Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[Gauthier, Chris]

The only way in CLI to do a "show run" type of output in XML format is to 
execute the following commands.  This holds true for both Panorama and Pan-OS 
(not managed by Panorama):

User@Palo-Alto-FW> set cli config-output-format xml
User@Palo-Alto-FW> configure
Entering configuration mode
[edit]
User@Palo-Alto-FW# show

  

Truncated to hide my config

--Chris




Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of john 
heasley 
Date: Monday, July 15, 2019 at 3:00 PM
To: Erik Muller 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

Fri, Jul 12, 2019 at 09:18:34PM +0200, Erik Muller:
> On 7/12/19 14:15 , Gauthier, Chris wrote:
> > Rancid configs for PAN can NOT be used to restore the config, unless you
> > cut and paste the configuration. This is because the native config files
> > are stored in XML format and that is the format the Palo Alto utilities
> > expect when performing restorations.
>
> Having recently needed to deal with a bunch of PAs, I ran into that same
> issue and ended up writing a tool (https://github.com/ermuller/bracematch)
> to simplify the process.
>
> RE the other question about Panorama vs device configs, if you're backing
> up your Panorama configuration (which has been fine via Rancid in my

How are you backing the Panorama configuration?  is that just another
rancid 'paloalto' target?

> experience) as well as the base config on the device, you don't need to
> backup the merged configuration.  And you probably shouldn't pull the
> merged config, for restore purposes, as anything other than the local
> device configuration will come from the Panorama templates once the device
> is replaced.  Of course, the merged config might still be convenient to
> save to easily see the complete policy set active on a given box.
>
> -e
>
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,hdku7bLUQv7d0MAZOo8JrRXyca7FQEKjBwWLzlp0SJrUL-sb15koHXRbLiFA-stZLGQTyAvtcN8gShdbJ7Kpb47cHU_aXg5ZJBdwGDVSJSgIWDsF=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,bcAQYO-5xrzHw_0wfIv6Q3dm9-YAo8bMXWeVwZUulp3epd9ZkICII1QaJ_OJNdOV1XBK8gk0mx4wElmLp_3tZbcNWaLh8Q-9CLt0HJWGahly9knQqA,,=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

So, once again, cut and paste bit me….  My sincere apologies.

Change the first line to read:

panw;script;rancid -t panw



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee 
Date: Friday, July 12, 2019 at 3:35 PM
To: "Gauthier, Chris" 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Hi Chris,

I've made similar chnages on v3.9 but not getting the new 'merged' config based 
on yours.
Below are the panw code i added :

panw;script;rancid -t paloalto
panw;login;panlogin
panw;module;panos
panw;inloop;panos::inloop
panw;command;panos::ShowInfo;show system info
panw;command;panos::ShowInventory;show chassis inventory
panw;command;panos::ShowConfig;show config merged
Unfortunately still didnt captured the panorama configs.

On Sat, Jul 13, 2019 at 3:58 AM Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:
So, if you look at my posting below, I made a rather dumb copy/paste error in 
my ‘panw’ definition.  The first line should read:

panw;script;rancid -t paloalto

not:
panw;script;rancid -t paloalto


Thanks to Heasley for pointing that out!  I would have not seen that for a 
while.  Having changed the line as shown above, the ‘show config merged’ now 
works great on Panorama-managed and non-managed PA devices.

--Chris
Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss 
mailto:rancid-discuss-boun...@shrubbery.net>>
 on behalf of "Gauthier, Chris" 
mailto:cgauth...@comscore.com>>
Date: Friday, July 12, 2019 at 9:24 AM
To: annie lee mailto:lsy.an...@gmail.com>>
Cc: "rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

I’m getting some interesting results in my testing.

Rancid Version:  3.7

I have a pair of PA-5050’s managed by Panorama that have been only getting the 
‘show config running’ output (the limited output).  I made a new device type in 
etc/rancid.types.conf:

panw;script;rancid -t paloalto
panw;login;panlogin
panw;module;panos
panw;inloop;panos::inloop
panw;command;rancid::RunCommand;set cli scripting-mode on
panw;command;rancid::RunCommand;set cli pager off
panw;command;panos::ShowInfo;show system info
panw;command;panos::ShowConfig;show config merged

This works well for my test unit (PA-220, unmanaged), but I am having problems 
with the PA-5050’s.

For reference:  Here is the device type of “paloalto” in etc/rancid.types.base:
paloalto;script;rancid -t paloalto
paloalto;login;panlogin
paloalto;module;panos
paloalto;inloop;panos::inloop
paloalto;command;rancid::RunCommand;set cli scripting-mode on
paloalto;command;rancid::RunCommand;set cli pager off
paloalto;command;panos::ShowInfo;show system info
paloalto;command;panos::ShowConfig;show config running

With the PA-5050’s, started with the following lines in router.db:
pa-1.example.com<http://pa-1.example.com>;paloalto;up;PA-5050 ha pair
pa-2.example.com<http://pa-2.example.com>;paloalto;up;PA-5050 ha pair

They’ve been getting the limited output because of the show config running 
command and that they’re managed by Panorama.  I altered the router.db file to:
pa-1.example.com<http://pa-1.example.com>;panw;up;PA-5050 ha pair
pa-2.example.com<http://pa-2.example.com>;panw;up;PA-5050 ha pair

I got the email that said the original devices were deleted and the new devices 
were added.

- pa-1.example.com<http://pa-1.example.com>;paloalto;up;PA-5050
- pa-2.example.com<http://pa-2.example.com>;panw;paloalto;up;PA-5050
+ pa-1.example.com<http://pa-1.example.com>;panw;up;PA-5050
+ pa-2.example.com<http://pa-2.example.com>;panw;panw;up;PA-5050

I checked the config files after running rancid again a couple times and the 
config was unchanged.  The output captured doesn’t seem to have changed.  Next, 
I troubleshot it by doing ‘NOPIPE=yes rancid -d -t panw 
pa-1.example.com<http://pa-1.example.com>’ and reviewing the output.  It 
captured everything cleanly, as far as I can tell.  No errors.  It’s like the 
diff is not catching the difference in output?

What might I try next?

--Chris


Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[Gauthier, Chris]

Yes, you can export the different formats, but the restore expects XML, in my 
experience.  Also, for those using Panorama, Erik’s advice to rely on Panorama 
is sound.  Been there, done that, don’t want to restore again, but it worked!

--Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Scott Granados 
Date: Friday, July 12, 2019 at 12:23 PM
To: "Gauthier, Chris" 
Cc: john heasley , "rancid-discuss@shrubbery.net" 

Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

We haven’t bothered with Panorama much because unlike the firewalls themselves 
the Panorama interface is very poor with screen readers and other accessibility 
technologies used.

In AWS we do a lot of exporting of configs and use S3 to bootstrap the virtual 
appliances so there may be a difference in what I’m working with.  We can edit 
the configs in S3 and they an be automatically imported or grabbed on boot.  On 
the hardware though I thought it was selectable.  I’ll review the link you 
sent, thank you.

 Just queried my PA and the choices I have to export or import configs are 
JSUN, XML, SET or Default which looks like JSUN to me so not sure why that’s 
duplicated.  I am just setting the CLI variable I assume you’re using a 
different mechanism that’s different.

Thanks


If you’re connecting via SSH and pulling the config I don’t see why you 
couldn’t set it to what ever format you wanted and then push with the correct 
flag set at the head of the request.




On Jul 12, 2019, at 2:56 PM, Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:

Exported config files are in XML format. Here is a link to the documentation. 
Nowhere in their documentation does it reference using JSON as the format for 
import/export.

Also, Palo Alto has a "scheduled export" facility, especially if you are using 
Panorama. We use RANCiD to track the changes more than anything, but use the 
utility to auto-export configs.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fdocs.paloaltonetworks.com%2fpan-os%2f8-1%2fpan-os-admin%2ffirewall-administration%2fmanage-configuration-backups%2fsave-and-export-firewall-configurations.html=E,1,0qhQpOJ3IE1t6MumBQfYeWwWzNiZrVzg8lehAsq9yfYLyBR3HCK63tvfAGhFRKzvMcASnfiojsE3uVNGhsURGTNARWTNMuKI_9o9a0Y9KSrmudi6fw,,=1>

--Chris


Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Scott Granados 
Date: Friday, July 12, 2019 at 11:44 AM
To: john heasley 
Cc: "Gauthier, Chris" , "rancid-discuss@shrubbery.net" 

Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

It’s not XML, it’s JSUN if I understand where you’re going with this.

>From exec mode
Set cli config-output-format default

Also other variables here can be set for set form andother formats which you 
can select and display with a ? In the config-output-format parameter field.

Thanks


> On Jul 12, 2019, at 2:20 PM, john heasley  wrote:
>
> Fri, Jul 12, 2019 at 06:15:39PM +, Gauthier, Chris:
>> Rancid configs for PAN can NOT be used to restore the config, unless you cut 
>> and paste the configuration. This is because the native config files are 
>> stored in XML format and that is the format the Palo Alto utilities expect 
>> when performing restorations.
>>
>
> so, store both in rancid. what is the cmd to retrieve the xml format?
>
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,=1


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[Gauthier, Chris]

Exported config files are in XML format.  Here is a link to the documentation.  
Nowhere in their documentation does it reference using JSON as the format for 
import/export.

Also, Palo Alto has a "scheduled export" facility, especially if you are using 
Panorama.  We use RANCiD to track the changes more than anything, but use the 
utility to auto-export configs.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/save-and-export-firewall-configurations.html

--Chris




Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Scott Granados 
Date: Friday, July 12, 2019 at 11:44 AM
To: john heasley 
Cc: "Gauthier, Chris" , "rancid-discuss@shrubbery.net" 

Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

It’s not XML, it’s JSUN if I understand where you’re going with this.

>From exec mode
Set cli config-output-format default

Also other variables here can be set for set form andother formats which you 
can select and display with a ? In the config-output-format parameter field.

Thanks


> On Jul 12, 2019, at 2:20 PM, john heasley  wrote:
>
> Fri, Jul 12, 2019 at 06:15:39PM +, Gauthier, Chris:
>> Rancid configs for PAN can NOT be used to restore the config, unless you cut 
>> and paste the configuration.  This is because the native config files are 
>> stored in XML format and that is the format the Palo Alto utilities expect 
>> when performing restorations.
>>
>
> so, store both in rancid.  what is the cmd to retrieve the xml format?
>
> ___
> Rancid-discuss mailing list
> Rancid-discuss@shrubbery.net
> https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,sOD-u4Fb7FVnpwIC-I0Noqe21OYAOvq8QodxcvUVO6-_RwELL2hG9BvQdat-eHRfzF59pW8ydxDEwG45J8a3oI9ghdsNO9UKZn3Kwl9xyPeaQm2MlpRKXQLW2A,,=1


___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

[Gauthier, Chris]

Rancid configs for PAN can NOT be used to restore the config, unless you cut 
and paste the configuration.  This is because the native config files are 
stored in XML format and that is the format the Palo Alto utilities expect when 
performing restorations.

--Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of john 
heasley 
Date: Friday, July 5, 2019 at 10:43 AM
To: STUART WALTON 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Restore a Palo Alto Firewall from a Rancid bacup

Thu, Jul 04, 2019 at 08:23:51AM +, STUART WALTON:
> Hi
>
> Has anyone used a backup from Rancid to restore a Palo Alto Firewall?
>
> If so how have you done it?  (I have the backup but it does not appear to be 
> in the correct format)
>
> I have searched the discussion but cannot seem to find the answer. Any help 
> would be appreciated.

I do not know much of anything about PAN devices.  However, be aware that,
depending upon your rancid configuration, passwords may be removed.  Also,
see the FAQ S1 Q5 for another caveat that may apply to PAN.

Also, include the error you received when attempting to load the config.
It might provide clue to someone with more experience with PAN.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,qrWANWlQYaUeaaoEGf6I-WmqahOFpLboIOsZz7b3yKfSUzpY5cUajZzVEWvA4kobgPxxfRU1MaUB91_9kWsr_BYI8TlZE-d1DrWcD7WIFEmJsZMiU0LMHAkW=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

So, if you look at my posting below, I made a rather dumb copy/paste error in 
my ‘panw’ definition.  The first line should read:

panw;script;rancid -t paloalto

not:
panw;script;rancid -t paloalto


Thanks to Heasley for pointing that out!  I would have not seen that for a 
while.  Having changed the line as shown above, the ‘show config merged’ now 
works great on Panorama-managed and non-managed PA devices.

--Chris

Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of 
"Gauthier, Chris" 
Date: Friday, July 12, 2019 at 9:24 AM
To: annie lee 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

I’m getting some interesting results in my testing.

Rancid Version:  3.7

I have a pair of PA-5050’s managed by Panorama that have been only getting the 
‘show config running’ output (the limited output).  I made a new device type in 
etc/rancid.types.conf:

panw;script;rancid -t paloalto
panw;login;panlogin
panw;module;panos
panw;inloop;panos::inloop
panw;command;rancid::RunCommand;set cli scripting-mode on
panw;command;rancid::RunCommand;set cli pager off
panw;command;panos::ShowInfo;show system info
panw;command;panos::ShowConfig;show config merged

This works well for my test unit (PA-220, unmanaged), but I am having problems 
with the PA-5050’s.

For reference:  Here is the device type of “paloalto” in etc/rancid.types.base:
paloalto;script;rancid -t paloalto
paloalto;login;panlogin
paloalto;module;panos
paloalto;inloop;panos::inloop
paloalto;command;rancid::RunCommand;set cli scripting-mode on
paloalto;command;rancid::RunCommand;set cli pager off
paloalto;command;panos::ShowInfo;show system info
paloalto;command;panos::ShowConfig;show config running

With the PA-5050’s, started with the following lines in router.db:
pa-1.example.com;paloalto;up;PA-5050 ha pair
pa-2.example.com;paloalto;up;PA-5050 ha pair

They’ve been getting the limited output because of the show config running 
command and that they’re managed by Panorama.  I altered the router.db file to:
pa-1.example.com;panw;up;PA-5050 ha pair
pa-2.example.com;panw;up;PA-5050 ha pair

I got the email that said the original devices were deleted and the new devices 
were added.

- pa-1.example.com;paloalto;up;PA-5050
- pa-2.example.com;panw;paloalto;up;PA-5050
+ pa-1.example.com;panw;up;PA-5050
+ pa-2.example.com;panw;panw;up;PA-5050

I checked the config files after running rancid again a couple times and the 
config was unchanged.  The output captured doesn’t seem to have changed.  Next, 
I troubleshot it by doing ‘NOPIPE=yes rancid -d -t panw pa-1.example.com’ and 
reviewing the output.  It captured everything cleanly, as far as I can tell.  
No errors.  It’s like the diff is not catching the difference in output?

What might I try next?

--Chris


Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee 
Date: Thursday, July 11, 2019 at 4:00 PM
To: "Gauthier, Chris" 
Cc: john heasley , "Anderson, Charles R" , 
"rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Hi Chris,

Thats very kind of you to spend time doing that and thanks for that.

Rgds

On Fri, Jul 12, 2019 at 8:51 AM Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:
I’m working through that right now.

Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee mailto:lsy.an...@gmail.com>>
Date: Thursday, July 11, 2019 at 2:43 PM
To: "Gauthier, Chris" mailto:cgauth...@comscore.com>>
Cc: john heasley mailto:h...@shrubbery.net>>, "Anderson, 
Charles R" mailto:c...@wpi.edu>>, 
"rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thats good to know on the new cli (show config merged will grab everyt

Re: [rancid] Rancid.Conf Disappeared on Ubuntu Update

[Gauthier, Chris]

I have to admit, I wish the etc/ directory was part of a Git repo.  I could do 
it locally, but would be a nice feature enhancement.



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of 
"Sheeter, Kyle" 
Date: Wednesday, July 3, 2019 at 1:18 PM
To: "rancid-discuss@shrubbery.net" 
Subject: [rancid] Rancid.Conf Disappeared on Ubuntu Update

Hey all,

I was doing some Ubuntu upgrades on my server, and just noticed that RANCID 
stop sending me updates.  Ran the rancid-run command and then found out that my 
rancid.conf file disappeared.  Anyone know the best way to recreate the conf 
file?  All of my other information is still there it seems, and the DB is still 
populated with my old network data.

Thanks!
Kyle James Sheeter


Please be advised that this email may contain confidential information. If you 
are not the intended recipient, please notify us by email by replying to the 
sender and delete this message. The sender disclaims that the content of this 
email constitutes an offer to enter into, or the acceptance of, any agreement; 
provided that the foregoing does not invalidate the binding effect of any 
digital or other electronic reproduction of a manual signature that is included 
in any attachment.
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

I’m getting some interesting results in my testing.

Rancid Version:  3.7

I have a pair of PA-5050’s managed by Panorama that have been only getting the 
‘show config running’ output (the limited output).  I made a new device type in 
etc/rancid.types.conf:

panw;script;rancid -t paloalto
panw;login;panlogin
panw;module;panos
panw;inloop;panos::inloop
panw;command;rancid::RunCommand;set cli scripting-mode on
panw;command;rancid::RunCommand;set cli pager off
panw;command;panos::ShowInfo;show system info
panw;command;panos::ShowConfig;show config merged

This works well for my test unit (PA-220, unmanaged), but I am having problems 
with the PA-5050’s.

For reference:  Here is the device type of “paloalto” in etc/rancid.types.base:
paloalto;script;rancid -t paloalto
paloalto;login;panlogin
paloalto;module;panos
paloalto;inloop;panos::inloop
paloalto;command;rancid::RunCommand;set cli scripting-mode on
paloalto;command;rancid::RunCommand;set cli pager off
paloalto;command;panos::ShowInfo;show system info
paloalto;command;panos::ShowConfig;show config running

With the PA-5050’s, started with the following lines in router.db:
pa-1.example.com;paloalto;up;PA-5050 ha pair
pa-2.example.com;paloalto;up;PA-5050 ha pair

They’ve been getting the limited output because of the show config running 
command and that they’re managed by Panorama.  I altered the router.db file to:
pa-1.example.com;panw;up;PA-5050 ha pair
pa-2.example.com;panw;up;PA-5050 ha pair

I got the email that said the original devices were deleted and the new devices 
were added.

- pa-1.example.com;paloalto;up;PA-5050
- pa-2.example.com;panw;paloalto;up;PA-5050
+ pa-1.example.com;panw;up;PA-5050
+ pa-2.example.com;panw;panw;up;PA-5050

I checked the config files after running rancid again a couple times and the 
config was unchanged.  The output captured doesn’t seem to have changed.  Next, 
I troubleshot it by doing ‘NOPIPE=yes rancid -d -t panw pa-1.example.com’ and 
reviewing the output.  It captured everything cleanly, as far as I can tell.  
No errors.  It’s like the diff is not catching the difference in output?

What might I try next?

--Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee 
Date: Thursday, July 11, 2019 at 4:00 PM
To: "Gauthier, Chris" 
Cc: john heasley , "Anderson, Charles R" , 
"rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Hi Chris,

Thats very kind of you to spend time doing that and thanks for that.

Rgds

On Fri, Jul 12, 2019 at 8:51 AM Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:
I’m working through that right now.

Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee mailto:lsy.an...@gmail.com>>
Date: Thursday, July 11, 2019 at 2:43 PM
To: "Gauthier, Chris" mailto:cgauth...@comscore.com>>
Cc: john heasley mailto:h...@shrubbery.net>>, "Anderson, 
Charles R" mailto:c...@wpi.edu>>, 
"rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thats good to know on the new cli (show config merged will grab everything from 
the firewall and panorama).
How do we add the cli and diff to rancid ??

On Fri, Jul 12, 2019 at 4:20 AM Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:
Just validated the ‘show config merged’ command works with any PA firewall, 
managed by Panorama or not.

Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss 
mailto:rancid-discuss-boun...@shrubbery.net>>
 on behalf of "Gauthier, Chris" 
mailto:cgauth...@comscore.com>>
Date: Thursday, July 11, 2019 at 11:16 AM
To: john heasley mailto:h...@shrubbery.net>>, "Anderson, 
Charles R" mailto:c...@wpi.edu>>
Cc: "rancid-discuss@shrubbery.net<mailto

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

I’m working through that right now.


Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: annie lee 
Date: Thursday, July 11, 2019 at 2:43 PM
To: "Gauthier, Chris" 
Cc: john heasley , "Anderson, Charles R" , 
"rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thats good to know on the new cli (show config merged will grab everything from 
the firewall and panorama).
How do we add the cli and diff to rancid ??

On Fri, Jul 12, 2019 at 4:20 AM Gauthier, Chris 
mailto:cgauth...@comscore.com>> wrote:
Just validated the ‘show config merged’ command works with any PA firewall, 
managed by Panorama or not.

Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss 
mailto:rancid-discuss-boun...@shrubbery.net>>
 on behalf of "Gauthier, Chris" 
mailto:cgauth...@comscore.com>>
Date: Thursday, July 11, 2019 at 11:16 AM
To: john heasley mailto:h...@shrubbery.net>>, "Anderson, 
Charles R" mailto:c...@wpi.edu>>
Cc: "rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Yes, the command "show config merged" gives the locally-managed config output 
AND the configuration that is pushed out by Panorama. I'll make a custom device 
type and see how this works in my environment. If it works, I'll post the 
results here. I will also test with a non-Panorama-managed system.

--Chris
Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss 
mailto:rancid-discuss-boun...@shrubbery.net>>
 on behalf of john heasley mailto:h...@shrubbery.net>>
Date: Thursday, July 11, 2019 at 8:17 AM
To: "Anderson, Charles R" mailto:c...@wpi.edu>>
Cc: "rancid-discuss@shrubbery.net<mailto:rancid-discuss@shrubbery.net>" 
mailto:rancid-discuss@shrubbery.net>>
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thu, Jul 11, 2019 at 02:37:51PM +, Anderson, Charles R:
> You can use "show config merged" to see the local device's config merged with 
> the templates from Panorama.

Does this work with "non-managed" (better term?) configs? And, was this
command introduced recently?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net<mailto:Rancid-discuss@shrubbery.net>
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,ZBO_SpPdPN9F0GTa50thF3JK2iNVO_jcwwSZwho1q8BVBoP9LydezSjLupULi9-PCcBbEWhWi1x-kRvg-KGqTG6CANfUm1cA6XPL5VPANHGtvC7Gc3N4Pg4SarAO=1
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net<mailto:Rancid-discuss@shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/rancid-discuss<https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,b9OtvSdQLWGF3DjcWUkFhKodPuOBb_H-orOGNOhTz2MzDBxGXfIWAiLmU3TeKhGgCV_xrl6QC64PCqUb0fm2G6BgUODCvYIZv2uSKsob5YAM-Ycs=1>
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

Just validated the ‘show config merged’ command works with any PA firewall, 
managed by Panorama or not.


Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of 
"Gauthier, Chris" 
Date: Thursday, July 11, 2019 at 11:16 AM
To: john heasley , "Anderson, Charles R" 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Yes, the command "show config merged" gives the locally-managed config output 
AND the configuration that is pushed out by Panorama. I'll make a custom device 
type and see how this works in my environment. If it works, I'll post the 
results here. I will also test with a non-Panorama-managed system.

--Chris
Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of john 
heasley 
Date: Thursday, July 11, 2019 at 8:17 AM
To: "Anderson, Charles R" 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thu, Jul 11, 2019 at 02:37:51PM +, Anderson, Charles R:
> You can use "show config merged" to see the local device's config merged with 
> the templates from Panorama.

Does this work with "non-managed" (better term?) configs? And, was this
command introduced recently?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,ZBO_SpPdPN9F0GTa50thF3JK2iNVO_jcwwSZwho1q8BVBoP9LydezSjLupULi9-PCcBbEWhWi1x-kRvg-KGqTG6CANfUm1cA6XPL5VPANHGtvC7Gc3N4Pg4SarAO=1
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

Yes, the command "show config merged" gives the locally-managed config output 
AND the configuration that is pushed out by Panorama.  I'll make a custom 
device type and see how this works in my environment.  If it works, I'll post 
the results here.  I will also test with a non-Panorama-managed system.

--Chris


Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of john 
heasley 
Date: Thursday, July 11, 2019 at 8:17 AM
To: "Anderson, Charles R" 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

Thu, Jul 11, 2019 at 02:37:51PM +, Anderson, Charles R:
> You can use "show config merged" to see the local device's config merged with 
> the templates from Panorama.

Does this work with "non-managed" (better term?) configs?  And, was this
command introduced recently?

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,ZBO_SpPdPN9F0GTa50thF3JK2iNVO_jcwwSZwho1q8BVBoP9LydezSjLupULi9-PCcBbEWhWi1x-kRvg-KGqTG6CANfUm1cA6XPL5VPANHGtvC7Gc3N4Pg4SarAO=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Palo Alto (Panorama) configuration

[Gauthier, Chris]

I have run into the issues seen below, as we migrated to a fully-managed 
Panorama ecosystem in recent months.  The output of the “show configuration 
running” (or whatever it is) is more limited on the managed device because (I 
believe) what is being shown is only the locally-managed configuration.  I 
haven’t looked yet to see if there is a workaround.

--Chris


Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of annie 
lee 
Date: Wednesday, July 10, 2019 at 6:02 PM
To: john heasley 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Palo Alto (Panorama) configuration

i tried to grab the configs from the panorama and it's what i wanted :-)
apology, im pretty new to the paloalto and panorama device/setup.

thanks and glad i can backup the palo/panorama configs without any tweaking.

On Thu, Jul 11, 2019 at 9:23 AM annie lee 
mailto:lsy.an...@gmail.com>> wrote:
Hi John,

Thanks for your reply and apology for the typo on the paloalto type.  
(1.1.1.1;paloalto;up)
Below are the sample config for one of the firewall configs (removed all the ip 
addresses).
Basically there are heaps more configs (routing, policy, NAT, virtual router 
and etc...) i can see from the Panorama.
Not sure its similar to F5 tweak that we need to add the partition to grab the 
full configs.

Rgds

On Thu, Jul 11, 2019 at 7:42 AM john heasley 
mailto:h...@shrubbery.net>> wrote:
Wed, Jul 10, 2019 at 11:53:42AM +1000, annie lee:
> Hi All,
>
> Another question, just added a new PaloAlto to rancid (3.9) but not much
> configurations being backup (not even interfaces addresses)
> Anything need to be changed/added to backup the entire configuration ?
>
> 1.1.1.1;palo-alto;up

Please use the built-in type for PAN: paloalto.  if that is still lacking,
please be more specific about what commands are missing.  it collects

show system info;show chassis inventory;show config running
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Unable to figure out "end of run not found"

[Gauthier, Chris]

Interesting.  I thought it would get mixed up into the value of the variable…. 
I’m not an expert programmer at all, but thought I needed to use the ; to 
separate the commands appropriately.  But, my expertise on shell variables is a 
tad (understatement, really) limited.  So, I shall defer! :)

Cheers,
Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: "Piegorsch, Weylin William" 
Date: Monday, June 17, 2019 at 2:05 PM
To: "Gauthier, Chris" , Michael Newton 
, Vacheslav Zouhairy 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Unable to figure out "end of run not found"

I actually don't use the semicolon. Not sure if this is bash specific, sh 
specific, or posix general, but without the semicolon it sets the global 
environment variable only for the duration of that command following the 
variable definition, and unset it upon returning control to the cli. See also 
your "export" comment, which has correlating implications regarding environment 
vs namespace vs scope.
But I'm not an experienced programmer, and don't pretend to grok the various 
nuances, benefits, and pitfalls known by those who actually know what they're 
doing, so if using the semicolon is better I all ears.
weylin
Sent from Outlook on my 'Droid


From: Gauthier, Chris 
Sent: Monday, June 17, 2019 4:22:02 PM
To: Piegorsch, Weylin William; Michael Newton; Vacheslav Zouhairy
Cc: rancid-discuss@shrubbery.net
Subject: Re: [rancid] Unable to figure out "end of run not found"

Don’t forget the ; between the NOPIPE=yes and the rest of the command!  :-)

Some flavors of linux also want you to use the export command..

Chris​
Gauthier
 Senior Network Engineer
 |
Comscore
t +1 (503) 331-2704
 |
cgauth...@comscore.com<mailto:cgauth...@comscore.com>
comscore.com<http://www.comscore.com/>
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of 
"Piegorsch, Weylin William" 
Date: Saturday, June 15, 2019 at 7:52 AM
To: Michael Newton , Vacheslav Zouhairy 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Unable to figure out "end of run not found"

> So this got me looking for how to do debug output per-host

If you’re using Linux, the command is:

NOPIPE=yes rancid -d -t  

This will generate two files:
.new
.raw

.new is the parsed output
.raw is pure log of the session (ie, it even captures non-printing characters). 
 I believe it’s only dumped if you set both NOPIPE and -d.

I’ve used the .raw output on many occasions.  At the moment I’m even 
troubleshooting a device CPU issue that rancid tripped on that I wouldn’t have 
found but for this; “clogin -c ” was even working fine.

weylin

From: Michael Newton 
Date: Monday, June 10, 2019 at 11:25 AM
To: Vacheslav Zouhairy 
Cc: 
Subject: Re: [rancid] Unable to figure out "end of run not found"

No, there is not. But I guess you're thinking maybe the login doesn't work 
because of heavy traffic.

So this got me looking for how to do debug output per-host. There doesn't seem 
to be, but that got me to this posting: 
https://www.shrubbery.net/pipermail/rancid-discuss/2015-October/008742.html<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.shrubbery.net%2fpipermail%2francid-discuss%2f2015-October%2f008742.html=E,1,ekhutmoeYC8nJjY5ygYIWeZtgfLUg9xzHFGeBIFHMUPKVuB2mZH94N3eF_QgXs0jXOsAB3OfrKr8A5kG_gIC11YP5eAWNrT_fRatYLjW22bodf8oDA,,=1>
 And that made me notice that my router.db entry was corrupt (wrong device 
type.)

So, typical user error. Thanks for (indirectly) getting me in the right 
direction though!

Mike


On Mon, 10 Jun 2019 at 00:22, Vacheslav Zouhairy 
mailto:m_zouha...@skno.by>> wrote:
Is there any bandwidth hog on those switches by any chance?

On Fri, 2019-06-07 at 18:16 -0600, Michael Newton wrote:
> Hi all, we manage about 200-300 Brocade ICX switches across a number
> of locations. All but two are being successfully polled. The two in
> question (same firmware and a similar config to the others)
> consistently show "end of run not found" when run as part of the cron
> job. But, when run manually for troubleshooting, everything seems to
> work.
>
> `sudo -u rancid flogin switchname` works fine and logs me into the
> switch.
>
> `sudo -u rancid flogin -c 'show version;show clock' switchname`
> likewise works fine. Logs in, runs th

Re: [rancid] Rancid - Changing Config Backup Directory

[Gauthier, Chris]

We setup rancid and, more specifically Git, to automatically push the local 
repo commit by rancid to the remote repo.  This eliminates having to mount 
filesystems and gives you a nice backup.  Plus, if the remote repo has a GUI, 
you can have "pretty" access to your backups.

--Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of 
heasley 
Date: Thursday, April 11, 2019 at 10:34 AM
To: Doug Hughes 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Rancid - Changing Config Backup Directory

Thu, Apr 11, 2019 at 01:16:43PM -0400, Doug Hughes:
> Any reason you don't just have a regular process that clones your
> version control repository? (whether it's svn or cvs or git, it makes no
> difference, per se)
>
> Once you set it up, you just automate the synchronization process.

only "clone"ing in git retains your history (ie: is complete).  which is
why i suggested switching.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,QNZM_M0-PNNFhDRUF27PmPUeWohe0xKxI1k8LqqOYPhPlUc7TqZXE26CxwPyE2Jpu27DyhjCLoXAvRWSi0CYjKihQIzwo3S2zxk35fM0Ln4XbnkJPPOP0ZY,=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Racnid Issue

[Gauthier, Chris]

I can’t remember where it is documented, but the following info has been 
discussed multiple times on this list (even by me, iirc):
As the rancid user, run the following with the appropriate substitutions:

export NOPIPE=YES; ~/bin/rancid -d -t DEVICE_TYPE DEVICE_NAME_IN_ROUTER.DB

Then, look at the output files.  One will be the DEVICE_NAME_IN_ROUTER.DB.raw 
and the other will end in .new.  The .raw file will be the most helpful for 
this kind of troubleshooting.



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of 
nandhakumar a 
Date: Wednesday, March 27, 2019 at 2:41 AM
To: "rancid-discuss@shrubbery.net" 
Subject: [rancid] Racnid Issue

Dear Team,

I am facing on this below issue, please help me on the right path, where the 
mistake is.

EMail Received from Rancid to my 
box
The following routers have not been successfully contacted for more than 24 
hours


-rw-r- 1 rancid user 0 Dec 13 11:07 x.x.x.x

-rw-r- 1 rancid user 0 Dec 13 11:07 x.x.x.x
-rw-r- 1 rancid user 0 Dec 13 11:08 x.x.x.x


Inside the log file i found this, i seen the log for corresponding hosts

Trying to get all of the configs.
x.x.x.x: missed cmd(s): write term,show running-config
x.x.x.x: missed cmd(s): write term,show running-config
x.x.x.x: missed cmd(s): write term,show running-config

Please let me know where is the issue, i have checked with password file, 
router.db and i am able to login the device using clogin, its screwing my head, 
help me to out of this.


With Regards
Nandhu
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] FXOS on FirePower 4140

[Gauthier, Chris]

We have a FirePower 2110 and it is architected differently than the 4100's.  
This Cisco blog post explains it well: 
https://blogs.cisco.com/perspectives/firepower-2100-the-architectural-need-to-know.
  We are using the ASA mode on the 2110.  For SSH purposes, the IPs are 
different between FX-OS CLI and ASA CLI, so you do not have to use the "connect 
asa" CLI commands.  I don't know what the best method is, separate or not.  On 
the 2110, the FX-OS configuration is primarily setting up the ethernet 
interfaces (enable/disable, LACP).  Also, there is no "connect fxos" that I 
really saw, though we are also still just deploying this platform.

--Chris



Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of Chris 
Stromsoe 
Date: Friday, February 8, 2019 at 1:35 PM
To: Erik Muller 
Cc: rancid list 
Subject: Re: [rancid] FXOS on FirePower 4140

On Fri, 8 Feb 2019, Erik Muller wrote:

> The current fxos module assumes FTD on a 2100 platform (and I'm
> currently testing support for ASA on 2100).  My understanding is that
> the 4100 and 9300 have a bit of a different architecture from the 2100,
> but I've not touched those to be able to say how exactly they differ.
>
> It looks like the initial login layer on the 4100 must be different.
> Is there any other "connect" option from either the initial login layer
> or the fxos layer, where the actual firewall functions are exposed?

It looks like logging in to the 4100 drops you straight into fxos.

Options for connect are

fw# connect
   adapter Mezzanine Adapter
   cimcCisco Integrated Management Controller
   fxosConnect to FXOS CLI
   local-mgmt  Connect to Local Management CLI
   module  Security Module Console


The connect command is not available after running "connect fxos".  You
have to "exit" to return to the initial layer.



> On a 2100 the first layer you connect to is the FTD application (similar to
> legacy ASA platform), with a simple ">" prompt and a config syntax like:
>> show running-config
> : Serial Number: J..
> : Hardware:   FPR-2130, 14854 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
> :
> NGFW Version 6.2.3.4
> !
> hostname firepower
> ...
> !
> interface Ethernet1/1
> nameif border1
> ...
>
> After that in the fxos layer, the config is more like the the UCS FI:
> > connect fxos
> Cisco Firepower Extensible Operating System (FX-OS) Software
> xxx-fw01# sho configuration
> scope org
> enter bios-policy SRIOV
> set acpi10-support-config acpi10-support platform-default
> ...


The login layers on the 4100 seems to be reversed when compared to the
2100 with ftd.

The initial login layer on the 4100 resembles the 2100 after having run
"connect fxos", and has a limited command list.

Running "connect fxos" on the 4100 resembles the initial login layer on
the 2100, and has an extensive command list.

I've copied all of the fxos definitions in rancid.types.base to fxos-ftd
and updated router.db for my 2100/FTD devices.  I removed the fxos entries
that don't run on the 4100 and re-ordered the commands.  I have a working
configuration for the 4140, though none of the output from "show
running-config" is getting picked up.  Maybe using WriteTermFTD isn't
right for that.

fxos;command;fxos::RunCommand;term len 0
fxos;command;fxos::RunCommand;connect fxos; prompt changes
fxos;command;fxos::ShowInventory;show inventory
fxos;command;fxos::WriteTermFTD;show running-config
fxos;command;fxos::RunCommand;exit; prompt changes
fxos;command;fxos::ShowFirmware;show system firmware detail
fxos;command;fxos::ShowChassis;show chassis detail
fxos;command;fxos::ShowChassis;show chassis inventory detail
fxos;command;fxos::ShowChassis;show chassis environment expand detail
fxos;command;fxos::WriteTerm;show configuration




-Chris

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.shrubbery.net%2fmailman%2flistinfo%2francid-discuss=E,1,Agg4564IheFG90UwbAiAvZo1BLU69Z103Kv4VMySZ9xUTsjcwcvBBjtDdFnki_6XviMgM65aIammA_v80clw10SrZ9ffw-PSCud_gVcZhZE,=1

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] F5 'bigip' SNMP password hash changes every run

[Gauthier, Chris]

Hello,

We are using rancid 3.7 here and it successfully is backing up our F5’s.  
However, since I added SNMPv3 onto a new pair of F5’s, the password hash 
changes every time rancid runs.  I don’t mind this, since the purpose is to 
maintain a backup that I can straight-out deploy to the device, except that I 
don’t want the email telling me that password changed every time (which is 
hourly for us).

Is there a way to filter out this from the email but not from what is actually 
committed into the repo?

Thanks,
Chris

PS, forgive the signature and HTML-emails.  I cannot control any of that.

Chris Gauthier Senior Network Engineer | Comscore
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] paloalto feedback in current alpha [was: Re: clogin commenting script commands following multiple blanks lines]

[Gauthier, Chris]

Interesting!  I have yet to upgrade our installations to 8.1.4.  Thanks for the 
heads up!


Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of Erik 
Muller 
Date: Friday, October 26, 2018 at 3:25 PM
To: heasley 
Cc: rancid list 
Subject: [rancid] paloalto feedback in current alpha [was: Re: clogin 
commenting script commands following multiple blanks lines]

On 10/24/18 18:32 , heasley wrote:
> Wed, Oct 24, 2018 at 09:19:31PM +, heasley:
> ok; committed.  Either the alpha tarball or the svn repo.  Welcome testers,
> esp for palo alto, of which I have none.

At least on 8.1.4 on my 3250s, the cli is a little bit busted until you get out 
of interactive mode - for every space you enter between words in the command, 
it redraws the current line, which was messing up the prompt matching as below. 
 Fix for that attached at end of message.
-e

rancid@status:~$ rancid -t paloalto -d fw1.ams
loadtype: device type paloalto
loadtype: found device type paloalto in 
/home/erikm/rancidtest/etc/rancid.types.base
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show 
system info;show config running" fw1.ams
line: fw1.ams
line: spawn ssh -c aes256-ctr,aes192-ctr -x -l rancid fw1.ams
line: Password:
line: Last login: Fri Oct 26 20:04:51 2018 from 10.x.x.x
line: No entry for terminal type "network";
line: using dumb terminal settings.
line:
line: Number of failed attempts since last successful login: 0
line:
line:
line: ran...@fw1.ams(active)>
line: ran...@fw1.ams(active)>
line: ran...@fw1.ams(active)> set
line: ran...@fw1.ams(active)> set cli
line: ran...@fw1.ams(active)> set cli scripting-mode
line: ran...@fw1.ams(active)> set cli scripting-mode on
PROMPT MATCH: ran...@fw1.ams\(active\)[#>]
HIT COMMAND:ran...@fw1.ams(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|rancid::RunCommand
In RunCommand: ran...@fw1.ams(active)> set cli scripting-mode on
line: sran...@fw1.ams(active)> how system info
line: s
line: hostname: fw1.ams
line: ip-address: 10.x.x.x
...
line: family: 3200
line: model: PA-3250
line: sw-version: 8.1.4-h2
...
line: multi-vsys: off
line: operational-mode: normal
line:
line: ran...@fw1.ams(active)> how config running
line: exit
line:
line: config {
line:   mgt-config {
line: users {
...
line: ran...@fw1.ams(active)> Connection to fw1.ams closed.
fw1.ams: missed cmd(s): set cli pager off, show system info
fw1.ams: End of run not found
fw1.ams: clean_run is false
fw1.ams: found_end is false
!



erikm@status:~/src$ diff -ur rancid-3.99.99 rancid-3.99.99-em/
diff -ur 
rancid-3.99.99/bin/https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpanlogin.in=E,1,6ITCpn7S8etHwRGxye4nnY-WXsOspZJKTHaSxUMwn7CUVVRDtL9N4eULfbpZKMnS2fE-49UrdfNQg0zd5F8rE7gq5t_QzpoQwMmdI9v87bdIynxj_kNZYaM,=1
 
rancid-3.99.99-em/bin/https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpanlogin.in=E,1,AFuvKrybC8GB6DG7swV-DVjqoacwb3bN-9HbNrwIHSu3eQM0RtFFTm_43KfETWr8-Uz_SJGx3N-3-OaDDhdxtdoNE4ZVfLEnq_ly_T8O8XSbFZ9ZEA,,=1
--- 
rancid-3.99.99/bin/https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpanlogin.in=E,1,PaBCXESaFYWjzoqImlahNbNlLrsy_b2vXybrRIrH36LE0245jqMqk6zO7RNZojKH5MycizqdsA_XLMSlWFTJWC55BdQ4EZyVefR65_EuhGMq766dEcz4ZHHC=1
2018-10-24 18:26:50.0 -0400
+++ 
rancid-3.99.99-em/bin/https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fpanlogin.in=E,1,EMioRKDRQlsHo46MUuAFylZdiNznL5XtoxGxMWzoJ-zE-yjczHpChxK9eUwVOkVfFMmWgFqx3n44hw-w1Ry9jmPUH43kK_du2ctguUJdL-p0-eIk=1
 2018-10-26 17:24:55.945967567 -0400
@@ -455,14 +455,22 @@
}
 }

+# PAN-OS in interactive mode will send a newline and then redraw the
+# whole prompt-and-command if you send a space.
+if { $do_command || $do_script } {
+   set cmd "set cli scripting-mode on\r"
+   send $cmd
+   # ensure we eat the partial commands redrawn while entering the command
+   expect -re "$cmd.*$prompt"  {}
+   send "set cli pager off\r"
+   expect -re $prompt  {}
+}
+
 if { $do_command } {
if {[run_commands $prompt $command]} {
continue
}
 } elseif { $do_script } {
-#  send "set cli scripting-mode on\r"
-#  send "set cli pager off\r"
-   expect -re $prompt  {}
source $sfile
close
 } else {
diff -ur rancid-3.99.99/etc/rancid.types.base 
rancid-3.99.99-em/etc/rancid.types.base
--- rancid-3.99.99/etc/rancid.types.base2018-10-24 11:13:49.0 
-0400
+++ rancid-3.99.99-em/etc/rancid.types.base 2018-10-26 17:16:53.950868707 
-0400
@@ -607,9 +607,8 

Re: [rancid] Simple web-frontend for rancid files?

[Gauthier, Chris]

I loved CVSweb in previous installations.  Now that I use Git for the VCS, 
there really is no “nice” and simple implementation (like CVSweb is).  I’m open 
to suggestions, as I do have to follow KISS for some of my colleagues who are 
not Linux experts (nor should they necessarily need to be).

--Chris



Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of Andrew 
Biddle 
Date: Monday, October 8, 2018 at 3:16 PM
To: "rancid-discuss@shrubbery.net" 
Subject: [rancid] Simple web-frontend for rancid files?

I just installed rancid and found WebSVN to front-end it.   (About 5 years ago 
this is the setup I used, so it's what I'm sort of familiar with.)   I have 
rancid working, but I need a better front-end.  WebSVN is a little clunky 
(perhaps it's the way I've built it?) and doesn't have a simple way to just 
download a file.  It does a good job of displaying configs and comparing two 
versions.  But it I want to copy the file locally, I'm copy and pasting...  It 
also appears to be a dropped project, so it doesn't look like I should ever 
expect improvements.

Anything better out there?   I can switch over to git if there's a better 
interface in that direction.   The front-end needs to be web-based so that I 
can just point people to a URL.   It should have a means to compare various 
revisions...   and of course a means to pull the files down to your local 
system.   It doesn't need to support any sort of push from client to repository 
since that's something that I only want rancid doing...

Thought?   What are you all using?

Thanks in advance!
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Questions about sub ProcessHistory

[Gauthier, Chris]

So, more specifically, how is that string used as an argument?  What's the 
significance of the "D99" or the "F1" or whatever the other value is?  That's 
the part I'm not sure about.  I want to leverage the ProcessHistory function 
with the keysort, but don't know what the argument value should be or how I 
determine what it should be.

Thanks,
Chris



Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: heasley <h...@shrubbery.net>
Date: Thursday, April 5, 2018 at 1:58 PM
To: "Gauthier, Chris" <cgauth...@comscore.com>
Cc: heasley <h...@shrubbery.net>, "rancid-discuss@shrubbery.net" 
<rancid-discuss@shrubbery.net>
Subject: Re: [rancid] Questions about sub ProcessHistory

Thu, Apr 05, 2018 at 08:18:57PM +, Gauthier, Chris:
> That helps, but does not completely help me understand what values are 
> "valid" in the 3rd arg.  I couldn't quite figure it out from the code.  I 
> tried.  I looked at the man page, different sections of the source, but it's 
> just not making sense.

a string; a number should also work but with keynsort.

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

[rancid] Questions about sub ProcessHistory

[Gauthier, Chris]

I’m trying to get my Aruba Instant access points to be backed up by rancid and 
I’m using the module developed by miken32, but it really doesn’t support a lot 
of the Aruba stuff that I have.  I’m trying to add a few extra functions into 
the perl module, but have run into some difficulty with `sub ProcessHistory` in 
rancid.pm.  I’ve read the description, but am not understanding the third 
argument.

For example:
ProcessHistory("COMMENTS","keysort","D99","!$_");   (from the aruba.pm file)

Or

ProcessHistory("COMMENTS","keysort","F1", "!Image: $_")  (from the ios.pm file)

What is the function of the “D99” and “F1” arguments and how do I leverage them 
for my own function?  And, what is the string in the last argument used for?

Thanks,
Chris


Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Howto setup Rancid with Git on Debian?

[Gauthier, Chris]

In my environment, we did it slightly differently.  My environment was this:

/var/rancid/rancid is a working local git checkout
/var/rancid/git/rancid is the local git 'master'
/var/rancid/git/rancid/hooks/post-receive has what you're looking for:
user@host# cat post-receive
#!/bin/bash


# -
# keep remote git copy up to date
# -

/usr/bin/git push -u  

To make that work, you must run this command to add the remote:

 git remote add  

Docs for the remote add are at 
https://help.github.com/articles/adding-a-remote/.

--Chris



Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: heasley <h...@shrubbery.net>
Date: Thursday, January 11, 2018 at 9:53 AM
To: "Gauthier, Chris" <cgauth...@comscore.com>
Cc: "rancid-discuss@shrubbery.net" <rancid-discuss@shrubbery.net>
Subject: Re: [rancid] Howto setup Rancid with Git on Debian?

Thu, Jan 11, 2018 at 03:20:20PM +, Gauthier, Chris:
> As for the Git part, rancid uses a local git server that it creates the 
> folder structure for.  Each rancid group is its gets own Git repo.  The key 
> is really the rancid config file.  Set RCSSYS=”git” and it will do the heavy 
> lifting.  If you need the stuff to go to a remote repo, then you will need to 
> make the local Git do blind commits to the remote repo.  That’s something one 
> of my server admins took care of, so I’m not sure exactly how he did it.

Add a remote to a given rancid group: 
https://help.github.com/articles/adding-a-remote/
add to the rancid-run cronjob, a 'git push newremote'

cd ~rancid/group
git remote add foo giturl
... rancid-run; cd ~rancid/group; git push foo

add a second push destination (remote should not require auth) to origin
and rancid will push to it each run.
cd ~rancid/group
git remote add foo giturl
git remote set-url --add --push origin `git remote get-url --push 
origin`
git remote set-url --add --push origin `git remote get-url --push foo`





___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Howto setup Rancid with Git on Debian?

[Gauthier, Chris]

Whether its Debian or another distro, the basic setup is still the same.  I did 
the same thing on CentOS.  V3.6.2 has a bug when running the configure script.  
Check out:
http://www.shrubbery.net/pipermail/rancid-discuss/2017-July/009735.html

As for the Git part, rancid uses a local git server that it creates the folder 
structure for.  Each rancid group is its gets own Git repo.  The key is really 
the rancid config file.  Set RCSSYS=”git” and it will do the heavy lifting.  If 
you need the stuff to go to a remote repo, then you will need to make the local 
Git do blind commits to the remote repo.  That’s something one of my server 
admins took care of, so I’m not sure exactly how he did it.

Chris




Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
-Original Message-
From: Rancid-discuss  on behalf of 
shouldbe q931 
Date: Thursday, January 11, 2018 at 4:46 AM
To: ACS Solutions Network 
Cc: "rancid-discuss@shrubbery.net" 
Subject: Re: [rancid] Howto setup Rancid with Git on Debian?

On Thu, Jan 11, 2018 at 11:02 AM, ACS Solutions Network
 wrote:
> Hello folks,
>
>
>
> i’ve searched the web, this list, contents in the package etc. but didn’t
> find any up to date information on how to setup Rancid with Git on Debian.
>
>
>
> I’ve installed rancid via apt-get (rancid ver. 3.6.2-2) on Debian 9. Git is
> ver. 2.11.
>

<10 seconds with google found

https://www.cryptomonkeys.com/2016/11/rancid-git/
http://opennodecloud.com/howto/2014/05/08/howto-about-rancid.html

I do not know if the Debian packaged 3.6.2 includes git support.

Cheers

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Re: [rancid] Enterasys Switches help

[Gauthier, Chris]

I would take a look at the rancid types file to make sure it’s running the 
commands you need.  It seems like it’s throwing up in the very beginning of its 
run.

There are several emails in the list on how to get into a “debugging” mode if 
you’re not already familiar.  That will help completely isolate the issue.

--Chris



Chris Gauthier Senior Network Engineer | comScore, Inc.
t +1 (503) 331-2704 |
cgauth...@comscore.com
317 SW Alder Street, Suite 700 | Portland, OR 97204  United States
comscore.com
​​​This e-mail (including any attachments) may contain information that is 
private, confidential, or protected by attorney-client or other privilege. If 
you received this e-mail in error, please delete it from your system and notify 
sender.
From: Rancid-discuss  on behalf of Azher 

Date: Thursday, December 28, 2017 at 2:26 PM
To: "rancid-discuss@shrubbery.net" 
Subject: [rancid] Enterasys Switches help

Hi All,
I have a large deployment of different Enterasys switches (S,K,B,C,D,7100). It 
seems rancid is not happy with these switches somehow.

clogin to the same device successfully logs into the switch and gives prompt 
and I can type the commands.

When trying "rancid-run -r cal3-n7", the log file throws this error:

[rancid@rancid ~/var/logs]$ tail -f extreme.20171228.113653
starting: Thu Dec 28 11:36:53 PST 2017

Trying to get all of the configs.

cal3-n7 xlogin error: Error: Unknown: "terminal"
cal3-n7: missed cmd(s): show version,show config
cal3-n7: End of run not found
#
=
Getting missed routers: round 1.
cal3-n7 xlogin error: Error: Unknown: "terminal"
cal3-n7: missed cmd(s): show version,show config
cal3-n7: End of run not found
#
All routers successfully completed.

cvs diff: Diffing .
cvs diff: Diffing configs
cvs commit: Examining .
cvs commit: Examining configs
---
Here is the config section:
[rancid@rancid ~/var/extreme]$ more router.db | grep cal3-n7
cal3-n7;enterasys;up

# Extreme Switches
add user cal3-n7 admin
add autoenable cal3-n7 1
add password cal3-n7 
add method cal3-n7 ssh

I have gone through some of the scripts which are in the mailing list, tried 
them, but no luck.

Any one has experience with Enterasys devices ? Any working scripts would 
greatly help.


Thanks
-Azher



___
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss