Mailing List Archive

Palo Alto (Panorama) configuration
Hello All,

First of all I would like to thank the authors and contributors of this tool. Your work is greatly appreciated. I am very new to this, so please forgive the intrusion, my lack of knowledge and the possible high-jacking of this thread .

We are running Panorama in a shared environment, managing Palo Alto Firewalls of different customers with the same Panorama (one central point). As a test, I have installed the newest Rancid release and it's working very well out of the box, but I would like to change the commands, which are being sent to Panorama.

Instead of show system info, show chassis inventory and show config, I would be more interested in extracting the running configuration for a single customer (not for the whole Panorama - all the Firewalls - as per default). My commands look something like this:



show config running xpath devices/entry[@name='localhost.localdomain']/template-stack/entry[@name='xxx-stackname']

show config running xpath devices/entry[@name='localhost.localdomain']/template/entry[@name='xxx-temapltename']

show config running xpath devices/entry[@name='localhost.localdomain']/device-group/entry[@name='xxx-devicegroupname']

./panlogin -c "show config running xpath devices/entry[@name='localhost.localdomain']/template-stack/entry[@name='xxx]" router xxxx delivers good results. The problem is to integrate the commands.

How to adapt the different parts of Rancid for this to work? Which files/where and what to modify? I have not done much programming in my career, but I have a very basic understanding and some logic.

Thank you very much and have a great day!

Best regards,

Andreia-Elena Abagiu

Tel. +43 1 36060-6418
Fax. +43 1 36060-92 6418
andreia-elena.abagiu@apa.at<mailto:andreia-elena.abagiu@apa.at>
www.apa-it.at<http://www.apa-it.at/>
Re: Palo Alto (Panorama) configuration [ In reply to ]
Hello Abagiu,

if you'd send multiple commands in one line xlogin query, try
`./panlogin -c "show blabla1;show blabla2;show blabla3" router`

or `panlogin -x command_file router` could work too.

I'm not sure I understand your question 100%, and I don't have any
Panorama devices.
So please excuse me if this isn't the right answer.

Best regards,

-Matsu

2020?8?13?(?) 20:27 Abagiu Andreia-Elena <Andreia-Elena.Abagiu@apa.at>:
>
> Hello All,
>
>
>
> First of all I would like to thank the authors and contributors of this tool. Your work is greatly appreciated. I am very new to this, so please forgive the intrusion, my lack of knowledge and the possible high-jacking of this thread .
>
>
>
> We are running Panorama in a shared environment, managing Palo Alto Firewalls of different customers with the same Panorama (one central point). As a test, I have installed the newest Rancid release and it’s working very well out of the box, but I would like to change the commands, which are being sent to Panorama.
>
> Instead of show system info, show chassis inventory and show config, I would be more interested in extracting the running configuration for a single customer (not for the whole Panorama - all the Firewalls - as per default). My commands look something like this:
>
>
>
> show config running xpath devices/entry[@name='localhost.localdomain']/template-stack/entry[@name='xxx-stackname']
>
> show config running xpath devices/entry[@name='localhost.localdomain']/template/entry[@name='xxx-temapltename']
>
> show config running xpath devices/entry[@name='localhost.localdomain']/device-group/entry[@name='xxx-devicegroupname']
>
>
>
> ./panlogin -c "show config running xpath devices/entry[@name='localhost.localdomain']/template-stack/entry[@name='xxx]" router xxxx delivers good results. The problem is to integrate the commands.
>
>
>
> How to adapt the different parts of Rancid for this to work? Which files/where and what to modify? I have not done much programming in my career, but I have a very basic understanding and some logic.
>
>
>
> Thank you very much and have a great day!
>
>
>
> Best regards,
>
> Andreia-Elena Abagiu
>
> Tel. +43 1 36060-6418
> Fax. +43 1 36060-92 6418
> andreia-elena.abagiu@apa.at
> www.apa-it.at
>
>
>
>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss@www.shrubbery.net
> https://www.shrubbery.net/mailman/listinfo/rancid-discuss

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Palo Alto (Panorama) configuration [ In reply to ]
Thu, Aug 13, 2020 at 11:26:35AM +0000, Abagiu Andreia-Elena:
> Instead of show system info, show chassis inventory and show config, I would be more interested in extracting the running configuration for a single customer (not for the whole Panorama - all the Firewalls - as per default). My commands look something like this:
>

> How to adapt the different parts of Rancid for this to work? Which files/where and what to modify? I have not done much programming in my career, but I have a very basic understanding and some logic.

create your own device type in rancid.types.conf; define the commands
and the functions that filter them.

the caveat from you example is that the commands appear to need the
interpolation/variable substitution which is not supported by rancid
currently. I'd discuss with you a new feature for that off-list.
for now, types in rancid.types.conf could be created w/o the variables.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss