes256-ctr. I also tried using See Perl and expect versions below: $ pkg version | grep expect expect-5.45.3 = $ pkg version | grep perl perl5-5.20.3_15 = $ uname -a FreeBSD netmon.altn.int 9.3-RELEASE-p49 FreeBSD 9.3-RELEASE-p49 #0: Fri Oct 21 21:01:08 UTC 2016 Anything else I am missing here you can think of? Do I have the cyphertype syntax wrong somehow ({aes256}?). Appreciate the help. Regards Bob -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Monday, November 21, 2016 9:43 AM To: Bob Franzke Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc Thu, Oct 27, 2016 at 12:39:13PM -0500, Bob Franzke: > Greetings, > > I am trying to get RANCID to use a different cyphertype. I have the following in my .cloginrc file: > > add method alteon*.altn.int {ssh} > add cyphertype alteon*.altn.int {aes256-ctr} > add user alteon*.altn.int {user} > add password alteon*.altn.int {*******} > add autoenable alteon*.altn.int 1 > > I am trying to access Alteon devices using the alogin script. As far as I know I should be able to add the cyphertype directive in the cloginrc file and have the spawned SSH session use the specified cipher when connecting. With the above add cyphertype line in the file, I get the following when running the alogin script: > > $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int > alteon-a.colo.altn.int spawn ssh -c 3des -x -l user > alteon-a.colo.altn.int no matching cipher found: client 3des-cbc > server aes256-ctr,aes192-ctr,aes128-ctr,arcfour > > Error: Couldn't login > $ > > It looks to me like alogin is ignoring the cyphertype line and using 3des for the connection. In a recent software update, it seems Radware removed 3des ciphers by default for Alteon devices so the connection fails. AFAIK all I need to do to specify ciphers for the connection is add it to the .cloginrc file. Is there anything else that needs to be done here? Incidentally, that same behavior occurs when running the clogin script. The cyphertype value just seems to be ignored. Does my .cloginrc config look reasonable? > > Version information: > > $ pkg version | grep rancid > rancid-2.3.8_6 = This version forces cdes; please upgrade to 3.5.1. > $ pkg version | grep expect > expect-5.45.3 = > $ uname -a > FreeBSD netmon.altn.int 9.3-RELEASE-p43 FreeBSD 9.3-RELEASE-p43 #0: Sat May 28 00:19:32 UTC 2016 root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > I saw some information regarding configuring the SSH Daemon to support certain ciphers, but I am not sure it relevant to issuing connections to other servers. I don?t have any added ciphers in my ssh config file but am told the default set should support connections like the one above. > > Any help here would be appreciated. I am not sure what else to look for. Thanks in advance. > > Bob > > > Robert Franzke > Network Administrator > Alt-N Technologies, Ltd. | Grapevine, TX Office 817.601.3222 x234 | > Mobile 972.746.5470 http://www.altn.com > > Sent using Alt-N's own MDaemon Messaging Server Now available with > BYOD Mobile Device Management, Document Sharing, Hijacked Account > Detection and more. > > Get to know the Alt-N family by liking us on Facebook! > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Thu Jan 5 23:54:22 2017 From: heas at shrubbery.net (heasley) Date: Thu, 5 Jan 2017 23:54:22 +0000 Subject: [rancid] RANCID Not Honoring cyphertype in .cloginrc In-Reply-To: <57e731bf.1d267a5.1c5c9ad.324c@altn.com> References: <20161121154247.GA84011@shrubbery.net> <57e731bf.1d267a5.1c5c9ad.324c@altn.com> Message-ID: <20170105235422.GC67913@shrubbery.net> Thu, Jan 05, 2017 at 04:44:58PM -0600, Bob Franzke: > Thanks for the reply here. I finally got some time to upgrade rancid. See here: > > $ pkg version | grep rancid > rancid3-3.6.1 = > > 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though: its either in your cloginrc, you have a rogue clogin or you do not actually have rancid 3.6.1. what does /usr/local/libexec/rancid/clogin -V claim? > $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int btw, alogin is for alteon stuff. also see plogin. > alteon-a.colo.altn.int > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int > no matching cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour From bob.franzke at altn.com Fri Jan 6 00:17:21 2017 From: bob.franzke at altn.com (Bob Franzke) Date: Thu, 05 Jan 2017 18:17:21 -0600 Subject: [rancid] RANCID Not Honoring cyphertype in .cloginrc In-Reply-To: <20170105235422.GC67913@shrubbery.net> Message-ID: <3fdaefff.1d267b2.c9858.29@altn.com> Thanks for the reply. See below: root at netmon:/usr/home/bob # /usr/local/libexec/rancid/clogin -V rancid 3.6.1 root at netmon:/usr/home/bob # I did not show output before but did try using alogin as well and got the same result: $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int alteon-a.colo.altn.int spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour Error: Couldn't login Maybe the wildcard character in the .cloginrc for alteon devices is messing it up. It seems to work for the other directives (passwords, etc.) just not cyphertype. Maybe I'll try to just add a specific line to handle alteons without the wildcard character and see if that gets me anything. Can you confirm the bracketed cyphertype option is correct ({aes256-ctr})? -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Thursday, January 05, 2017 5:54 PM To: Bob Franzke Cc: heasley; rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc Thu, Jan 05, 2017 at 04:44:58PM -0600, Bob Franzke: > Thanks for the reply here. I finally got some time to upgrade rancid. See here: > > $ pkg version | grep rancid > rancid3-3.6.1 = > > 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though: its either in your cloginrc, you have a rogue clogin or you do not actually have rancid 3.6.1. what does /usr/local/libexec/rancid/clogin -V claim? > $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int btw, alogin is for alteon stuff. also see plogin. > alteon-a.colo.altn.int > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching > cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour From heas at shrubbery.net Fri Jan 6 00:33:20 2017 From: heas at shrubbery.net (heasley) Date: Fri, 6 Jan 2017 00:33:20 +0000 Subject: [rancid] RANCID Not Honoring cyphertype in .cloginrc In-Reply-To: <3fdaefff.1d267b2.c9858.29@altn.com> References: <20170105235422.GC67913@shrubbery.net> <3fdaefff.1d267b2.c9858.29@altn.com> Message-ID: <20170106003320.GD67913@shrubbery.net> Thu, Jan 05, 2017 at 06:17:21PM -0600, Bob Franzke: > Thanks for the reply. See below: > > root at netmon:/usr/home/bob # /usr/local/libexec/rancid/clogin -V > rancid 3.6.1 hrm; 3des does not appear in the source. > root at netmon:/usr/home/bob # > > I did not show output before but did try using alogin as well and got the same result: > > $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int > alteon-a.colo.altn.int > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int > no matching cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour > > Error: Couldn't login > > Maybe the wildcard character in the .cloginrc for alteon devices is messing it up. It seems to work for the other directives (passwords, etc.) just not cyphertype. Maybe I'll try to just add a specific line to handle alteons without the wildcard character and see if that gets me anything. > > Can you confirm the bracketed cyphertype option is correct ({aes256-ctr})? yes. also try clogin -[Mm] hostname (cant recall if i added these options to alogin) to see if its coming from your cloginrc. > > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Thursday, January 05, 2017 5:54 PM > To: Bob Franzke > Cc: heasley; rancid-discuss at shrubbery.net > Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc > > Thu, Jan 05, 2017 at 04:44:58PM -0600, Bob Franzke: > > Thanks for the reply here. I finally got some time to upgrade rancid. See here: > > > > $ pkg version | grep rancid > > rancid3-3.6.1 = > > > > 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though: > > its either in your cloginrc, you have a rogue clogin or you do not actually have rancid 3.6.1. what does /usr/local/libexec/rancid/clogin -V claim? > > > > $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int > > btw, alogin is for alteon stuff. also see plogin. > > > alteon-a.colo.altn.int > > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching > > cipher found: client 3des-cbc server aes256-ctr,aes192-ctr,aes128-ctr,arcfour From bob.franzke at altn.com Fri Jan 6 00:56:38 2017 From: bob.franzke at altn.com (Bob Franzke) Date: Thu, 05 Jan 2017 18:56:38 -0600 Subject: [rancid] RANCID Not Honoring cyphertype in .cloginrc In-Reply-To: <20170106003320.GD67913@shrubbery.net> Message-ID: OK -M switch reveals the issue: /usr/local/libexec/rancid/clogin -M alteon-a.colo.altn.int alteon-a.colo.altn.int cyphertype:/home/rancid/.cloginrc:108: * 3des The. So I looked in the .cloginrc and found the problem: # set ssh encryption type, dflt: 3des add cyphertype * {3des} This was set up above my long time additions in an example section so I missed it. Somehow was uncommented (no doubt to my endless experimenting). I corrected it and now get this: $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int alteon-a.colo.altn.int spawn ssh -c aes256-ctr -x -l admin alteon-a.colo.altn.int admin at alteon-a.colo.altn.int's password: Works like a charm when you do things right. The -M switch was quite helpful so thanks very much for pointing it out. Really appreciate the time and all the help. I am in business. Regards- Bob -----Original Message----- From: heasley [mailto:heas at shrubbery.net] Sent: Thursday, January 05, 2017 6:33 PM To: Bob Franzke Cc: heasley; rancid-discuss at shrubbery.net Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc Thu, Jan 05, 2017 at 06:17:21PM -0600, Bob Franzke: > Thanks for the reply. See below: > > root at netmon:/usr/home/bob # /usr/local/libexec/rancid/clogin -V rancid > 3.6.1 hrm; 3des does not appear in the source. > root at netmon:/usr/home/bob # > > I did not show output before but did try using alogin as well and got the same result: > > $ /usr/local/libexec/rancid/alogin alteon-a.colo.altn.int > alteon-a.colo.altn.int spawn ssh -c 3des -x -l admin > alteon-a.colo.altn.int no matching cipher found: client 3des-cbc > server aes256-ctr,aes192-ctr,aes128-ctr,arcfour > > Error: Couldn't login > > Maybe the wildcard character in the .cloginrc for alteon devices is messing it up. It seems to work for the other directives (passwords, etc.) just not cyphertype. Maybe I'll try to just add a specific line to handle alteons without the wildcard character and see if that gets me anything. > > Can you confirm the bracketed cyphertype option is correct ({aes256-ctr})? yes. also try clogin -[Mm] hostname (cant recall if i added these options to alogin) to see if its coming from your cloginrc. > > -----Original Message----- > From: heasley [mailto:heas at shrubbery.net] > Sent: Thursday, January 05, 2017 5:54 PM > To: Bob Franzke > Cc: heasley; rancid-discuss at shrubbery.net > Subject: Re: [rancid] RANCID Not Honoring cyphertype in .cloginrc > > Thu, Jan 05, 2017 at 04:44:58PM -0600, Bob Franzke: > > Thanks for the reply here. I finally got some time to upgrade rancid. See here: > > > > $ pkg version | grep rancid > > rancid3-3.6.1 = > > > > 3.6.1 instead of the suggested 3.5.1 but I assume functionality is still there in 3.6.1. I am still having issues though: > > its either in your cloginrc, you have a rogue clogin or you do not actually have rancid 3.6.1. what does /usr/local/libexec/rancid/clogin -V claim? > > > > $ /usr/local/libexec/rancid/clogin alteon-a.colo.altn.int > > btw, alogin is for alteon stuff. also see plogin. > > > alteon-a.colo.altn.int > > spawn ssh -c 3des -x -l admin alteon-a.colo.altn.int no matching > > cipher found: client 3des-cbc server > > aes256-ctr,aes192-ctr,aes128-ctr,arcfour From Sebastien.Boulianne at cpu.ca Fri Jan 6 13:48:03 2017 From: Sebastien.Boulianne at cpu.ca (Sebastien.Boulianne at cpu.ca) Date: Fri, 6 Jan 2017 08:48:03 -0500 Subject: [rancid] Backup Fortigate configuration including all vdoms. In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5E2F6E79D0@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5E2F6E79D0@CPUMAIL2.cpu.qc.ca> Message-ID: <5FE0959288C73D448BB44CB7E9CC320F5E2F6E7AA8@CPUMAIL2.cpu.qc.ca> Hi, Most of our routers / FW are Fortigates. I would like take full config backup including all vdoms using Rancid. How can I do that ? I have 3 VDOMs on a FGT80C : Global, root, ROUTER How can I take those 3 vdoms in backup ? I have the global admin account for all those devices. I have the same problem with a FGT300B. Thanks you very much and merry Christmas + happy new year all! S?bastien. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: From harsha.s.aryan at gmail.com Fri Jan 6 13:51:29 2017 From: harsha.s.aryan at gmail.com (Harsha S Aryan) Date: Fri, 6 Jan 2017 19:21:29 +0530 Subject: [rancid] Rancid mail error In-Reply-To: References: Message-ID: Hi all I am getting switch down and router down mail how to stop this Not getting config difference mail also -------------- next part -------------- An HTML attachment was scrubbed... URL: From jzp-rancid at rsuc.gweep.net Fri Jan 6 14:30:04 2017 From: jzp-rancid at rsuc.gweep.net (Joe Provo) Date: Fri, 6 Jan 2017 09:30:04 -0500 Subject: [rancid] Backup Fortigate configuration including all vdoms. In-Reply-To: <5FE0959288C73D448BB44CB7E9CC320F5E2F6E7AA8@CPUMAIL2.cpu.qc.ca> References: <5FE0959288C73D448BB44CB7E9CC320F5E2F6E79D0@CPUMAIL2.cpu.qc.ca> <5FE0959288C73D448BB44CB7E9CC320F5E2F6E7AA8@CPUMAIL2.cpu.qc.ca> Message-ID: <20170106143004.GA34215@gweep.net> On Fri, Jan 06, 2017 at 08:48:03AM -0500, Sebastien.Boulianne at cpu.ca wrote: > Hi, > > Most of our routers / FW are Fortigates. > I would like take full config backup including all vdoms using Rancid. > How can I do that ? > I have 3 VDOMs on a FGT80C : Global, root, ROUTER > How can I take those 3 vdoms in backup ? > > I have the global admin account for all those devices. > I have the same problem with a FGT300B. I haven't a multiple-vdom FG to test against, but if it isn't caught by "show full-configuration" in your version, then ISTR the only way was a tftp/scp via "execute backup config". See http://kb.fortinet.com/kb/documentLink.do?externalID=FD31124 I'd test first with "fnlogin -c 'show full-configuration' devicename", as that's an easy twiddle. :-) -- Posted from my personal account - see X-Disclaimer header. Joe Provo / Gweep / Earthling From heas at shrubbery.net Fri Jan 6 16:33:23 2017 From: heas at shrubbery.net (heasley) Date: Fri, 6 Jan 2017 16:33:23 +0000 Subject: [rancid] Rancid mail error In-Reply-To: References: Message-ID: <20170106163323.GB93436@shrubbery.net> Fri, Jan 06, 2017 at 07:21:29PM +0530, Harsha S Aryan: > Hi all > I am getting switch down and router down mail how to stop this > Not getting config difference mail also please see the FAQ; S3Q2 and S6. From djones at ena.com Mon Jan 9 15:47:18 2017 From: djones at ena.com (David Jones) Date: Mon, 9 Jan 2017 15:47:18 +0000 Subject: [rancid] Inventory output patch for IOS Message-ID: We upgraded from 3.1 to 3.6.1 recently and noticed that the Inventory?output changed significantly breaking some parsing/reporting. This also breaks from the Rancid standard for gathering/displaying the ! information. Rancid 3.1 ========= !Inventory: NAME: "1", DESCR: "ME-3400G-2CS-A" !Inventory: PID: ME-3400G-2CS-A , VID: V03 , SN: FOC1523V1AG Rancid 3.6.1 ========== !NAME: "1", DESCR: "ME-3400G-2CS-A" !PID: ME-3400G-2CS-A !VID: V03 !SN: FOC1523V1AG For output consistency, here is a patch for the ios.pm (also applies same block of code in iosxr.pm): --- ios.pm.orig.3.6.1 2016-12-17 14:07:34.000000000 -0600 +++ ios.pm 2017-01-09 09:19:40.185453144 -0600 @@ -1735,8 +1764,10 @@ next if (/^Load for /); next if (/^Time source is /); + # remove spaces after quotes + s/\"\s+/\"/g; if (/^(NAME: "[^"]*",) (DESCR: "[^"]+")/) { - ProcessHistory("INVENTORY","","", sprintf("!%-30s %s\n", $1, $2)); + ProcessHistory("INVENTORY","","", sprintf("!Inventory: %-30s %s\n", $1, $2)); next; } # split PID/VID/SN line @@ -1745,20 +1776,18 @@ my($entries) = ""; # filter , "0x" and "N/A" lines if ($pid !~ /^(|0x|N\/A)$/) { - $entries .= "!PID: $pid\n"; + $entries .= "PID: $pid"; } if ($vid !~ /^(|0x|N\/A)$/) { - $entries .= "!VID: $vid\n"; + $entries .= ", VID: $vid"; } if ($sn !~ /^(|0x|N\/A)$/) { - $entries .= "!SN: $sn\n"; + $entries .= ", SN: $sn"; } - ProcessHistory("INVENTORY","","", "$entries"); - next; } - ProcessHistory("INVENTORY","","","!$_"); + ProcessHistory("INVENTORY","","","!Inventory: $_"); } - ProcessHistory("INVENTORY","","","!\n"); + ProcessHistory("INVENTORY","","","\n"); Dave Jones Lead Systems Engineer Education Networks of America www.ena.com From heas at shrubbery.net Mon Jan 9 19:43:36 2017 From: heas at shrubbery.net (heasley) Date: Mon, 9 Jan 2017 19:43:36 +0000 Subject: [rancid] Inventory output patch for IOS In-Reply-To: References: Message-ID: <20170109194336.GC93805@shrubbery.net> Mon, Jan 09, 2017 at 03:47:18PM +0000, David Jones: > We upgraded from 3.1 to 3.6.1 recently and noticed that the Inventory?output changed significantly breaking some parsing/reporting. This also breaks from the Rancid standard for gathering/displaying the ! information. The change was intentional; its more easily parsed by consumers and humans and was also a work-around for a bug in a defunct ios release. so, if you wish to have the old format, you may extend rancid your own function to format ShowInventory; see ciscoshtech in rancid.types.conf for an example. From djones at ena.com Tue Jan 10 20:14:37 2017 From: djones at ena.com (David Jones) Date: Tue, 10 Jan 2017 20:14:37 +0000 Subject: [rancid] Inventory output patch for IOS In-Reply-To: <20170109194336.GC93805@shrubbery.net> References: , <20170109194336.GC93805@shrubbery.net> Message-ID: Where is this rancid.types.conf with the "ciscoshtech'? Thank you, Dave ________________________________ From: heasley Sent: Monday, January 9, 2017 1:43 PM To: David Jones Cc: rancid-discuss at shrubbery.net Subject: Re: [rancid] Inventory output patch for IOS Mon, Jan 09, 2017 at 03:47:18PM +0000, David Jones: > We upgraded from 3.1 to 3.6.1 recently and noticed that the Inventory output changed significantly breaking some parsing/reporting. This also breaks from the Rancid standard for gathering/displaying the ! information. The change was intentional; its more easily parsed by consumers and humans and was also a work-around for a bug in a defunct ios release. so, if you wish to have the old format, you may extend rancid your own function to format ShowInventory; see ciscoshtech in rancid.types.conf for an example. -------------- next part -------------- An HTML attachment was scrubbed... URL: From swehack at gmail.com Thu Jan 12 22:08:46 2017 From: swehack at gmail.com (Stefan Midjich) Date: Thu, 12 Jan 2017 23:08:46 +0100 Subject: [rancid] Random behavior of $found_end and $clean_run Message-ID: Excluse my ignorance in Perl but I've observed some very strange behavior on Ubuntu 16.04 with Rancid 3.3. I've also tried patching relevant files with new code from the latest rancid 3.6.2 package and seeing same results. Rancid-run mostly reports that $found_end or $clean_run are zero but if I insert a print around line 180 suddenly the variables are magically set. I've run several times and only once was clean_run set to 0. But if I remove the print, it goes back to reporting "End of run not found". I also tried setting it in ciscowlc.pm but there I can see that found_end and clean_run are mostly set to 1. # WLC lacks a definitive "end of config" marker. if ($linecnt > 5) { print STDERR "Found end, return 1" if ($debug); $found_end = 1; return(1); } And changed my /etc/rancid/rancid.types.conf setup to this. cisco-wlc8;script;rancid -d -t cisco-wlc8 cisco-wlc8;login;wlogin -noenable -t 120 cisco-wlc8;module;ciscowlc cisco-wlc8;inloop;ciscowlc::inloop cisco-wlc8;command;ciscowlc::ShowUdi;config paging disable cisco-wlc8;command;ciscowlc::ShowUdi;show udi cisco-wlc8;command;ciscowlc::ShowSysinfo;show sysinfo cisco-wlc8;command;ciscowlc::ShowConfig;show run-config So I could see the debug info, and sure enough it hits the end but doesn't register. Exiting ShowConfig: (Cisco Controller) > Found End, return 1 wlc01: End of run not found Also note that the double ShowUdi is a hack for Cisco WLC version 8 where you need to disable paging. Vanilla code with debug flag gives me this at the end of the log. wlc01: End of run not found wlc01: End of run not found !--WLC End Config Data--! Then I add this line on line 141 of /usr/lib/rancid/bin/rancid. print(STDERR "$found_end, $clean_run\n") if ($debug); And rancid-run says this at the end of the log. 1, 0 wlc01: End of run not found wlc01: End of run not found But I've added a print statement next to every instance of clean_run = 0 I could find in ciscowlc.pm yet I don't see any of them in the log. And this behavior somtimes shifts to both values being 1, and no error being shown. It's unusually random and I cannot figure out what is causing this behavior. Has anyone observed this? I've documented my wlc v8 config here in case it might help anyone: https://wiki.sydit.se/teknik:guider:networking:backup_av_cisco_wlc_med_rancid -- V?nliga H?lsningar / Sincerely Stefan M From mischa.diehm at unibas.ch Fri Jan 13 14:16:13 2017 From: mischa.diehm at unibas.ch (Mischa Diehm) Date: Fri, 13 Jan 2017 14:16:13 +0000 Subject: [rancid] rancid-run repeating to test device on errors that are not recoverable Message-ID: Hi, trying to get the logs from rancid into our monitoring system I noticed that rancid would try to login to systems $ROUND times even though the error is clear in terms of being unrecoverable during a rancid-run e.g.: rancid at noc-XXX:~/logs$ grep 'Update the SSH known_hosts file accordingly.' RZ-ROUTER.20170113.054748 | grep routerXYZ routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH known_hosts file accordingly. routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH known_hosts file accordingly. routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH known_hosts file accordingly. routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH known_hosts file accordingly. routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH known_hosts file accordingly. in our case MAX_ROUNDS=4? I checked but couldn?t find an fast easy way to fix this. Same for ?check your password? et al. What do you think? Is there an easy way to prevent retrying in case of unrecoverable errors? Thanks, -m -- Mischa Diehm | Network Team (NINS) UniBasel | IT-Services (ITS) Klingebergstr. 70 | CH-4056 Basel Tel. +41 61 267 1574 | https://its.unibas.ch -------------- next part -------------- An HTML attachment was scrubbed... URL: From mischa.diehm at unibas.ch Fri Jan 13 14:22:43 2017 From: mischa.diehm at unibas.ch (Mischa Diehm) Date: Fri, 13 Jan 2017 14:22:43 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? Message-ID: Hi I was wondering why we didn?t get any !VLAN? lines for our nexus 7700 rancid runs and found out that on the nexus a ?show vtp? gives: XXX-cc# show vtp status Service not enabled looking at the code I found that in /usr/share/perl5/rancid/nxos.pm: In sub ShowVTP # Nexus 5k and 1000v do note support vtp if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { $DO_SHOW_VLAN = 0; } and later in sub ShowVLAN: ($_ = <$INPUT>, return(1)) if (!$DO_SHOW_VLAN); Similar for ios.. I wonder why it would be bad to have the output of ?show vlan? in the config even if we were running the VTP-Modes exclude like ?Server?. Okay the vlan configs might be inside the config (not always like in the ?Server? case) but the ?show vlan? shows more information like which interfaces are configured etc. So wouldn?t it be good to just remove this restriction? Thanks, -m -- Mischa Diehm | Network Team (NINS) UniBasel | IT-Services (ITS) Klingebergstr. 70 | CH-4056 Basel Tel. +41 61 267 1574 | https://its.unibas.ch -------------- next part -------------- An HTML attachment was scrubbed... URL: From ler762 at gmail.com Fri Jan 13 15:24:43 2017 From: ler762 at gmail.com (Lee) Date: Fri, 13 Jan 2017 10:24:43 -0500 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: Message-ID: On 1/13/17, Mischa Diehm wrote: > Hi > > I was wondering why we didn?t get any > !VLAN? > lines for our nexus 7700 rancid runs and found out that on the nexus a ?show > vtp? gives: > > XXX-cc# show vtp status > Service not enabled > > looking at the code I found that in /usr/share/perl5/rancid/nxos.pm: > > In sub ShowVTP > # Nexus 5k and 1000v do note support vtp > if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { > $DO_SHOW_VLAN = 0; > } > and later in sub ShowVLAN: > > ($_ = <$INPUT>, return(1)) if (!$DO_SHOW_VLAN); > > Similar for ios.. I wonder why it would be bad to have the output of ?show > vlan? in the config even if we were running the VTP-Modes exclude like > ?Server?. Okay the vlan configs might be inside the config (not always like > in the ?Server? case) but the ?show vlan? shows more information like which > interfaces are configured etc. So wouldn?t it be good to just remove this > restriction? Yes. Which is yet another reason why it's so nice having the source - it's easy to make trivial changes like that. Or adding commands like 'show vlan all-ports' Regards, Lee From alan.mckinnon at gmail.com Fri Jan 13 16:38:42 2017 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Fri, 13 Jan 2017 18:38:42 +0200 Subject: [rancid] rancid-run repeating to test device on errors that are not recoverable In-Reply-To: References: Message-ID: On 13/01/2017 16:16, Mischa Diehm wrote: > Hi, > > trying to get the logs from rancid into our monitoring system I noticed > that rancid would try to login to systems $ROUND times even though the > error is clear in terms of being unrecoverable during a rancid-run e.g.: > > rancid at noc-XXX:~/logs$ grep 'Update the SSH known_hosts file > accordingly.' RZ-ROUTER.20170113.054748 | grep routerXYZ > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > known_hosts file accordingly. > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > known_hosts file accordingly. > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > known_hosts file accordingly. > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > known_hosts file accordingly. > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > known_hosts file accordingly. > > in our case MAX_ROUNDS=4? I checked but couldn?t find an fast easy way > to fix this. Same for ?check your password? et al. What do you think? Is > there an easy way to prevent retrying in case of unrecoverable errors? I don't see the retries as being especially problematic. *login will try and fail the known_hosts tests many 10s of times in the time it takes to retrieve one router's config. The extra processing effort is very little indeed, almost below the noise floor. What it does do though, is increase the log entries and make them rather visible, all of which encourages you to fix known_hosts by making it highly visible that there is a problem. My solution for retries is to set it to 1, and rancid's cron job runs every hour. If the attempt fails for any reason, it tries again in an hour and I get 2 hours of changes in once cvs commit -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Fri Jan 13 18:17:37 2017 From: heas at shrubbery.net (heasley) Date: Fri, 13 Jan 2017 18:17:37 +0000 Subject: [rancid] rancid-run repeating to test device on errors that are not recoverable In-Reply-To: References: Message-ID: <20170113181737.GF40198@shrubbery.net> Fri, Jan 13, 2017 at 06:38:42PM +0200, Alan McKinnon: > On 13/01/2017 16:16, Mischa Diehm wrote: > > Hi, > > > > trying to get the logs from rancid into our monitoring system I noticed > > that rancid would try to login to systems $ROUND times even though the > > error is clear in terms of being unrecoverable during a rancid-run e.g.: > > > > rancid at noc-XXX:~/logs$ grep 'Update the SSH known_hosts file > > accordingly.' RZ-ROUTER.20170113.054748 | grep routerXYZ > > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > > known_hosts file accordingly. > > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > > known_hosts file accordingly. > > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > > known_hosts file accordingly. > > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > > known_hosts file accordingly. > > routerXYZ-fa-0-1.urz.p.unibas.ch clogin error: Error: The host key for > > routerXYZ-fa-0-1.urz.p.unibas.ch has changed. Update the SSH > > known_hosts file accordingly. > > > > in our case MAX_ROUNDS=4? I checked but couldn?t find an fast easy way > > to fix this. Same for ?check your password? et al. What do you think? Is > > there an easy way to prevent retrying in case of unrecoverable errors? > > I don't see the retries as being especially problematic. *login will try > and fail the known_hosts tests many 10s of times in the time it takes to > retrieve one router's config. The extra processing effort is very little > indeed, almost below the noise floor. I suggest that it is not worth any effort to catch all possible failures in all possible environments. just let it fail. if its wallclock time that is an issue for you, reduce MAX_ROUNDS to 1 or raise PAR_COUNT - or both. From heas at shrubbery.net Fri Jan 13 18:37:54 2017 From: heas at shrubbery.net (heasley) Date: Fri, 13 Jan 2017 18:37:54 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: Message-ID: <20170113183754.GH40198@shrubbery.net> Fri, Jan 13, 2017 at 10:24:43AM -0500, Lee: > On 1/13/17, Mischa Diehm wrote: > > Hi > > > > I was wondering why we didn?t get any > > !VLAN? > > lines for our nexus 7700 rancid runs and found out that on the nexus a ?show > > vtp? gives: > > > > XXX-cc# show vtp status > > Service not enabled > > > > looking at the code I found that in /usr/share/perl5/rancid/nxos.pm: > > > > In sub ShowVTP > > # Nexus 5k and 1000v do note support vtp > > if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { > > $DO_SHOW_VLAN = 0; > > } > > and later in sub ShowVLAN: > > > > ($_ = <$INPUT>, return(1)) if (!$DO_SHOW_VLAN); > > > > Similar for ios.. I wonder why it would be bad to have the output of ?show > > vlan? in the config even if we were running the VTP-Modes exclude like > > ?Server?. Okay the vlan configs might be inside the config (not always like > > in the ?Server? case) but the ?show vlan? shows more information like which > > interfaces are configured etc. So wouldn?t it be good to just remove this > > restriction? It causes nevery-ending changes in the config as ports become active/inactive, eg: someone disconnects or powers-off equipment. and in the case of VTP, it potentially is network wide. if you wanted to monitor such things, its probably best done in a NMS, where you'd catch all such changes. rancid 3.5 added for some modules: # FILTER_OSC determines if oscillating data such as keys, passwords, etc are # filtered from configs by the value set (NO | YES). FILTER_PWDS may override # this. see rancid.conf(5). #FILTER_OSC=YES; export FILTER_OSC such a thing could be dependent upon this configuration, but again I do not see the point. if you're not using VTP and its not including the vlan stuff, i do want to fix that. > Yes. Which is yet another reason why it's so nice having the source - > it's easy to make trivial changes like that. Or adding commands like > 'show vlan all-ports' > > Regards, > Lee > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri Jan 13 20:55:27 2017 From: heas at shrubbery.net (heasley) Date: Fri, 13 Jan 2017 20:55:27 +0000 Subject: [rancid] Random behavior of $found_end and $clean_run In-Reply-To: References: Message-ID: <20170113205527.GV40198@shrubbery.net> Thu, Jan 12, 2017 at 11:08:46PM +0100, Stefan Midjich: > Excluse my ignorance in Perl but I've observed some very strange > behavior on Ubuntu 16.04 with Rancid 3.3. > > I've also tried patching relevant files with new code from the latest > rancid 3.6.2 package and seeing same results. > > Rancid-run mostly reports that $found_end or $clean_run are zero but > if I insert a print around line 180 suddenly the variables are > magically set. > > I've run several times and only once was clean_run set to 0. But if I > remove the print, it goes back to reporting "End of run not found". > > I also tried setting it in ciscowlc.pm but there I can see that > found_end and clean_run are mostly set to 1. > > # WLC lacks a definitive "end of config" marker. > if ($linecnt > 5) { > print STDERR "Found end, return 1" if ($debug); > $found_end = 1; > return(1); > } > > And changed my /etc/rancid/rancid.types.conf setup to this. > > cisco-wlc8;script;rancid -d -t cisco-wlc8 > cisco-wlc8;login;wlogin -noenable -t 120 > cisco-wlc8;module;ciscowlc > cisco-wlc8;inloop;ciscowlc::inloop > cisco-wlc8;command;ciscowlc::ShowUdi;config paging disable > cisco-wlc8;command;ciscowlc::ShowUdi;show udi > cisco-wlc8;command;ciscowlc::ShowSysinfo;show sysinfo > cisco-wlc8;command;ciscowlc::ShowConfig;show run-config > > So I could see the debug info, and sure enough it hits the end but > doesn't register. > > Exiting ShowConfig: (Cisco Controller) > > Found End, return 1 > wlc01: End of run not found > > Also note that the double ShowUdi is a hack for Cisco WLC version 8 > where you need to disable paging. Doesn't 'config paging disable' change the configuration of the device, rather than just the current session? And, is wlogin not responding to the pager properly? also, you can use a different function to eat the output: cisco-wlc8;command;rancid::RunCommand;config paging disable > Vanilla code with debug flag gives me this at the end of the log. > > wlc01: End of run not found > wlc01: End of run not found > !--WLC End Config Data--! > > Then I add this line on line 141 of /usr/lib/rancid/bin/rancid. > > print(STDERR "$found_end, $clean_run\n") if ($debug); > > And rancid-run says this at the end of the log. > > 1, 0 > wlc01: End of run not found > wlc01: End of run not found > > But I've added a print statement next to every instance of clean_run = > 0 I could find in ciscowlc.pm yet I don't see any of them in the log. > > And this behavior somtimes shifts to both values being 1, and no error > being shown. > > It's unusually random and I cannot figure out what is causing this > behavior. Has anyone observed this? > > I've documented my wlc v8 config here in case it might help anyone: > https://wiki.sydit.se/teknik:guider:networking:backup_av_cisco_wlc_med_rancid > > -- > V?nliga H?lsningar / Sincerely > Stefan M > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Fri Jan 13 21:03:00 2017 From: heas at shrubbery.net (heasley) Date: Fri, 13 Jan 2017 21:03:00 +0000 Subject: [rancid] Random behavior of $found_end and $clean_run In-Reply-To: References: Message-ID: <20170113210300.GW40198@shrubbery.net> Thu, Jan 12, 2017 at 11:08:46PM +0100, Stefan Midjich: > Also note that the double ShowUdi is a hack for Cisco WLC version 8 > where you need to disable paging. > > Vanilla code with debug flag gives me this at the end of the log. > > wlc01: End of run not found > wlc01: End of run not found > !--WLC End Config Data--! > > Then I add this line on line 141 of /usr/lib/rancid/bin/rancid. > > print(STDERR "$found_end, $clean_run\n") if ($debug); > > And rancid-run says this at the end of the log. > > 1, 0 > wlc01: End of run not found > wlc01: End of run not found > > But I've added a print statement next to every instance of clean_run = > 0 I could find in ciscowlc.pm yet I don't see any of them in the log. > > And this behavior somtimes shifts to both values being 1, and no error > being shown. > > It's unusually random and I cannot figure out what is causing this > behavior. Has anyone observed this? sorry for the 2nd msg. clear_run is probably not set because of failure to match the end of the cli session - which normally implies that all of the commands and interaction with the device completed as expected. several times a bug has arisen in cisco clis where the device does not echo all of the disconnect command (exit/logout/quit/...) or the after the command. Perhaps your device is doing this? From ler762 at gmail.com Sat Jan 14 14:00:52 2017 From: ler762 at gmail.com (Lee) Date: Sat, 14 Jan 2017 09:00:52 -0500 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: <20170113183754.GH40198@shrubbery.net> References: <20170113183754.GH40198@shrubbery.net> Message-ID: On 1/13/17, heasley wrote: > Fri, Jan 13, 2017 at 10:24:43AM -0500, Lee: >> On 1/13/17, Mischa Diehm wrote: >> > Hi >> > >> > I was wondering why we didn?t get any >> > !VLAN? >> > lines for our nexus 7700 rancid runs and found out that on the nexus a >> > ?show >> > vtp? gives: >> > >> > XXX-cc# show vtp status >> > Service not enabled >> > >> > looking at the code I found that in /usr/share/perl5/rancid/nxos.pm: >> > >> > In sub ShowVTP >> > # Nexus 5k and 1000v do note support vtp >> > if (!/^VTP Operating Mode\s+:\s+(Transparent|Server)/) { >> > $DO_SHOW_VLAN = 0; >> > } >> > and later in sub ShowVLAN: >> > >> > ($_ = <$INPUT>, return(1)) if (!$DO_SHOW_VLAN); >> > >> > Similar for ios.. I wonder why it would be bad to have the output of >> > ?show >> > vlan? in the config even if we were running the VTP-Modes exclude like >> > ?Server?. Okay the vlan configs might be inside the config (not always >> > like >> > in the ?Server? case) but the ?show vlan? shows more information like >> > which >> > interfaces are configured etc. So wouldn?t it be good to just remove >> > this >> > restriction? > > It causes nevery-ending changes in the config as ports become > active/inactive, eg: someone disconnects or powers-off equipment. For IOS switches I added 'show vlan all-ports' 'show vlan' before 'show vlan-switch' and added this bit at the end of sub ShowVLAN $DO_SHOW_VLAN = 0; # -LR- # -LR- not everything supports "show vlan all-ports" # -LR- so do "show vlan all-ports" first and, if it succeeds, # -LR- clear the flag so we do not do a plain "show vlan" return(0); so rancid would save only the output from the first show vlan command that succeeded. 'show vlan all-ports' shows vlan info even for shutdown switchports & most all our stuff supports show vlan all-ports, so config-churn wasn't a problem. > and in the case of VTP, it potentially is network wide. <.. snip rant about vtp ..> > if you wanted to monitor such things, its > probably best done in a NMS, where you'd catch all such changes. It's nice having rancid collect vlan info; you can do things like process all the configs to create a summary listing of vlanNum vlanName: switch1 switch2 ... switchN showing what vlans are configured where, do config sanity checks that for all "switchport voice vlan NNN" the vlan NNN name starts with "voice_", etc. > rancid 3.5 added for some modules: > > # FILTER_OSC determines if oscillating data such as keys, passwords, etc > are > # filtered from configs by the value set (NO | YES). FILTER_PWDS may > override > # this. see rancid.conf(5). > #FILTER_OSC=YES; export FILTER_OSC > > such a thing could be dependent upon this configuration, but again I do not > see the point. which is why it's so nice having the source code :) Whatever pain caused by collecting vlan info in rancid was, i thought, more than offset by the utility of having rancid collect vlan info. Best Regards, Lee From merijn at trans-ix.nl Tue Jan 17 23:13:33 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Tue, 17 Jan 2017 23:13:33 +0000 Subject: [rancid] Fortigate last-login Message-ID: <060036576ead4414b756b5c37df72411@exch02.cloudhosted.local> Hello, On our Fortigate units the last-login entry is causing RANCID to detect a change every hour. To fix this I have added the next few lines in fnrancid: # filter last-login if (/^(\s*set)\slast-login\s(.*)/ && $filter_osc) { ProcessHistory("","","","#$1 last-login \n"); next; } After the "# filter cycling password encryption" block. Maybe it helps others, or it can be done better. Kind regards, Merijn Evertse -------------- next part -------------- An HTML attachment was scrubbed... URL: From dmahoney at isc.org Wed Jan 18 02:06:11 2017 From: dmahoney at isc.org (Dan Mahoney) Date: Wed, 18 Jan 2017 02:06:11 +0000 (UTC) Subject: [rancid] Rancid "down" messages. Message-ID: Hey all, Here at ISC, we have a number of hosts that are marked as down, with appropriate comments/tickets in routers.db. However, it seems that while rancid doesn't try to poll them, they're still included in the "routers have not been contacted in 24 hours" list. Is this by design? In a perfect world, adding the router as "down" is a "yes, we know." to this. Is there a simple regex tweak that can be done to exclude marked-as-down routers from this report as well? Best, -Dan From Remi.FESSARD at knorr-bremse.com Thu Jan 19 11:48:33 2017 From: Remi.FESSARD at knorr-bremse.com (=?iso-8859-1?Q?FESSARD=2C_R=E9mi?=) Date: Thu, 19 Jan 2017 11:48:33 +0000 Subject: [rancid] CISCO Wireless LAN Controler Message-ID: Hello, I have a lot changes with Rancid backup of my CISCO wireless lan controller with these lines: + q)uit - q)uit + or (q)uit - or (q)uit How can I do to solve it ? My version of Rancid is 3.6.2 Thanks in advance for your support. R?mi This transmission is intended solely for the addressee and contains confidential information. If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system. Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mischa.diehm at unibas.ch Thu Jan 19 20:55:29 2017 From: mischa.diehm at unibas.ch (Mischa Diehm) Date: Thu, 19 Jan 2017 20:55:29 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: <20170113183754.GH40198@shrubbery.net> References: <20170113183754.GH40198@shrubbery.net> Message-ID: Hi, On 13.01.17, 19:37, "heasley" wrote: >It causes nevery-ending changes in the config as ports become >active/inactive, >eg: someone disconnects or powers-off equipment. and in the case of VTP, >it >potentially is network wide. if you wanted to monitor such things, its >probably best done in a NMS, where you'd catch all such changes. > >rancid 3.5 added for some modules: > ># FILTER_OSC determines if oscillating data such as keys, passwords, etc >are ># filtered from configs by the value set (NO | YES). FILTER_PWDS may >override ># this. see rancid.conf(5). >#FILTER_OSC=YES; export FILTER_OSC > >such a thing could be dependent upon this configuration, but again I do >not >see the point. Thanks for the clarification. This really kind of depends on where rancid is run. In a campus/client env. I see your point but we also have more static parts where this is usesful information. There it actually is also useful to see what ports actually have changed. But you are right maybe no worth it overall. But thanks for pointing out the OSC part. What we see on most of our Nexus infrastructure is every night: - !Flash: debug: 124053 Jan 18 05:38:00 2017 bootvar_debug.log - !Flash: debug: 6 Jan 18 05:38:00 2017 bootvar_debug.meta + !Flash: debug: 124872 Jan 19 05:38:05 2017 bootvar_debug.log + !Flash: debug: 6 Jan 19 05:38:05 2017 bootvar_debug.meta And this: - !Flash: logflash: 87092 Jan 17 05:43:42 2017 accounting_log + !Flash: logflash: 136367 Jan 18 05:43:35 2017 accounting_log Which is quite annoying... >if you're not using VTP and its not including the vlan stuff, i do want to >fix that. Well then you have to fix it for this as said: XXX-cc# show vtp status Service not enabled Cheers, Mischa > >> Yes. Which is yet another reason why it's so nice having the source - >> it's easy to make trivial changes like that. Or adding commands like >> 'show vlan all-ports' >> >> Regards, >> Lee >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2202 bytes Desc: not available URL: From weylin at bu.edu Fri Jan 20 20:33:36 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Fri, 20 Jan 2017 20:33:36 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: <20170113183754.GH40198@shrubbery.net> Message-ID: <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> > What we see on most of our Nexus infrastructure is every night: > ... > Which is quite annoying... If there?s a mechanism for removing these ?debug? updates for NX-OS, that would be *awesome.* I opened a TAC case about this, it?s not something I have any kind level of control over, whatsoever. weylin On 1/19/17, 15:55, "Mischa Diehm" wrote: Hi, On 13.01.17, 19:37, "heasley" wrote: >It causes nevery-ending changes in the config as ports become >active/inactive, >eg: someone disconnects or powers-off equipment. and in the case of VTP, >it >potentially is network wide. if you wanted to monitor such things, its >probably best done in a NMS, where you'd catch all such changes. > >rancid 3.5 added for some modules: > ># FILTER_OSC determines if oscillating data such as keys, passwords, etc >are ># filtered from configs by the value set (NO | YES). FILTER_PWDS may >override ># this. see rancid.conf(5). >#FILTER_OSC=YES; export FILTER_OSC > >such a thing could be dependent upon this configuration, but again I do >not >see the point. Thanks for the clarification. This really kind of depends on where rancid is run. In a campus/client env. I see your point but we also have more static parts where this is usesful information. There it actually is also useful to see what ports actually have changed. But you are right maybe no worth it overall. But thanks for pointing out the OSC part. What we see on most of our Nexus infrastructure is every night: - !Flash: debug: 124053 Jan 18 05:38:00 2017 bootvar_debug.log - !Flash: debug: 6 Jan 18 05:38:00 2017 bootvar_debug.meta + !Flash: debug: 124872 Jan 19 05:38:05 2017 bootvar_debug.log + !Flash: debug: 6 Jan 19 05:38:05 2017 bootvar_debug.meta And this: - !Flash: logflash: 87092 Jan 17 05:43:42 2017 accounting_log + !Flash: logflash: 136367 Jan 18 05:43:35 2017 accounting_log Which is quite annoying... >if you're not using VTP and its not including the vlan stuff, i do want to >fix that. Well then you have to fix it for this as said: XXX-cc# show vtp status Service not enabled Cheers, Mischa > >> Yes. Which is yet another reason why it's so nice having the source - >> it's easy to make trivial changes like that. Or adding commands like >> 'show vlan all-ports' >> >> Regards, >> Lee >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ler762 at gmail.com Sat Jan 21 18:33:22 2017 From: ler762 at gmail.com (Lee) Date: Sat, 21 Jan 2017 13:33:22 -0500 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> Message-ID: On 1/20/17, Piegorsch, Weylin William wrote: >> What we see on most of our Nexus infrastructure is every night: >> ... >> Which is quite annoying... > > If there?s a mechanism for removing these ?debug? updates for NX-OS, that > would be *awesome.* I opened a TAC case about this, it?s not something I > have any kind level of control over, whatsoever. Take a look at rancid/lib/rancid/ios.pm - it has code to blank the file size & timestamp so that updates to the file(s) don't cause rancid to think the config has changed. Look for # filter frequently changing files (dhcp & vlan database) # change from: # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat # to: # -rw- vlan.dat # -rw- vlan.dat and adapt as needed Regards, Lee > > weylin > > On 1/19/17, 15:55, "Mischa Diehm" wrote: > > Hi, > > > On 13.01.17, 19:37, "heasley" wrote: > > > >It causes nevery-ending changes in the config as ports become > >active/inactive, > >eg: someone disconnects or powers-off equipment. and in the case of > VTP, > >it > >potentially is network wide. if you wanted to monitor such things, > its > >probably best done in a NMS, where you'd catch all such changes. > > > >rancid 3.5 added for some modules: > > > ># FILTER_OSC determines if oscillating data such as keys, passwords, > etc > >are > ># filtered from configs by the value set (NO | YES). FILTER_PWDS may > >override > ># this. see rancid.conf(5). > >#FILTER_OSC=YES; export FILTER_OSC > > > >such a thing could be dependent upon this configuration, but again I > do > >not > >see the point. > > Thanks for the clarification. This really kind of depends on where > rancid > is run. In a campus/client env. I see your point but we also have more > static parts where this is usesful information. There it actually is > also > useful to see what ports actually have changed. But you are right maybe > no > worth it overall. > But thanks for pointing out the OSC part. What we see on most of our > Nexus > infrastructure is every night: > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 bootvar_debug.log > - !Flash: debug: 6 Jan 18 05:38:00 2017 > bootvar_debug.meta > + !Flash: debug: 124872 Jan 19 05:38:05 2017 bootvar_debug.log > + !Flash: debug: 6 Jan 19 05:38:05 2017 > bootvar_debug.meta > > > And this: > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 accounting_log > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 accounting_log > > > > Which is quite annoying... > > >if you're not using VTP and its not including the vlan stuff, i do want > to > >fix that. > > Well then you have to fix it for this as said: > XXX-cc# show vtp status > Service not enabled > > > Cheers, > Mischa > > > > >> Yes. Which is yet another reason why it's so nice having the source > - > >> it's easy to make trivial changes like that. Or adding commands > like > >> 'show vlan all-ports' > >> > >> Regards, > >> Lee > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From weylin at bu.edu Sun Jan 22 04:51:11 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Sun, 22 Jan 2017 04:51:11 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> Message-ID: Thanks Lee. Is ios.pm called for NX-OS devices (?cisco-nx?)? I tried looking through nxos.pm but didn?t see anything equivalent. I?m using v3.4.1 if it makes a difference. weylin On 1/21/17, 13:33, "Lee" wrote: On 1/20/17, Piegorsch, Weylin William wrote: >> What we see on most of our Nexus infrastructure is every night: >> ... >> Which is quite annoying... > > If there?s a mechanism for removing these ?debug? updates for NX-OS, that > would be *awesome.* I opened a TAC case about this, it?s not something I > have any kind level of control over, whatsoever. Take a look at rancid/lib/rancid/ios.pm - it has code to blank the file size & timestamp so that updates to the file(s) don't cause rancid to think the config has changed. Look for # filter frequently changing files (dhcp & vlan database) # change from: # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat # to: # -rw- vlan.dat # -rw- vlan.dat and adapt as needed Regards, Lee > > weylin > > On 1/19/17, 15:55, "Mischa Diehm" wrote: > > Hi, > > > On 13.01.17, 19:37, "heasley" wrote: > > > >It causes nevery-ending changes in the config as ports become > >active/inactive, > >eg: someone disconnects or powers-off equipment. and in the case of > VTP, > >it > >potentially is network wide. if you wanted to monitor such things, > its > >probably best done in a NMS, where you'd catch all such changes. > > > >rancid 3.5 added for some modules: > > > ># FILTER_OSC determines if oscillating data such as keys, passwords, > etc > >are > ># filtered from configs by the value set (NO | YES). FILTER_PWDS may > >override > ># this. see rancid.conf(5). > >#FILTER_OSC=YES; export FILTER_OSC > > > >such a thing could be dependent upon this configuration, but again I > do > >not > >see the point. > > Thanks for the clarification. This really kind of depends on where > rancid > is run. In a campus/client env. I see your point but we also have more > static parts where this is usesful information. There it actually is > also > useful to see what ports actually have changed. But you are right maybe > no > worth it overall. > But thanks for pointing out the OSC part. What we see on most of our > Nexus > infrastructure is every night: > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 bootvar_debug.log > - !Flash: debug: 6 Jan 18 05:38:00 2017 > bootvar_debug.meta > + !Flash: debug: 124872 Jan 19 05:38:05 2017 bootvar_debug.log > + !Flash: debug: 6 Jan 19 05:38:05 2017 > bootvar_debug.meta > > > And this: > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 accounting_log > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 accounting_log > > > > Which is quite annoying... > > >if you're not using VTP and its not including the vlan stuff, i do want > to > >fix that. > > Well then you have to fix it for this as said: > XXX-cc# show vtp status > Service not enabled > > > Cheers, > Mischa > > > > >> Yes. Which is yet another reason why it's so nice having the source > - > >> it's easy to make trivial changes like that. Or adding commands > like > >> 'show vlan all-ports' > >> > >> Regards, > >> Lee > >> > >> _______________________________________________ > >> Rancid-discuss mailing list > >> Rancid-discuss at shrubbery.net > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ler762 at gmail.com Sun Jan 22 23:09:12 2017 From: ler762 at gmail.com (Lee) Date: Sun, 22 Jan 2017 18:09:12 -0500 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> Message-ID: On 1/21/17, Piegorsch, Weylin William wrote: > Thanks Lee. Is ios.pm called for NX-OS devices (?cisco-nx?)? I tried > looking through nxos.pm but didn?t see anything equivalent. I?m using > v3.4.1 if it makes a difference. It looks like 3.4.1 already has code to blank out the file size & timestamp. Starting at line 509 of rancid-3.4.1/lib/rancid/nxos.pm # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { down a bit further it's got: next if (/BufferMonitor-1HourData/); if (/ log\/$/) { # change # 8192 Jan 08 14:05:05 2015 log/ # to # log/ if (/(\s*\d+\s+)(\S+ \d+\s+\d+:\d+:\d+ \d+)(.*)/) { my($a, $dt, $rem) = ($1, $2, $3); my($dtl) = length($dt); my($fmt) = "%s%-". $dtl ."s%s\n"; $_ = sprintf($fmt, $a, "", $rem); } } Regards, Lee > weylin > > On 1/21/17, 13:33, "Lee" wrote: > > On 1/20/17, Piegorsch, Weylin William wrote: > >> What we see on most of our Nexus infrastructure is every night: > >> ... > >> Which is quite annoying... > > > > If there?s a mechanism for removing these ?debug? updates for NX-OS, > that > > would be *awesome.* I opened a TAC case about this, it?s not > something I > > have any kind level of control over, whatsoever. > > Take a look at rancid/lib/rancid/ios.pm - it has code to blank the > file size & timestamp so that updates to the file(s) don't cause > rancid to think the config has changed. Look for > # filter frequently changing files (dhcp & vlan database) > # change from: > # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat > # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat > # to: > # -rw- vlan.dat > # -rw- vlan.dat > and adapt as needed > > Regards, > Lee > > > > > weylin > > > > On 1/19/17, 15:55, "Mischa Diehm" wrote: > > > > Hi, > > > > > > On 13.01.17, 19:37, "heasley" wrote: > > > > > > >It causes nevery-ending changes in the config as ports become > > >active/inactive, > > >eg: someone disconnects or powers-off equipment. and in the case > of > > VTP, > > >it > > >potentially is network wide. if you wanted to monitor such > things, > > its > > >probably best done in a NMS, where you'd catch all such changes. > > > > > >rancid 3.5 added for some modules: > > > > > ># FILTER_OSC determines if oscillating data such as keys, > passwords, > > etc > > >are > > ># filtered from configs by the value set (NO | YES). FILTER_PWDS > may > > >override > > ># this. see rancid.conf(5). > > >#FILTER_OSC=YES; export FILTER_OSC > > > > > >such a thing could be dependent upon this configuration, but > again I > > do > > >not > > >see the point. > > > > Thanks for the clarification. This really kind of depends on > where > > rancid > > is run. In a campus/client env. I see your point but we also have > more > > static parts where this is usesful information. There it actually > is > > also > > useful to see what ports actually have changed. But you are right > maybe > > no > > worth it overall. > > But thanks for pointing out the OSC part. What we see on most of > our > > Nexus > > infrastructure is every night: > > > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 > bootvar_debug.log > > - !Flash: debug: 6 Jan 18 05:38:00 2017 > > bootvar_debug.meta > > + !Flash: debug: 124872 Jan 19 05:38:05 2017 > bootvar_debug.log > > + !Flash: debug: 6 Jan 19 05:38:05 2017 > > bootvar_debug.meta > > > > > > And this: > > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 > accounting_log > > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 > accounting_log > > > > > > > > Which is quite annoying... > > > > >if you're not using VTP and its not including the vlan stuff, i > do want > > to > > >fix that. > > > > Well then you have to fix it for this as said: > > XXX-cc# show vtp status > > Service not enabled > > > > > > Cheers, > > Mischa > > > > > > > >> Yes. Which is yet another reason why it's so nice having the > source > > - > > >> it's easy to make trivial changes like that. Or adding > commands > > like > > >> 'show vlan all-ports' > > >> > > >> Regards, > > >> Lee > > >> > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > From weylin at bu.edu Mon Jan 23 21:06:51 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Mon, 23 Jan 2017 21:06:51 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> Message-ID: <1ABB1186-7C2B-43DA-A0FD-B3181D9A959D@bu.edu> Thanks Lee. I haven?t looked yet, and probably won?t until February at the earliest. I can copy/paste that code, replacing ?log? for ?debug? on the pasted portion. I?ll try it out and see how it works. If that works, is that something that can be forward ported into new versions of code? I?m a network engineer, my group doesn?t have software development as a core competency, but I?m willing to do this if there?s ?vendor? support (to use the generic term my boss uses) in future versions. weylin On 1/22/17, 18:09, "Lee" wrote: On 1/21/17, Piegorsch, Weylin William wrote: > Thanks Lee. Is ios.pm called for NX-OS devices (?cisco-nx?)? I tried > looking through nxos.pm but didn?t see anything equivalent. I?m using > v3.4.1 if it makes a difference. It looks like 3.4.1 already has code to blank out the file size & timestamp. Starting at line 509 of rancid-3.4.1/lib/rancid/nxos.pm # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { down a bit further it's got: next if (/BufferMonitor-1HourData/); if (/ log\/$/) { # change # 8192 Jan 08 14:05:05 2015 log/ # to # log/ if (/(\s*\d+\s+)(\S+ \d+\s+\d+:\d+:\d+ \d+)(.*)/) { my($a, $dt, $rem) = ($1, $2, $3); my($dtl) = length($dt); my($fmt) = "%s%-". $dtl ."s%s\n"; $_ = sprintf($fmt, $a, "", $rem); } } Regards, Lee > weylin > > On 1/21/17, 13:33, "Lee" wrote: > > On 1/20/17, Piegorsch, Weylin William wrote: > >> What we see on most of our Nexus infrastructure is every night: > >> ... > >> Which is quite annoying... > > > > If there?s a mechanism for removing these ?debug? updates for NX-OS, > that > > would be *awesome.* I opened a TAC case about this, it?s not > something I > > have any kind level of control over, whatsoever. > > Take a look at rancid/lib/rancid/ios.pm - it has code to blank the > file size & timestamp so that updates to the file(s) don't cause > rancid to think the config has changed. Look for > # filter frequently changing files (dhcp & vlan database) > # change from: > # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat > # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat > # to: > # -rw- vlan.dat > # -rw- vlan.dat > and adapt as needed > > Regards, > Lee > > > > > weylin > > > > On 1/19/17, 15:55, "Mischa Diehm" wrote: > > > > Hi, > > > > > > On 13.01.17, 19:37, "heasley" wrote: > > > > > > >It causes nevery-ending changes in the config as ports become > > >active/inactive, > > >eg: someone disconnects or powers-off equipment. and in the case > of > > VTP, > > >it > > >potentially is network wide. if you wanted to monitor such > things, > > its > > >probably best done in a NMS, where you'd catch all such changes. > > > > > >rancid 3.5 added for some modules: > > > > > ># FILTER_OSC determines if oscillating data such as keys, > passwords, > > etc > > >are > > ># filtered from configs by the value set (NO | YES). FILTER_PWDS > may > > >override > > ># this. see rancid.conf(5). > > >#FILTER_OSC=YES; export FILTER_OSC > > > > > >such a thing could be dependent upon this configuration, but > again I > > do > > >not > > >see the point. > > > > Thanks for the clarification. This really kind of depends on > where > > rancid > > is run. In a campus/client env. I see your point but we also have > more > > static parts where this is usesful information. There it actually > is > > also > > useful to see what ports actually have changed. But you are right > maybe > > no > > worth it overall. > > But thanks for pointing out the OSC part. What we see on most of > our > > Nexus > > infrastructure is every night: > > > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 > bootvar_debug.log > > - !Flash: debug: 6 Jan 18 05:38:00 2017 > > bootvar_debug.meta > > + !Flash: debug: 124872 Jan 19 05:38:05 2017 > bootvar_debug.log > > + !Flash: debug: 6 Jan 19 05:38:05 2017 > > bootvar_debug.meta > > > > > > And this: > > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 > accounting_log > > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 > accounting_log > > > > > > > > Which is quite annoying... > > > > >if you're not using VTP and its not including the vlan stuff, i > do want > > to > > >fix that. > > > > Well then you have to fix it for this as said: > > XXX-cc# show vtp status > > Service not enabled > > > > > > Cheers, > > Mischa > > > > > > > >> Yes. Which is yet another reason why it's so nice having the > source > > - > > >> it's easy to make trivial changes like that. Or adding > commands > > like > > >> 'show vlan all-ports' > > >> > > >> Regards, > > >> Lee > > >> > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > From harlei.jlima at gmail.com Tue Jan 24 13:47:54 2017 From: harlei.jlima at gmail.com (Harlei Lima) Date: Tue, 24 Jan 2017 11:47:54 -0200 Subject: [rancid] How to config the output of a command to record in a file. Message-ID: Dear colleagues. I'm starting with Rancid and I did my frist basic config, but I'm not can or I'm not understanding how to config the output of a command to record at file. For exemple a .clogin -c "show version" and record any file. [image: Imagem inline 2] [image: Imagem inline 1] Can Somebody helpe me? Atenciosamente: Harlei Julio de Lima Gerente de Infraestrutura TI | Seguran?a de Redes e Computadores | Analista TI S?nior | Pesquisa e Inova??o https://br.linkedin.com/in/hjlima -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 31252 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 33173 bytes Desc: not available URL: From heas at shrubbery.net Tue Jan 24 18:11:40 2017 From: heas at shrubbery.net (heasley) Date: Tue, 24 Jan 2017 18:11:40 +0000 Subject: [rancid] How to config the output of a command to record in a file. In-Reply-To: References: Message-ID: <20170124181140.GA4273@shrubbery.net> Tue, Jan 24, 2017 at 11:47:54AM -0200, Harlei Lima: > Dear colleagues. > > I'm starting with Rancid and I did my frist basic config, but I'm not can > or I'm not understanding how to config the output of a command to record > at file. For exemple a .clogin -c "show version" and record any file. > > Can Somebody helpe me? I am not sure that I understand what you are asking. show version is collected by rancid for all devices. add the device to a group's router.db and the stored file will have the useful parts of it. From ler762 at gmail.com Tue Jan 24 18:16:13 2017 From: ler762 at gmail.com (Lee) Date: Tue, 24 Jan 2017 13:16:13 -0500 Subject: [rancid] How to config the output of a command to record in a file. In-Reply-To: References: Message-ID: On 1/24/17, Harlei Lima wrote: > Dear colleagues. > > I'm starting with Rancid and I did my frist basic config, but I'm not can > or I'm not understanding how to config the output of a command to record > at file. For exemple a .clogin -c "show version" and record any file. If you want to save the output from 'clogin -c ...' here's a snippet from one of my scripts: ######### commands to run on every switch: # show interface trunk # to get all the trunk ports # but none of the ports that make up a port channel on IOS are listed, so have to do # "show etherchannel summary" to completely populate the interface list # # show etherchannel summary # to get the mapping of port-channels => physical ports on IOS switches # the output seems to ignore "term width" so port channels of 4 or more ports # are on separate lines # # show cdp neighbor # to find out what is on the other side of the link clogin -c "show interface trunk;show etherchannel summary;show cdp neighbor" $DEVLIST | tr -d "\r" |\ awk '/show interface trunk/ , /exit/' > $DATAFILE ### NOTE: the above removes trailing carriage returns as well as login banner, motd, etc. ### please try to do the same if you're creating the file yourself fi ################################################################### Regards, Lee From daniel.kerse at gmail.com Tue Jan 24 22:58:17 2017 From: daniel.kerse at gmail.com (Daniel Kerse) Date: Tue, 24 Jan 2017 22:58:17 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: <1ABB1186-7C2B-43DA-A0FD-B3181D9A959D@bu.edu> References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> <1ABB1186-7C2B-43DA-A0FD-B3181D9A959D@bu.edu> Message-ID: Can someone please look at iosxr.pm and see if a similar change is also required? We get a lot of unwanted diffs there for growing files. Here: !Flash: harddiska: 3093 -rw- 32 Thu Jul 28 15:47:35 2016 env_hist !Flash: harddiska: 3094 -rw- 2996 Tue Oct 11 23:18:49 2016 env_cont !Flash: harddiska: 3095 -rw- 32 Thu Jul 28 15:47:43 2016 genstr_hist -!Flash: harddiska: 3096 -rw- 977158 Mon Jan 23 16:01:55 2017 genstr_cont +!Flash: harddiska: 3096 -rw- 980538 Mon Jan 23 16:56:16 2017 genstr_cont !Flash: harddiska: 3097 -rw- 32 Thu Jul 28 15:47:39 2016 errmsg_hist !Flash: harddiska: 3098 -rw- 15531 Wed Oct 12 01:12:37 2016 errmsg_cont !Flash: harddiska: 3099 -rw- temp_static_data Here: !Flash: harddiska: 3176 -rw- 1892 Thu Oct 20 03:50:48 2016 temp_hist !Flash: harddiska: 3177 -rw- temp_cont !Flash: harddiska: 3178 -rw- 1124 Wed Sep 30 00:54:09 2015 volt_static_data -!Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist +!Flash: harddiska: 3179 -rw- 8260 Tue Jan 24 02:48:19 2017 volt_hist !Flash: harddiska: 3180 -rw- volt_cont !Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist !Flash: harddiska: 3182 -rw- 75802 Tue Jan 24 00:18:13 2017 errmsg_cont And here: !Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist !Flash: harddiska: 3180 -rw- volt_cont !Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist -!Flash: harddiska: 3182 -rw- 71876 Mon Jan 23 15:43:30 2017 errmsg_cont +!Flash: harddiska: 3182 -rw- 73084 Mon Jan 23 16:59:46 2017 errmsg_cont !Flash: harddiska: 3183 -rw- 24 Tue Jun 4 08:13:53 2013 diag_hist !Flash: harddiska: 3184 -rw- 24 Tue Jun 4 08:13:55 2013 diag_cont In iosxr.pm sub DirSlotN I see: # filter frequently changing files from IOX bootflash, hardiska, # and nvram if ($dev =~ /(bootflash|harddisk|nvram)/) { if (/(ce_switch.log|temp_cont|temp_static_data|uptime_cont|volt_cont)\s*$/) { # change # 57 -rw- 23100 volt_cont # 614788 drwx 4096 Fri Aug 20 12:06:25 2010 temp_cont # to # 57 -rw- volt_cont # 614788 drwx temp_cont So perhaps that second if statement needs to catch a few other filenames please. We are running rancid-3.2-2 from here: http://pkgs.fedoraproject.org/cgit/rpms/rancid.git/?h=epel7 Thanks, Dan On Tue, Jan 24, 2017 at 10:07 AM Piegorsch, Weylin William wrote: > Thanks Lee. I haven?t looked yet, and probably won?t until February at > the earliest. I can copy/paste that code, replacing ?log? for ?debug? on > the pasted portion. I?ll try it out and see how it works. If that works, > is that something that can be forward ported into new versions of code? > I?m a network engineer, my group doesn?t have software development as a > core competency, but I?m willing to do this if there?s ?vendor? support (to > use the generic term my boss uses) in future versions. > weylin > > On 1/22/17, 18:09, "Lee" wrote: > > On 1/21/17, Piegorsch, Weylin William wrote: > > Thanks Lee. Is ios.pm called for NX-OS devices (?cisco-nx?)? I > tried > > looking through nxos.pm but didn?t see anything equivalent. I?m > using > > v3.4.1 if it makes a difference. > > It looks like 3.4.1 already has code to blank out the file size & > timestamp. Starting at line 509 of rancid-3.4.1/lib/rancid/nxos.pm > > # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" > sub DirSlotN { > > down a bit further it's got: > next if (/BufferMonitor-1HourData/); > if (/ log\/$/) { > # change > # 8192 Jan 08 14:05:05 2015 log/ > # to > # log/ > if (/(\s*\d+\s+)(\S+ \d+\s+\d+:\d+:\d+ \d+)(.*)/) { > my($a, $dt, $rem) = ($1, $2, $3); > my($dtl) = length($dt); > my($fmt) = "%s%-". $dtl ."s%s\n"; > $_ = sprintf($fmt, $a, "", $rem); > } > } > > Regards, > Lee > > > > weylin > > > > On 1/21/17, 13:33, "Lee" wrote: > > > > On 1/20/17, Piegorsch, Weylin William wrote: > > >> What we see on most of our Nexus infrastructure is every > night: > > >> ... > > >> Which is quite annoying... > > > > > > If there?s a mechanism for removing these ?debug? updates for > NX-OS, > > that > > > would be *awesome.* I opened a TAC case about this, it?s not > > something I > > > have any kind level of control over, whatsoever. > > > > Take a look at rancid/lib/rancid/ios.pm - it has code to blank > the > > file size & timestamp so that updates to the file(s) don't cause > > rancid to think the config has changed. Look for > > # filter frequently changing files (dhcp & vlan database) > > # change from: > > # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat > > # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat > > # to: > > # -rw- vlan.dat > > # -rw- vlan.dat > > and adapt as needed > > > > Regards, > > Lee > > > > > > > > weylin > > > > > > On 1/19/17, 15:55, "Mischa Diehm" > wrote: > > > > > > Hi, > > > > > > > > > On 13.01.17, 19:37, "heasley" wrote: > > > > > > > > > >It causes nevery-ending changes in the config as ports > become > > > >active/inactive, > > > >eg: someone disconnects or powers-off equipment. and in > the case > > of > > > VTP, > > > >it > > > >potentially is network wide. if you wanted to monitor > such > > things, > > > its > > > >probably best done in a NMS, where you'd catch all such > changes. > > > > > > > >rancid 3.5 added for some modules: > > > > > > > ># FILTER_OSC determines if oscillating data such as keys, > > passwords, > > > etc > > > >are > > > ># filtered from configs by the value set (NO | YES). > FILTER_PWDS > > may > > > >override > > > ># this. see rancid.conf(5). > > > >#FILTER_OSC=YES; export FILTER_OSC > > > > > > > >such a thing could be dependent upon this configuration, > but > > again I > > > do > > > >not > > > >see the point. > > > > > > Thanks for the clarification. This really kind of depends > on > > where > > > rancid > > > is run. In a campus/client env. I see your point but we > also have > > more > > > static parts where this is usesful information. There it > actually > > is > > > also > > > useful to see what ports actually have changed. But you > are right > > maybe > > > no > > > worth it overall. > > > But thanks for pointing out the OSC part. What we see on > most of > > our > > > Nexus > > > infrastructure is every night: > > > > > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 > > bootvar_debug.log > > > - !Flash: debug: 6 Jan 18 05:38:00 2017 > > > bootvar_debug.meta > > > + !Flash: debug: 124872 Jan 19 05:38:05 2017 > > bootvar_debug.log > > > + !Flash: debug: 6 Jan 19 05:38:05 2017 > > > bootvar_debug.meta > > > > > > > > > And this: > > > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 > > accounting_log > > > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 > > accounting_log > > > > > > > > > > > > Which is quite annoying... > > > > > > >if you're not using VTP and its not including the vlan > stuff, i > > do want > > > to > > > >fix that. > > > > > > Well then you have to fix it for this as said: > > > XXX-cc# show vtp status > > > Service not enabled > > > > > > > > > Cheers, > > > Mischa > > > > > > > > > > >> Yes. Which is yet another reason why it's so nice > having the > > source > > > - > > > >> it's easy to make trivial changes like that. Or adding > > commands > > > like > > > >> 'show vlan all-ports' > > > >> > > > >> Regards, > > > >> Lee > > > >> > > > >> _______________________________________________ > > > >> Rancid-discuss mailing list > > > >> Rancid-discuss at shrubbery.net > > > >> > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > > > > > > > > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Wed Jan 25 01:33:27 2017 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Tue, 24 Jan 2017 18:33:27 -0700 Subject: [rancid] sendmail Message-ID: $ grep SENDMAIL etc/rancid.conf SENDMAIL="/usr/sbin/sendmail" $ grep SENDMAIL /var/lib/rancid/bin/control_rancid # SENDMAIL location SENDMAIL=${SENDMAIL:=/usr/sbin/sendmail}; Correct me if I'm wrong, but I shouldn't have had to make that change to control_rancid for it to work right. Shouldn't control_rancid use the /etc/rancid.conf variable? What am I missing? -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Wed Jan 25 03:47:25 2017 From: heas at shrubbery.net (heasley) Date: Wed, 25 Jan 2017 03:47:25 +0000 Subject: [rancid] sendmail In-Reply-To: References: Message-ID: <20170125034725.GA18199@shrubbery.net> Tue, Jan 24, 2017 at 06:33:27PM -0700, Daniel Schmidt: > $ grep SENDMAIL etc/rancid.conf > SENDMAIL="/usr/sbin/sendmail" > $ grep SENDMAIL /var/lib/rancid/bin/control_rancid > # SENDMAIL location > SENDMAIL=${SENDMAIL:=/usr/sbin/sendmail}; > > Correct me if I'm wrong, but I shouldn't have had to make that change to > control_rancid for it to work right. Shouldn't control_rancid use the > /etc/rancid.conf variable? What am I missing? if its not set in rancid.conf, it sets a default. From heas at shrubbery.net Wed Jan 25 17:10:18 2017 From: heas at shrubbery.net (heasley) Date: Wed, 25 Jan 2017 17:10:18 +0000 Subject: [rancid] sendmail In-Reply-To: References: <20170125034725.GA18199@shrubbery.net> Message-ID: <20170125171017.GC23961@shrubbery.net> Wed, Jan 25, 2017 at 09:52:56AM -0700, Daniel Schmidt: > Thanks, that is what I thought. That said, I did have it set. I'm baffled > as to why it didn't work till I made the control_rancid change. I call > rancid-run as sudo -i -u rancid, but I don't believe that should make a > difference. Strange. it should not; control_rancid should explicitly read rancid.conf prior to that line. Is there a typo in your rancid.conf perhaps? > On Tue, Jan 24, 2017 at 8:47 PM, heasley wrote: > > > Tue, Jan 24, 2017 at 06:33:27PM -0700, Daniel Schmidt: > > > $ grep SENDMAIL etc/rancid.conf > > > SENDMAIL="/usr/sbin/sendmail" > > > $ grep SENDMAIL /var/lib/rancid/bin/control_rancid > > > # SENDMAIL location > > > SENDMAIL=${SENDMAIL:=/usr/sbin/sendmail}; > > > > > > Correct me if I'm wrong, but I shouldn't have had to make that change to > > > control_rancid for it to work right. Shouldn't control_rancid use the > > > /etc/rancid.conf variable? What am I missing? > > > > if its not set in rancid.conf, it sets a default. > > > > -- > > E-Mail to and from me, in connection with the transaction > of public business, is subject to the Wyoming Public Records > Act and may be disclosed to third parties. From daniel.schmidt at wyo.gov Wed Jan 25 16:52:56 2017 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Wed, 25 Jan 2017 09:52:56 -0700 Subject: [rancid] sendmail In-Reply-To: <20170125034725.GA18199@shrubbery.net> References: <20170125034725.GA18199@shrubbery.net> Message-ID: Thanks, that is what I thought. That said, I did have it set. I'm baffled as to why it didn't work till I made the control_rancid change. I call rancid-run as sudo -i -u rancid, but I don't believe that should make a difference. Strange. On Tue, Jan 24, 2017 at 8:47 PM, heasley wrote: > Tue, Jan 24, 2017 at 06:33:27PM -0700, Daniel Schmidt: > > $ grep SENDMAIL etc/rancid.conf > > SENDMAIL="/usr/sbin/sendmail" > > $ grep SENDMAIL /var/lib/rancid/bin/control_rancid > > # SENDMAIL location > > SENDMAIL=${SENDMAIL:=/usr/sbin/sendmail}; > > > > Correct me if I'm wrong, but I shouldn't have had to make that change to > > control_rancid for it to work right. Shouldn't control_rancid use the > > /etc/rancid.conf variable? What am I missing? > > if its not set in rancid.conf, it sets a default. > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From daniel.schmidt at wyo.gov Wed Jan 25 19:01:25 2017 From: daniel.schmidt at wyo.gov (Daniel Schmidt) Date: Wed, 25 Jan 2017 12:01:25 -0700 Subject: [rancid] sendmail In-Reply-To: <20170125171017.GC23961@shrubbery.net> References: <20170125034725.GA18199@shrubbery.net> <20170125171017.GC23961@shrubbery.net> Message-ID: I did a grep: $ grep SENDMAIL etc/rancid.conf SENDMAIL="/usr/sbin/sendmail" Looks right to me. Don't get any other errors. Strange! On Wed, Jan 25, 2017 at 10:10 AM, heasley wrote: > Wed, Jan 25, 2017 at 09:52:56AM -0700, Daniel Schmidt: > > Thanks, that is what I thought. That said, I did have it set. I'm > baffled > > as to why it didn't work till I made the control_rancid change. I call > > rancid-run as sudo -i -u rancid, but I don't believe that should make a > > difference. Strange. > > it should not; control_rancid should explicitly read rancid.conf prior to > that line. Is there a typo in your rancid.conf perhaps? > > > On Tue, Jan 24, 2017 at 8:47 PM, heasley wrote: > > > > > Tue, Jan 24, 2017 at 06:33:27PM -0700, Daniel Schmidt: > > > > $ grep SENDMAIL etc/rancid.conf > > > > SENDMAIL="/usr/sbin/sendmail" > > > > $ grep SENDMAIL /var/lib/rancid/bin/control_rancid > > > > # SENDMAIL location > > > > SENDMAIL=${SENDMAIL:=/usr/sbin/sendmail}; > > > > > > > > Correct me if I'm wrong, but I shouldn't have had to make that > change to > > > > control_rancid for it to work right. Shouldn't control_rancid use > the > > > > /etc/rancid.conf variable? What am I missing? > > > > > > if its not set in rancid.conf, it sets a default. > > > > > > > -- > > > > E-Mail to and from me, in connection with the transaction > > of public business, is subject to the Wyoming Public Records > > Act and may be disclosed to third parties. > -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. -------------- next part -------------- An HTML attachment was scrubbed... URL: From merijn at trans-ix.nl Thu Jan 26 08:42:35 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Thu, 26 Jan 2017 08:42:35 +0000 Subject: [rancid] Newline issue Message-ID: Hello, The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: - set two-factor-ftm-expiry 72 + set two-fact + or-ftm-expiry 72 Or - set virtual-server-hardware-acceleration enable + set vi + rtual-server-hardware-acceleration enable I also see this sometimes on other devices, Cisco, Vyos etc. It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. On Vyos it looks like: - # chassis_asset_tag: show hardware pci - # 3091-1101-9766-6577-4039-0090-06 + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 Related one hour earlier: - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 + # chassis_asset_tag: show hardware pci # + 3091-1101-9766-6577-4039-0090-06 And here the command itself is shown. Kind regards, Merijn Evertse -------------- next part -------------- An HTML attachment was scrubbed... URL: From weylin at bu.edu Wed Jan 25 13:53:17 2017 From: weylin at bu.edu (Piegorsch, Weylin William) Date: Wed, 25 Jan 2017 13:53:17 +0000 Subject: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? In-Reply-To: References: <20170113183754.GH40198@shrubbery.net> <0D8EA138-AD4C-47D1-A01B-28C8E6072FF5@bu.edu> <1ABB1186-7C2B-43DA-A0FD-B3181D9A959D@bu.edu> Message-ID: <9E4F01BD-4214-4DEB-A37A-5654BC065B3C@bu.edu> Is there a mechanism to blank-out a site-specific file?s size and timestamp, built-in to the config files to obviate needing to locally modify the codebase? Perhaps by defining a regex in router.db, or in .cloginrc, or in rancid.types.conf, or some other config file? I?m not sure if this capability exists already, I?m hearing several people request this capability (I have to believe there?s a sizeable number of others, too). I had the same exact problem in an earlier version of rancid, when I turned on IP Source Guard and IP Device Tracking, the IPSG and IPDT binding databases would change daily and I had to blank-out the same info from a specific file on ?flash0:?. Weylin From: Daniel Kerse Date: Tuesday, January 24, 2017 at 17:58 To: Weylin Piegorsch , Lee , "rancid-discuss at shrubbery.net" Subject: Re: [rancid] Reasoning behind not running a "show vlan" if specific VTP options are set? Can someone please look at iosxr.pm and see if a similar change is also required? We get a lot of unwanted diffs there for growing files. Here: !Flash: harddiska: 3093 -rw- 32 Thu Jul 28 15:47:35 2016 env_hist !Flash: harddiska: 3094 -rw- 2996 Tue Oct 11 23:18:49 2016 env_cont !Flash: harddiska: 3095 -rw- 32 Thu Jul 28 15:47:43 2016 genstr_hist -!Flash: harddiska: 3096 -rw- 977158 Mon Jan 23 16:01:55 2017 genstr_cont +!Flash: harddiska: 3096 -rw- 980538 Mon Jan 23 16:56:16 2017 genstr_cont !Flash: harddiska: 3097 -rw- 32 Thu Jul 28 15:47:39 2016 errmsg_hist !Flash: harddiska: 3098 -rw- 15531 Wed Oct 12 01:12:37 2016 errmsg_cont !Flash: harddiska: 3099 -rw- temp_static_data Here: !Flash: harddiska: 3176 -rw- 1892 Thu Oct 20 03:50:48 2016 temp_hist !Flash: harddiska: 3177 -rw- temp_cont !Flash: harddiska: 3178 -rw- 1124 Wed Sep 30 00:54:09 2015 volt_static_data -!Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist +!Flash: harddiska: 3179 -rw- 8260 Tue Jan 24 02:48:19 2017 volt_hist !Flash: harddiska: 3180 -rw- volt_cont !Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist !Flash: harddiska: 3182 -rw- 75802 Tue Jan 24 00:18:13 2017 errmsg_cont And here: !Flash: harddiska: 3179 -rw- 7800 Mon Nov 14 03:39:04 2016 volt_hist !Flash: harddiska: 3180 -rw- volt_cont !Flash: harddiska: 3181 -rw- 514 Sun Jan 15 22:25:01 2017 errmsg_hist -!Flash: harddiska: 3182 -rw- 71876 Mon Jan 23 15:43:30 2017 errmsg_cont +!Flash: harddiska: 3182 -rw- 73084 Mon Jan 23 16:59:46 2017 errmsg_cont !Flash: harddiska: 3183 -rw- 24 Tue Jun 4 08:13:53 2013 diag_hist !Flash: harddiska: 3184 -rw- 24 Tue Jun 4 08:13:55 2013 diag_cont In iosxr.pm sub DirSlotN I see: # filter frequently changing files from IOX bootflash, hardiska, # and nvram if ($dev =~ /(bootflash|harddisk|nvram)/) { if (/(ce_switch.log|temp_cont|temp_static_data|uptime_cont|volt_cont)\s*$/) { # change # 57 -rw- 23100 volt_cont # 614788 drwx 4096 Fri Aug 20 12:06:25 2010 temp_cont # to # 57 -rw- volt_cont # 614788 drwx temp_cont So perhaps that second if statement needs to catch a few other filenames please. We are running rancid-3.2-2 from here: http://pkgs.fedoraproject.org/cgit/rpms/rancid.git/?h=epel7 Thanks, Dan On Tue, Jan 24, 2017 at 10:07 AM Piegorsch, Weylin William > wrote: Thanks Lee. I haven?t looked yet, and probably won?t until February at the earliest. I can copy/paste that code, replacing ?log? for ?debug? on the pasted portion. I?ll try it out and see how it works. If that works, is that something that can be forward ported into new versions of code? I?m a network engineer, my group doesn?t have software development as a core competency, but I?m willing to do this if there?s ?vendor? support (to use the generic term my boss uses) in future versions. weylin On 1/22/17, 18:09, "Lee" > wrote: On 1/21/17, Piegorsch, Weylin William > wrote: > Thanks Lee. Is ios.pm called for NX-OS devices (?cisco-nx?)? I tried > looking through nxos.pm but didn?t see anything equivalent. I?m using > v3.4.1 if it makes a difference. It looks like 3.4.1 already has code to blank out the file size & timestamp. Starting at line 509 of rancid-3.4.1/lib/rancid/nxos.pm # This routine parses "dir /all ((disk|slot)N|bootflash|nvram):" sub DirSlotN { down a bit further it's got: next if (/BufferMonitor-1HourData/); if (/ log\/$/) { # change # 8192 Jan 08 14:05:05 2015 log/ # to # log/ if (/(\s*\d+\s+)(\S+ \d+\s+\d+:\d+:\d+ \d+)(.*)/) { my($a, $dt, $rem) = ($1, $2, $3); my($dtl) = length($dt); my($fmt) = "%s%-". $dtl ."s%s\n"; $_ = sprintf($fmt, $a, "", $rem); } } Regards, Lee > weylin > > On 1/21/17, 13:33, "Lee" > wrote: > > On 1/20/17, Piegorsch, Weylin William > wrote: > >> What we see on most of our Nexus infrastructure is every night: > >> ... > >> Which is quite annoying... > > > > If there?s a mechanism for removing these ?debug? updates for NX-OS, > that > > would be *awesome.* I opened a TAC case about this, it?s not > something I > > have any kind level of control over, whatsoever. > > Take a look at rancid/lib/rancid/ios.pm - it has code to blank the > file size & timestamp so that updates to the file(s) don't cause > rancid to think the config has changed. Look for > # filter frequently changing files (dhcp & vlan database) > # change from: > # 9 -rw- 660 Jan 15 2011 20:43:54 vlan.dat > # 9 -rw- 660 Jan 15 2011 20:43:54 +00:00 vlan.dat > # to: > # -rw- vlan.dat > # -rw- vlan.dat > and adapt as needed > > Regards, > Lee > > > > > weylin > > > > On 1/19/17, 15:55, "Mischa Diehm" > wrote: > > > > Hi, > > > > > > On 13.01.17, 19:37, "heasley" > wrote: > > > > > > >It causes nevery-ending changes in the config as ports become > > >active/inactive, > > >eg: someone disconnects or powers-off equipment. and in the case > of > > VTP, > > >it > > >potentially is network wide. if you wanted to monitor such > things, > > its > > >probably best done in a NMS, where you'd catch all such changes. > > > > > >rancid 3.5 added for some modules: > > > > > ># FILTER_OSC determines if oscillating data such as keys, > passwords, > > etc > > >are > > ># filtered from configs by the value set (NO | YES). FILTER_PWDS > may > > >override > > ># this. see rancid.conf(5). > > >#FILTER_OSC=YES; export FILTER_OSC > > > > > >such a thing could be dependent upon this configuration, but > again I > > do > > >not > > >see the point. > > > > Thanks for the clarification. This really kind of depends on > where > > rancid > > is run. In a campus/client env. I see your point but we also have > more > > static parts where this is usesful information. There it actually > is > > also > > useful to see what ports actually have changed. But you are right > maybe > > no > > worth it overall. > > But thanks for pointing out the OSC part. What we see on most of > our > > Nexus > > infrastructure is every night: > > > > - !Flash: debug: 124053 Jan 18 05:38:00 2017 > bootvar_debug.log > > - !Flash: debug: 6 Jan 18 05:38:00 2017 > > bootvar_debug.meta > > + !Flash: debug: 124872 Jan 19 05:38:05 2017 > bootvar_debug.log > > + !Flash: debug: 6 Jan 19 05:38:05 2017 > > bootvar_debug.meta > > > > > > And this: > > - !Flash: logflash: 87092 Jan 17 05:43:42 2017 > accounting_log > > + !Flash: logflash: 136367 Jan 18 05:43:35 2017 > accounting_log > > > > > > > > Which is quite annoying... > > > > >if you're not using VTP and its not including the vlan stuff, i > do want > > to > > >fix that. > > > > Well then you have to fix it for this as said: > > XXX-cc# show vtp status > > Service not enabled > > > > > > Cheers, > > Mischa > > > > > > > >> Yes. Which is yet another reason why it's so nice having the > source > > - > > >> it's easy to make trivial changes like that. Or adding > commands > > like > > >> 'show vlan all-ports' > > >> > > >> Regards, > > >> Lee > > >> > > >> _______________________________________________ > > >> Rancid-discuss mailing list > > >> Rancid-discuss at shrubbery.net > > >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > > > > _______________________________________________ Rancid-discuss mailing list Rancid-discuss at shrubbery.net http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Thu Jan 26 15:23:37 2017 From: heas at shrubbery.net (heasley) Date: Thu, 26 Jan 2017 15:23:37 +0000 Subject: [rancid] Newline issue In-Reply-To: References: Message-ID: <20170126152337.GB97542@shrubbery.net> Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > Hello, > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > - set two-factor-ftm-expiry 72 > > + set two-fact > > + or-ftm-expiry 72 > > Or > > - set virtual-server-hardware-acceleration enable > > + set vi > > + rtual-server-hardware-acceleration enable This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > I also see this sometimes on other devices, Cisco, Vyos etc. > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > On Vyos it looks like: > > - # chassis_asset_tag: show hardware pci > > - # 3091-1101-9766-6577-4039-0090-06 > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > Related one hour earlier: > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > + # chassis_asset_tag: show hardware pci # > > + 3091-1101-9766-6577-4039-0090-06 > > And here the command itself is shown. > > Kind regards, > > Merijn Evertse > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From harlei.jlima at gmail.com Fri Jan 27 13:30:00 2017 From: harlei.jlima at gmail.com (Harlei Lima) Date: Fri, 27 Jan 2017 11:30:00 -0200 Subject: [rancid] Rancid use Message-ID: Dear. I would like to know if I can use rancid to backup a linux server, apache server among others for example, or if it does not apply to those cases, or just for specific devices? Atenciosamente: Harlei Julio de Lima Gerente de Infraestrutura TI | Seguran?a de Redes e Computadores | Analista TI S?nior | Pesquisa e Inova??o https://br.linkedin.com/in/hjlima -------------- next part -------------- An HTML attachment was scrubbed... URL: From djones at ena.com Fri Jan 27 14:16:10 2017 From: djones at ena.com (David Jones) Date: Fri, 27 Jan 2017 14:16:10 +0000 Subject: [rancid] Rancid use In-Reply-To: References: Message-ID: >From: Harlei Lima >Sent: Friday, January 27, 2017 7:30 AM >To: rancid-discuss at shrubbery.net; Lee; heasley >Subject: [rancid] Rancid use ? >I would like to know if I can use rancid to backup a linux >server, apache server among others for example, or if it >does not apply to those cases, or just for specific devices? No. There are many options for backing up a Linux server. BackupPC is a very simple and easy backup server that supports rsync and CIFS shares for clients. Dedupication support, no special agent required, and very easy restore process. From heas at shrubbery.net Fri Jan 27 15:37:04 2017 From: heas at shrubbery.net (heasley) Date: Fri, 27 Jan 2017 15:37:04 +0000 Subject: [rancid] Rancid use In-Reply-To: References: Message-ID: <20170127153704.GB10261@shrubbery.net> Fri, Jan 27, 2017 at 02:16:10PM +0000, David Jones: > >From: Harlei Lima > >Sent: Friday, January 27, 2017 7:30 AM > >To: rancid-discuss at shrubbery.net; Lee; heasley > >Subject: [rancid] Rancid use > ? > >I would like to know if I can use rancid to backup a linux > >server, apache server among others for example, or if it > >does not apply to those cases, or just for specific devices? > > No. There are many options for backing up a Linux server. > BackupPC is a very simple and easy backup server that > supports rsync and CIFS shares for clients. Dedupication > support, no special agent required, and very easy restore > process. indeed. doesnt linux, like bsd, come with daily/weekly/monthly scripts that provide diffs of /etc/group, etc and make local backups of those important files? or perhaps adapt one from bsd. also see bacula. and linux now has zfs, no more putrid fsys's for you; zfs has some very handy backup tools - highly recommended, if not just for the non-putridness. From merijn at trans-ix.nl Mon Jan 30 14:47:40 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 30 Jan 2017 14:47:40 +0000 Subject: [rancid] Newline issue In-Reply-To: <20170126152337.GB97542@shrubbery.net> References: <20170126152337.GB97542@shrubbery.net> Message-ID: Hello, Thank you for the response. I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. Also the issue is not exactly every hour, some runs go without problems and some have this issue. Merijn Evertse -----Oorspronkelijk bericht----- Van: heasley [mailto:heas at shrubbery.net] Verzonden: donderdag 26 januari 2017 16:24 Aan: Merijn Evertse CC: rancid-discuss at shrubbery.net Onderwerp: Re: [rancid] Newline issue Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > Hello, > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > - set two-factor-ftm-expiry 72 > > + set two-fact > > + or-ftm-expiry 72 > > Or > > - set virtual-server-hardware-acceleration enable > > + set vi > > + rtual-server-hardware-acceleration enable This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > I also see this sometimes on other devices, Cisco, Vyos etc. > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > On Vyos it looks like: > > - # chassis_asset_tag: show hardware pci > > - # 3091-1101-9766-6577-4039-0090-06 > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > Related one hour earlier: > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > + # chassis_asset_tag: show hardware pci # > > + 3091-1101-9766-6577-4039-0090-06 > > And here the command itself is shown. > > Kind regards, > > Merijn Evertse > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From ldarboe at wavebroadband.com Mon Jan 30 16:10:19 2017 From: ldarboe at wavebroadband.com (Lamin Darboe) Date: Mon, 30 Jan 2017 16:10:19 +0000 Subject: [rancid] Rancid use In-Reply-To: References: Message-ID: Can you make the software and license available so that we can have it installed? From: Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] On Behalf Of Harlei Lima Sent: Friday, January 27, 2017 5:30 AM To: rancid-discuss at shrubbery.net; Lee ; heasley Subject: [rancid] Rancid use Dear. I would like to know if I can use rancid to backup a linux server, apache server among others for example, or if it does not apply to those cases, or just for specific devices? Atenciosamente: Harlei Julio de Lima Gerente de Infraestrutura TI | Seguran?a de Redes e Computadores | Analista TI S?nior | Pesquisa e Inova??o https://br.linkedin.com/in/hjlima -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Mon Jan 30 19:39:07 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Jan 2017 19:39:07 +0000 Subject: [rancid] Newline issue In-Reply-To: References: <20170126152337.GB97542@shrubbery.net> Message-ID: <20170130193907.GB73060@shrubbery.net> Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > Hello, > > Thank you for the response. > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > Merijn Evertse Can you show us an example from a cisco that is doing this? > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: donderdag 26 januari 2017 16:24 > Aan: Merijn Evertse > CC: rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > Hello, > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > - set two-factor-ftm-expiry 72 > > > > + set two-fact > > > > + or-ftm-expiry 72 > > > > Or > > > > - set virtual-server-hardware-acceleration enable > > > > + set vi > > > > + rtual-server-hardware-acceleration enable > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > On Vyos it looks like: > > > > - # chassis_asset_tag: show hardware pci > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > Related one hour earlier: > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > + # chassis_asset_tag: show hardware pci # > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > And here the command itself is shown. > > > > Kind regards, > > > > Merijn Evertse > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From merijn at trans-ix.nl Mon Jan 30 20:04:24 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 30 Jan 2017 20:04:24 +0000 Subject: [rancid] Newline issue In-Reply-To: <20170130193907.GB73060@shrubbery.net> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> Message-ID: <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> Hello, Sorry it seems this has not happened for quite some time, so you can disregard the mentioning of Cisco :-) Merijn Evertse -----Oorspronkelijk bericht----- Van: heasley [mailto:heas at shrubbery.net] Verzonden: maandag 30 januari 2017 20:39 Aan: Merijn Evertse CC: heasley ; rancid-discuss at shrubbery.net Onderwerp: Re: [rancid] Newline issue Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > Hello, > > Thank you for the response. > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > Merijn Evertse Can you show us an example from a cisco that is doing this? > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: donderdag 26 januari 2017 16:24 > Aan: Merijn Evertse > CC: rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > Hello, > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > - set two-factor-ftm-expiry 72 > > > > + set two-fact > > > > + or-ftm-expiry 72 > > > > Or > > > > - set virtual-server-hardware-acceleration enable > > > > + set vi > > > > + rtual-server-hardware-acceleration enable > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > On Vyos it looks like: > > > > - # chassis_asset_tag: show hardware pci > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > Related one hour earlier: > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > + # chassis_asset_tag: show hardware pci # > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > And here the command itself is shown. > > > > Kind regards, > > > > Merijn Evertse > > > _______________________________________________ > > Rancid-discuss mailing list > > Rancid-discuss at shrubbery.net > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From alan.mckinnon at gmail.com Mon Jan 30 20:04:56 2017 From: alan.mckinnon at gmail.com (Alan McKinnon) Date: Mon, 30 Jan 2017 22:04:56 +0200 Subject: [rancid] Rancid use In-Reply-To: References: Message-ID: <428b4743-9896-1a0b-6c76-a1e7ca9f8caa@gmail.com> On 30/01/2017 18:10, Lamin Darboe wrote: > Can you make the software and license available so that we can have it > installed? It's already available in many places, you only have to download it. Google knows where all the download sites are. Alan -- Alan McKinnon alan.mckinnon at gmail.com From heas at shrubbery.net Mon Jan 30 20:28:13 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Jan 2017 20:28:13 +0000 Subject: [rancid] Newline issue In-Reply-To: <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> Message-ID: <20170130202813.GE73060@shrubbery.net> Mon, Jan 30, 2017 at 08:04:24PM +0000, Merijn Evertse: > Hello, > > Sorry it seems this has not happened for quite some time, so you can disregard the mentioning of Cisco :-) ok; then as the rancid user, please repeatedly run export NOPIPE=YES fnrancid -dl hostname until you see the problem in the hostname.new file. Then provide the hostname.raw file to me as an attachment. Hopefully I can identify the cause from that. > Merijn Evertse > > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: maandag 30 januari 2017 20:39 > Aan: Merijn Evertse > CC: heasley ; rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > > Hello, > > > > Thank you for the response. > > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > > > Merijn Evertse > > Can you show us an example from a cisco that is doing this? > > > -----Oorspronkelijk bericht----- > > Van: heasley [mailto:heas at shrubbery.net] > > Verzonden: donderdag 26 januari 2017 16:24 > > Aan: Merijn Evertse > > CC: rancid-discuss at shrubbery.net > > Onderwerp: Re: [rancid] Newline issue > > > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > > Hello, > > > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > > > - set two-factor-ftm-expiry 72 > > > > > > + set two-fact > > > > > > + or-ftm-expiry 72 > > > > > > Or > > > > > > - set virtual-server-hardware-acceleration enable > > > > > > + set vi > > > > > > + rtual-server-hardware-acceleration enable > > > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > > > On Vyos it looks like: > > > > > > - # chassis_asset_tag: show hardware pci > > > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > Related one hour earlier: > > > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > + # chassis_asset_tag: show hardware pci # > > > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > > > And here the command itself is shown. > > > > > > Kind regards, > > > > > > Merijn Evertse > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From merijn at trans-ix.nl Mon Jan 30 20:51:53 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 30 Jan 2017 20:51:53 +0000 Subject: [rancid] Newline issue In-Reply-To: <20170130202813.GE73060@shrubbery.net> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> <20170130202813.GE73060@shrubbery.net> Message-ID: <914e0de68ff14e10b6870bc00d76653a@exch02.cloudhosted.local> Hello, I have run it 20 times on 2 different Fortigate units and it never happens. I have run the normal rancid-run 1 time and it happened on 2 units. Always the same lines, around line 138 or 140 on every Fortigate device. Merijn Evertse -----Oorspronkelijk bericht----- Van: heasley [mailto:heas at shrubbery.net] Verzonden: maandag 30 januari 2017 21:28 Aan: Merijn Evertse CC: heasley ; rancid-discuss at shrubbery.net Onderwerp: Re: [rancid] Newline issue Mon, Jan 30, 2017 at 08:04:24PM +0000, Merijn Evertse: > Hello, > > Sorry it seems this has not happened for quite some time, so you can > disregard the mentioning of Cisco :-) ok; then as the rancid user, please repeatedly run export NOPIPE=YES fnrancid -dl hostname until you see the problem in the hostname.new file. Then provide the hostname.raw file to me as an attachment. Hopefully I can identify the cause from that. > Merijn Evertse > > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: maandag 30 januari 2017 20:39 > Aan: Merijn Evertse > CC: heasley ; rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > > Hello, > > > > Thank you for the response. > > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > > > Merijn Evertse > > Can you show us an example from a cisco that is doing this? > > > -----Oorspronkelijk bericht----- > > Van: heasley [mailto:heas at shrubbery.net] > > Verzonden: donderdag 26 januari 2017 16:24 > > Aan: Merijn Evertse > > CC: rancid-discuss at shrubbery.net > > Onderwerp: Re: [rancid] Newline issue > > > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > > Hello, > > > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > > > - set two-factor-ftm-expiry 72 > > > > > > + set two-fact > > > > > > + or-ftm-expiry 72 > > > > > > Or > > > > > > - set virtual-server-hardware-acceleration enable > > > > > > + set vi > > > > > > + rtual-server-hardware-acceleration enable > > > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > > > On Vyos it looks like: > > > > > > - # chassis_asset_tag: show hardware pci > > > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > Related one hour earlier: > > > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > + # chassis_asset_tag: show hardware pci # > > > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > > > And here the command itself is shown. > > > > > > Kind regards, > > > > > > Merijn Evertse > > > > > _______________________________________________ > > > Rancid-discuss mailing list > > > Rancid-discuss at shrubbery.net > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Jan 30 21:22:27 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Jan 2017 21:22:27 +0000 Subject: [rancid] Newline issue In-Reply-To: <914e0de68ff14e10b6870bc00d76653a@exch02.cloudhosted.local> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> <20170130202813.GE73060@shrubbery.net> <914e0de68ff14e10b6870bc00d76653a@exch02.cloudhosted.local> Message-ID: <20170130212227.GH73060@shrubbery.net> Mon, Jan 30, 2017 at 08:51:53PM +0000, Merijn Evertse: > Hello, > > I have run it 20 times on 2 different Fortigate units and it never happens. > I have run the normal rancid-run 1 time and it happened on 2 units. > Always the same lines, around line 138 or 140 on every Fortigate device. > > Merijn Evertse hrm, lack of a tty - probably. Are you absolutely positive that the pager is being disabled? if so, I suppose this process has to be repeated for the cron & rancid-run process. set NOPIPE=YES in rancid.conf and change rancid.types.base: -fortigate;script;fnrancid +fortigate;script;fnrancid -d and run rancid-run or let cron run. I expect this to leave the .raw file behind as below. > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: maandag 30 januari 2017 21:28 > Aan: Merijn Evertse > CC: heasley ; rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Mon, Jan 30, 2017 at 08:04:24PM +0000, Merijn Evertse: > > Hello, > > > > Sorry it seems this has not happened for quite some time, so you can > > disregard the mentioning of Cisco :-) > > ok; then as the rancid user, please repeatedly run > > export NOPIPE=YES > fnrancid -dl hostname > > until you see the problem in the hostname.new file. Then provide the hostname.raw file to me as an attachment. Hopefully I can identify the cause from that. > > > Merijn Evertse > > > > -----Oorspronkelijk bericht----- > > Van: heasley [mailto:heas at shrubbery.net] > > Verzonden: maandag 30 januari 2017 20:39 > > Aan: Merijn Evertse > > CC: heasley ; rancid-discuss at shrubbery.net > > Onderwerp: Re: [rancid] Newline issue > > > > Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > > > Hello, > > > > > > Thank you for the response. > > > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > > > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > > > > > Merijn Evertse > > > > Can you show us an example from a cisco that is doing this? > > > > > -----Oorspronkelijk bericht----- > > > Van: heasley [mailto:heas at shrubbery.net] > > > Verzonden: donderdag 26 januari 2017 16:24 > > > Aan: Merijn Evertse > > > CC: rancid-discuss at shrubbery.net > > > Onderwerp: Re: [rancid] Newline issue > > > > > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > > > Hello, > > > > > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > > > > > - set two-factor-ftm-expiry 72 > > > > > > > > + set two-fact > > > > > > > > + or-ftm-expiry 72 > > > > > > > > Or > > > > > > > > - set virtual-server-hardware-acceleration enable > > > > > > > > + set vi > > > > > > > > + rtual-server-hardware-acceleration enable > > > > > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > > > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > > > > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > > > > > On Vyos it looks like: > > > > > > > > - # chassis_asset_tag: show hardware pci > > > > > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > Related one hour earlier: > > > > > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > + # chassis_asset_tag: show hardware pci # > > > > > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > > > > > And here the command itself is shown. > > > > > > > > Kind regards, > > > > > > > > Merijn Evertse > > > > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From merijn at trans-ix.nl Mon Jan 30 21:47:59 2017 From: merijn at trans-ix.nl (Merijn Evertse) Date: Mon, 30 Jan 2017 21:47:59 +0000 Subject: [rancid] Newline issue In-Reply-To: <20170130212227.GH73060@shrubbery.net> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> <20170130202813.GE73060@shrubbery.net> <914e0de68ff14e10b6870bc00d76653a@exch02.cloudhosted.local> <20170130212227.GH73060@shrubbery.net> Message-ID: <3cf5e6bec9934827a02134c20c01a0cf@exch02.cloudhosted.local> Hello, Got the raw file of this happening and afterwards of recovering to the normal line. These files include the password and certificate fields, and a lot of other stuff from my customer, so instead on sending it to you I ran a 'diff' on the files. Besides the changing password and certificate info the only lines are: 37c37 < System time: Mon Jan 30 13:33:16 2017 --- > System time: Mon Jan 30 13:40:53 2017 42c42 < #conf_file_ver=3430384035283229748 --- > #conf_file_ver=753099238288986698 169,170c169 < set tcp-tim < ewait-timer 1 --- > set tcp-timewait-timer 1 Merijn Evertse -----Oorspronkelijk bericht----- Van: heasley [mailto:heas at shrubbery.net] Verzonden: maandag 30 januari 2017 22:22 Aan: Merijn Evertse CC: heasley ; rancid-discuss at shrubbery.net Onderwerp: Re: [rancid] Newline issue Mon, Jan 30, 2017 at 08:51:53PM +0000, Merijn Evertse: > Hello, > > I have run it 20 times on 2 different Fortigate units and it never happens. > I have run the normal rancid-run 1 time and it happened on 2 units. > Always the same lines, around line 138 or 140 on every Fortigate device. > > Merijn Evertse hrm, lack of a tty - probably. Are you absolutely positive that the pager is being disabled? if so, I suppose this process has to be repeated for the cron & rancid-run process. set NOPIPE=YES in rancid.conf and change rancid.types.base: -fortigate;script;fnrancid +fortigate;script;fnrancid -d and run rancid-run or let cron run. I expect this to leave the .raw file behind as below. > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: maandag 30 januari 2017 21:28 > Aan: Merijn Evertse > CC: heasley ; rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Mon, Jan 30, 2017 at 08:04:24PM +0000, Merijn Evertse: > > Hello, > > > > Sorry it seems this has not happened for quite some time, so you can > > disregard the mentioning of Cisco :-) > > ok; then as the rancid user, please repeatedly run > > export NOPIPE=YES > fnrancid -dl hostname > > until you see the problem in the hostname.new file. Then provide the hostname.raw file to me as an attachment. Hopefully I can identify the cause from that. > > > Merijn Evertse > > > > -----Oorspronkelijk bericht----- > > Van: heasley [mailto:heas at shrubbery.net] > > Verzonden: maandag 30 januari 2017 20:39 > > Aan: Merijn Evertse > > CC: heasley ; rancid-discuss at shrubbery.net > > Onderwerp: Re: [rancid] Newline issue > > > > Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > > > Hello, > > > > > > Thank you for the response. > > > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > > > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > > > > > Merijn Evertse > > > > Can you show us an example from a cisco that is doing this? > > > > > -----Oorspronkelijk bericht----- > > > Van: heasley [mailto:heas at shrubbery.net] > > > Verzonden: donderdag 26 januari 2017 16:24 > > > Aan: Merijn Evertse > > > CC: rancid-discuss at shrubbery.net > > > Onderwerp: Re: [rancid] Newline issue > > > > > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > > > Hello, > > > > > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > > > > > - set two-factor-ftm-expiry 72 > > > > > > > > + set two-fact > > > > > > > > + or-ftm-expiry 72 > > > > > > > > Or > > > > > > > > - set virtual-server-hardware-acceleration enable > > > > > > > > + set vi > > > > > > > > + rtual-server-hardware-acceleration enable > > > > > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > > > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > > > > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > > > > > On Vyos it looks like: > > > > > > > > - # chassis_asset_tag: show hardware pci > > > > > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > Related one hour earlier: > > > > > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > + # chassis_asset_tag: show hardware pci # > > > > > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > > > > > And here the command itself is shown. > > > > > > > > Kind regards, > > > > > > > > Merijn Evertse > > > > > > > _______________________________________________ > > > > Rancid-discuss mailing list > > > > Rancid-discuss at shrubbery.net > > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From heas at shrubbery.net Mon Jan 30 21:50:43 2017 From: heas at shrubbery.net (heasley) Date: Mon, 30 Jan 2017 21:50:43 +0000 Subject: [rancid] Newline issue In-Reply-To: <3cf5e6bec9934827a02134c20c01a0cf@exch02.cloudhosted.local> References: <20170126152337.GB97542@shrubbery.net> <20170130193907.GB73060@shrubbery.net> <508c0e29bc4e4584a0ac4e61a6f20184@exch02.cloudhosted.local> <20170130202813.GE73060@shrubbery.net> <914e0de68ff14e10b6870bc00d76653a@exch02.cloudhosted.local> <20170130212227.GH73060@shrubbery.net> <3cf5e6bec9934827a02134c20c01a0cf@exch02.cloudhosted.local> Message-ID: <20170130215043.GI73060@shrubbery.net> Mon, Jan 30, 2017 at 09:47:59PM +0000, Merijn Evertse: > Hello, > > Got the raw file of this happening and afterwards of recovering to the normal line. > These files include the password and certificate fields, and a lot of other stuff from my customer, so instead on sending it to you I ran a 'diff' on the files. > > Besides the changing password and certificate info the only lines are: > 37c37 > < System time: Mon Jan 30 13:33:16 2017 > --- > > System time: Mon Jan 30 13:40:53 2017 > 42c42 > < #conf_file_ver=3430384035283229748 > --- > > #conf_file_ver=753099238288986698 > 169,170c169 > < set tcp-tim > < ewait-timer 1 > --- > > set tcp-timewait-timer 1 Sorry, that doesnt help me. you can send the raw files directly to me rather than the list. > Merijn Evertse > > -----Oorspronkelijk bericht----- > Van: heasley [mailto:heas at shrubbery.net] > Verzonden: maandag 30 januari 2017 22:22 > Aan: Merijn Evertse > CC: heasley ; rancid-discuss at shrubbery.net > Onderwerp: Re: [rancid] Newline issue > > Mon, Jan 30, 2017 at 08:51:53PM +0000, Merijn Evertse: > > Hello, > > > > I have run it 20 times on 2 different Fortigate units and it never happens. > > I have run the normal rancid-run 1 time and it happened on 2 units. > > Always the same lines, around line 138 or 140 on every Fortigate device. > > > > Merijn Evertse > > hrm, lack of a tty - probably. Are you absolutely positive that the pager is being disabled? > > if so, I suppose this process has to be repeated for the cron & rancid-run process. set NOPIPE=YES in rancid.conf and change rancid.types.base: > -fortigate;script;fnrancid > +fortigate;script;fnrancid -d > > and run rancid-run or let cron run. I expect this to leave the .raw file behind as below. > > > -----Oorspronkelijk bericht----- > > Van: heasley [mailto:heas at shrubbery.net] > > Verzonden: maandag 30 januari 2017 21:28 > > Aan: Merijn Evertse > > CC: heasley ; rancid-discuss at shrubbery.net > > Onderwerp: Re: [rancid] Newline issue > > > > Mon, Jan 30, 2017 at 08:04:24PM +0000, Merijn Evertse: > > > Hello, > > > > > > Sorry it seems this has not happened for quite some time, so you can > > > disregard the mentioning of Cisco :-) > > > > ok; then as the rancid user, please repeatedly run > > > > export NOPIPE=YES > > fnrancid -dl hostname > > > > until you see the problem in the hostname.new file. Then provide the hostname.raw file to me as an attachment. Hopefully I can identify the cause from that. > > > > > Merijn Evertse > > > > > > -----Oorspronkelijk bericht----- > > > Van: heasley [mailto:heas at shrubbery.net] > > > Verzonden: maandag 30 januari 2017 20:39 > > > Aan: Merijn Evertse > > > CC: heasley ; rancid-discuss at shrubbery.net > > > Onderwerp: Re: [rancid] Newline issue > > > > > > Mon, Jan 30, 2017 at 02:47:40PM +0000, Merijn Evertse: > > > > Hello, > > > > > > > > Thank you for the response. > > > > I checked the commands for disabling pager and they work. I also verified that debugging is disabled and is not logging to console. > > > > Also the issue is not exactly every hour, some runs go without problems and some have this issue. > > > > > > > > Merijn Evertse > > > > > > Can you show us an example from a cisco that is doing this? > > > > > > > -----Oorspronkelijk bericht----- > > > > Van: heasley [mailto:heas at shrubbery.net] > > > > Verzonden: donderdag 26 januari 2017 16:24 > > > > Aan: Merijn Evertse > > > > CC: rancid-discuss at shrubbery.net > > > > Onderwerp: Re: [rancid] Newline issue > > > > > > > > Thu, Jan 26, 2017 at 08:42:35AM +0000, Merijn Evertse: > > > > > Hello, > > > > > > > > > > The rancid run on our Fortigate units has a small issue. Every hour or so we get the following: > > > > > > > > > > - set two-factor-ftm-expiry 72 > > > > > > > > > > + set two-fact > > > > > > > > > > + or-ftm-expiry 72 > > > > > > > > > > Or > > > > > > > > > > - set virtual-server-hardware-acceleration enable > > > > > > > > > > + set vi > > > > > > > > > > + rtual-server-hardware-acceleration enable > > > > > > > > This is most likely either the pager or some out-of-band like logs being written to the vty while the config is being collected. fnlogin should be disabling the pager; verify that your aaa configuration is allowing it to do so. > > > > > > > > > I also see this sometimes on other devices, Cisco, Vyos etc. > > > > > It seems that something goes wrong reading the lines and the code sees a newline where it shouldn't. > > > > > > > > vyos is not supported by rancid and i've never used it, but it is probably the same cause. For the cisco too, and that is almost definitely your aaa not allowing it to disable the pager; but there are a few cisco platforms that have no way to disable the pager. > > > > > > > > > On Vyos it looks like: > > > > > > > > > > - # chassis_asset_tag: show hardware pci > > > > > > > > > > - # 3091-1101-9766-6577-4039-0090-06 > > > > > > > > > > + # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > > > Related one hour earlier: > > > > > > > > > > - # chassis_asset_tag: 3091-1101-9766-6577-4039-0090-06 > > > > > > > > > > + # chassis_asset_tag: show hardware pci # > > > > > > > > > > + 3091-1101-9766-6577-4039-0090-06 > > > > > > > > > > And here the command itself is shown. > > > > > > > > > > Kind regards, > > > > > > > > > > Merijn Evertse > > > > > > > > > _______________________________________________ > > > > > Rancid-discuss mailing list > > > > > Rancid-discuss at shrubbery.net > > > > > http://www.shrubbery.net/mailman/listinfo/rancid-discuss From Vinny.Abello at nttdata.com Mon Jan 30 22:30:53 2017 From: Vinny.Abello at nttdata.com (Vinny.Abello at nttdata.com) Date: Mon, 30 Jan 2017 22:30:53 +0000 Subject: [rancid] Force10 FTOS 9 still triggering alerts due to flash mod time changing and fan speed Message-ID: Hello all, I've got RANCID pointed at various Force10 switches all running some release of OS 9. RANCID continually sees changes from doing a directory listing. This has been discussed before here: http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/006995.html It seemed like this was a new issue with OS 9 and a patch was issued to address it. However, I'm running RANCID 3.6.2 and can see in f10rancid that it is patched in this manner, but it seems to have no effect for me. I continually get diffs every time rancid-run fires. An example: @@ -25,9 +25,9 @@ !Boot Variables: BOOT INTERFACE GATEWAY IP ADDRESS = variable does not exist !Boot Variables: Reload Mode = normal-reload ! !Flash: flash: 1 drwx 4096 Dec 31 1979 16:00:00 -08:00 . - !Flash: flash: 2 drwx 3584 Jan 30 2017 13:03:18 -08:00 .. + !Flash: flash: 2 drwx 3584 Jan 30 2017 14:03:26 -08:00 .. !Flash: flash: 3 drwx 4096 Sep 08 2015 22:11:08 -08:00 TRACE_LOG_DIR !Flash: flash: 4 drwx 4096 Sep 08 2015 22:11:08 -08:00 CONFD_LOG_DIR !Flash: flash: 5 drwx 4096 Sep 08 2015 22:11:08 -08:00 CORE_DUMP_DIR !Flash: flash: 6 d--- 4096 Sep 08 2015 22:11:08 -08:00 ADMIN_DIR Additionally, I think it was also mentioned somewhere on this list, some of the output captured includes the RPM reading of the fans in the chassis when checking the power supplies and it is comparing these values which should be ignored. Here is an example of that: @@ -56,9 +56,9 @@ !Chassis: No Of MACs : 3 !Chassis: -- Power Supplies -- !Chassis: Unit Bay Status Type FanStatus FanSpeed(rpm) !Chassis: 1 1 up AC up 10288 - !Chassis: 1 2 up AC up 10256 + !Chassis: 1 2 up AC up 10288 !Chassis: -- Fan Status -- !Chassis: 1 up !Chassis: 1 up !Chassis: 1 up Is there something I can change in f10rancid to have it ignore these two things and can this be pushed into a future release? I'd be happy to test anything against a myriad of Force10 gear I have. Thanks! -Vinny ______________________________________________________________________ Disclaimer: This email and any attachments are sent in strictest confidence for the sole use of the addressee and may contain legally privileged, confidential, and proprietary data. If you are not the intended recipient, please advise the sender by replying promptly to this email and then delete and destroy this email and any attachments without any further use, copying or forwarding. -------------- next part -------------- An HTML attachment was scrubbed... URL: From doug.hughes at keystonenap.com Tue Jan 31 01:16:54 2017 From: doug.hughes at keystonenap.com (Doug Hughes) Date: Mon, 30 Jan 2017 20:16:54 -0500 Subject: [rancid] Force10 FTOS 9 still triggering alerts due to flash mod time changing and fan speed In-Reply-To: References: Message-ID: Yes, this is relatively easy to fix. for the first I'd add a line in your ShowFlash proc near the other 'next if' lines like so: next if / \.?$/; (that will skip the . and .. entries.) for the next it'd be in the ShowChassis procedure you could do something similar, however if you care about the fan status but not the speed (reasonable), you have to do a little more processing. There are ways you could do this with more work by eliminating the speed, but the simple answer might be: next if / up /; It's a little bit scattershot, but it will quiet the noise unless something important comes up with a fan or a power supply. (It's also easier than testing the alternate) On 1/30/2017 5:30 PM, Vinny.Abello at nttdata.com wrote: > > Hello all, > > I?ve got RANCID pointed at various Force10 switches all running some > release of OS 9. RANCID continually sees changes from doing a > directory listing. This has been discussed before here: > > http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/006995.html > > It seemed like this was a new issue with OS 9 and a patch was issued > to address it. However, I?m running RANCID 3.6.2 and can see in > f10rancid that it is patched in this manner, but it seems to have no > effect for me. I continually get diffs every time rancid-run fires. > > An example: > > @@ -25,9 +25,9 @@ > > !Boot Variables: BOOT INTERFACE GATEWAY IP ADDRESS = variable does > not exist > > !Boot Variables: Reload Mode = normal-reload > > ! > > !Flash: flash: 1 drwx 4096 Dec 31 1979 16:00:00 -08:00 . > > - !Flash: flash: 2 drwx 3584 Jan 30 2017 13:03:18 -08:00 .. > > + !Flash: flash: 2 drwx 3584 Jan 30 2017 14:03:26 -08:00 .. > > !Flash: flash: 3 drwx 4096 Sep 08 2015 22:11:08 -08:00 > TRACE_LOG_DIR > > !Flash: flash: 4 drwx 4096 Sep 08 2015 22:11:08 -08:00 > CONFD_LOG_DIR > > !Flash: flash: 5 drwx 4096 Sep 08 2015 22:11:08 -08:00 > CORE_DUMP_DIR > > !Flash: flash: 6 d--- 4096 Sep 08 2015 22:11:08 -08:00 > ADMIN_DIR > > Additionally, I think it was also mentioned somewhere on this list, > some of the output captured includes the RPM reading of the fans in > the chassis when checking the power supplies and it is comparing these > values which should be ignored. > > Here is an example of that: > > @@ -56,9 +56,9 @@ > > !Chassis: No Of MACs : 3 > > !Chassis: -- Power Supplies -- > > !Chassis: Unit Bay Status Type FanStatus FanSpeed(rpm) > > !Chassis: 1 1 up AC up 10288 > > - !Chassis: 1 2 up AC up 10256 > > + !Chassis: 1 2 up AC up 10288 > > !Chassis: -- Fan Status -- > > !Chassis: 1 up > > !Chassis: 1 up > > !Chassis: 1 up > > Is there something I can change in f10rancid to have it ignore these > two things and can this be pushed into a future release? I?d be happy > to test anything against a myriad of Force10 gear I have. > > Thanks! > > -Vinny > > > ______________________________________________________________________ > Disclaimer: This email and any attachments are sent in strictest > confidence > for the sole use of the addressee and may contain legally privileged, > confidential, and proprietary data. If you are not the intended recipient, > please advise the sender by replying promptly to this email and then > delete > and destroy this email and any attachments without any further use, > copying > or forwarding. > > > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -- Doug Hughes Keystone NAP Fairless Hills, PA 1.844.KEYBLOCK (539.2562) -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: keystone-nap.png Type: image/png Size: 3476 bytes Desc: not available URL: From harlei.jlima at gmail.com Tue Jan 31 01:48:40 2017 From: harlei.jlima at gmail.com (Harlei Lima) Date: Mon, 30 Jan 2017 23:48:40 -0200 Subject: [rancid] Rancid use In-Reply-To: References: Message-ID: Yes, of course. I got this site: http://www.shrubbery.net/rancid/#started Atenciosamente: Harlei Julio de Lima Gerente de Infraestrutura TI | Seguran?a de Redes e Computadores | Analista TI S?nior | Pesquisa e Inova??o https://br.linkedin.com/in/hjlima 2017-01-30 14:10 GMT-02:00 Lamin Darboe : > Can you make the software and license available so that we can have it > installed? > > > > *From:* Rancid-discuss [mailto:rancid-discuss-bounces at shrubbery.net] *On > Behalf Of *Harlei Lima > *Sent:* Friday, January 27, 2017 5:30 AM > *To:* rancid-discuss at shrubbery.net; Lee ; heasley < > heas at shrubbery.net> > *Subject:* [rancid] Rancid use > > > > Dear. > > > I would like to know if I can use rancid to backup a linux server, apache > server among others for example, or if it does not apply to those cases, or > just for specific devices? > > Atenciosamente: > Harlei Julio de Lima > Gerente de Infraestrutura TI | Seguran?a de Redes e Computadores | > Analista TI S?nior | Pesquisa e Inova??o > > https://br.linkedin.com/in/hjlima > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason.winters at eway.com.au Tue Jan 31 04:21:46 2017 From: jason.winters at eway.com.au (Jason Winters) Date: Tue, 31 Jan 2017 15:21:46 +1100 Subject: [rancid] RANCID auto Git to AWS Code Commit Message-ID: Hi guys, I have RANCID setup on Centos 7 using CVS and working OK. I need to change the config so that RANCID can use GIT to push/commit the configs to AWS Code Commit for offsite storage, and I am struggling to get this to work. I have the AWS side setup with access/permissions etc. Git is installed and the repo setup on the local box but when I run rancid git isnt called to update the repo. I have edited the rancid.conf so RCSSYS=git too. Has anyone else done this and could you provide any tips/guidance Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 31 06:34:57 2017 From: heas at shrubbery.net (Heasley) Date: Mon, 30 Jan 2017 22:34:57 -0800 Subject: [rancid] Force10 FTOS 9 still triggering alerts due to flash mod time changing and fan speed In-Reply-To: References: Message-ID: > Am 30.01.2017 um 17:16 schrieb Doug Hughes : > > > Yes, this is relatively easy to fix. > > for the first I'd add a line in your ShowFlash proc near the other 'next if' lines like so: > > next if / \.?$/; > (that will skip the . and .. entries.) > Doesnt that skip any line with an end? > for the next it'd be in the ShowChassis procedure you could do something similar, however if you care about the fan status but not the speed (reasonable), you have to do a little more processing. There are ways you could do this with more work by eliminating the speed, but the simple answer might be: > > next if / up /; > > It's a little bit scattershot, but it will quiet the noise unless something important comes up with a fan or a power supply. (It's also easier than testing the alternate) > >> On 1/30/2017 5:30 PM, Vinny.Abello at nttdata.com wrote: >> Hello all, >> >> I?ve got RANCID pointed at various Force10 switches all running some release of OS 9. RANCID continually sees changes from doing a directory listing. This has been discussed before here: >> >> http://www.shrubbery.net/pipermail/rancid-discuss/2013-August/006995.html >> >> It seemed like this was a new issue with OS 9 and a patch was issued to address it. However, I?m running RANCID 3.6.2 and can see in f10rancid that it is patched in this manner, but it seems to have no effect for me. I continually get diffs every time rancid-run fires. >> >> An example: >> >> @@ -25,9 +25,9 @@ >> !Boot Variables: BOOT INTERFACE GATEWAY IP ADDRESS = variable does not exist >> !Boot Variables: Reload Mode = normal-reload >> ! >> !Flash: flash: 1 drwx 4096 Dec 31 1979 16:00:00 -08:00 . >> - !Flash: flash: 2 drwx 3584 Jan 30 2017 13:03:18 -08:00 .. >> + !Flash: flash: 2 drwx 3584 Jan 30 2017 14:03:26 -08:00 .. >> !Flash: flash: 3 drwx 4096 Sep 08 2015 22:11:08 -08:00 TRACE_LOG_DIR >> !Flash: flash: 4 drwx 4096 Sep 08 2015 22:11:08 -08:00 CONFD_LOG_DIR >> !Flash: flash: 5 drwx 4096 Sep 08 2015 22:11:08 -08:00 CORE_DUMP_DIR >> !Flash: flash: 6 d--- 4096 Sep 08 2015 22:11:08 -08:00 ADMIN_DIR >> >> >> Additionally, I think it was also mentioned somewhere on this list, some of the output captured includes the RPM reading of the fans in the chassis when checking the power supplies and it is comparing these values which should be ignored. >> >> Here is an example of that: >> >> @@ -56,9 +56,9 @@ >> !Chassis: No Of MACs : 3 >> !Chassis: -- Power Supplies -- >> !Chassis: Unit Bay Status Type FanStatus FanSpeed(rpm) >> !Chassis: 1 1 up AC up 10288 >> - !Chassis: 1 2 up AC up 10256 >> + !Chassis: 1 2 up AC up 10288 >> !Chassis: -- Fan Status -- >> !Chassis: 1 up >> !Chassis: 1 up >> !Chassis: 1 up >> >> >> Is there something I can change in f10rancid to have it ignore these two things and can this be pushed into a future release? I?d be happy to test anything against a myriad of Force10 gear I have. >> >> Thanks! >> >> -Vinny >> >> ______________________________________________________________________ >> Disclaimer: This email and any attachments are sent in strictest confidence >> for the sole use of the addressee and may contain legally privileged, >> confidential, and proprietary data. If you are not the intended recipient, >> please advise the sender by replying promptly to this email and then delete >> and destroy this email and any attachments without any further use, copying >> or forwarding. >> >> >> _______________________________________________ >> Rancid-discuss mailing list >> Rancid-discuss at shrubbery.net >> http://www.shrubbery.net/mailman/listinfo/rancid-discuss > > -- > Doug Hughes > Keystone NAP > Fairless Hills, PA > 1.844.KEYBLOCK (539.2562) > _______________________________________________ > Rancid-discuss mailing list > Rancid-discuss at shrubbery.net > http://www.shrubbery.net/mailman/listinfo/rancid-discuss -------------- next part -------------- An HTML attachment was scrubbed... URL: From heas at shrubbery.net Tue Jan 31 22:16:51 2017 From: heas at shrubbery.net (heasley) Date: Tue, 31 Jan 2017 22:16:51 +0000 Subject: [rancid] Force10 FTOS 9 still triggering alerts due to flash mod time changing and fan speed In-Reply-To: <20170131221326.274197932@sea.shrubbery.net> <20170131205901.8A753773B@sea.shrubbery.net> Message-ID: <20170131221650.GB16621@shrubbery.net> Mon, Jan 30, 2017 at 08:16:54PM -0500, Doug Hughes: > > Yes, this is relatively easy to fix. > > for the first I'd add a line in your ShowFlash proc near the other 'next > if' lines like so: > > next if / \.?$/; > (that will skip the . and .. entries.) > > for the next it'd be in the ShowChassis procedure you could do something > similar, however if you care about the fan status but not the speed > (reasonable), you have to do a little more processing. There are ways > you could do this with more work by eliminating the speed, but the > simple answer might be: > > next if / up /; > > It's a little bit scattershot, but it will quiet the noise unless > something important comes up with a fan or a power supply. (It's also > easier than testing the alternate) or Index: CHANGES =================================================================== --- CHANGES (revision 3601) +++ CHANGES (working copy) @@ -1,4 +1,7 @@ 3.99.99 + f10rancid: WS after filenames in some versions cause the dir and + parent dir filters to fail. + fnrancid: filter last-login - Merijn Evertse sros.pm: drop unnecessary command: file type config.dbg - Greg Hankins Index: bin/f10rancid.in =================================================================== --- bin/f10rancid.in (revision 3586) +++ bin/f10rancid.in (working copy) @@ -345,7 +345,7 @@ /Directory of/ && next; # . & .. - / \.{1,2}$/ && next; + / \.{1,2}\s+$/ && next; # clean up totals line if (/.* (\d+) bytes total/) { Tue, Jan 31, 2017 at 10:13:26PM +0000, heasley: Index: CHANGES =================================================================== --- CHANGES (revision 3602) +++ CHANGES (working copy) @@ -1,4 +1,6 @@ 3.99.99 + f10rancid: remove s4048 PS fan speed + f10rancid: WS after filenames in some versions cause the dir and parent dir filters to fail. Index: bin/f10rancid.in =================================================================== --- bin/f10rancid.in (revision 3602) +++ bin/f10rancid.in (working copy) @@ -241,7 +241,7 @@ while () { tr/\015//d; - last if (/^$prompt/); +REDO: last if (/^$prompt/); next if (/^(\s*|\s*$cmd\s*)$/); return(1) if /(Invalid input|Type help or )/; return(1) if /( *\^$)/; @@ -259,6 +259,42 @@ # E600 AC PSMs /Status : up/ && next; /High line/ && next; + # PS fans + if (/power\s+supplies/i) { + ProcessHistory("COMMENTS","keysort","CHASSIS","!Chassis: $_"); + + while () { + tr/\015//d; + if (/^$prompt/) { + goto OUT; + } + last if (/^$/); + # remove any trailing WS + s/\s+$//; + next if (/^----+$/); + # s4048 style + if (/(Unit\s+Bay\s+Status\s+Type\s+FanStatus)\s+FanSpeed/) { + ProcessHistory("COMMENTS","keysort","CHASSIS", + "!Chassis: $1\n"); + while () { + tr/\015//d; + if (/^$prompt/) { + goto OUT; + } + last if (/^$/); + # remove any trailing WS + s/\s+$//; + # consume the following separator line + next if (/^----+$/); + /^(\s+\d+\s+\d+\s+\S+\s+\S+\s+\S+)\s+\S+/ && + ProcessHistory("COMMENTS","keysort","CHASSIS", + "!Chassis: $1\n") && next; + last; + } + goto REDO; + } + } + } # fans if (/Fan\s+Status/i) { ProcessHistory("COMMENTS","keysort","CHASSIS","!Chassis: $_");