Mailing List Archive

Newbie question - ACL changes causing too many diffs
Using rancid to monitor router diffs, we see that numerous routers generate diffs every 5 minutes because they have automated processes to auto-update their ACLs against attacks. How can one config rancid to ignore ACL changes?




Thanks,

Hank
Re: Newbie question - ACL changes causing too many diffs [ In reply to ]
You could have RANCID ignore all ACL lines in a config.
Modify the source code: edit lib/rancid/ios.pm and search for "sub WriteTerm". RANCID ignores a few config lines already by default, e.g. the "Last configuration" line at the beginning of a "sh run". You should see it in the sub WriteTerm.

Inside the WriteTerm sub, add your own regex pattern && next command to ignore lines containing patterns you don’t want backed up by RANCID, e.g.:
/^ (permit|deny) / && next;
Should ignore all ACL entries.

From: Rancid-discuss <rancid-discuss-bounces@www.shrubbery.net> On Behalf Of Hank Nussbacher
Sent: Monday, June 14, 2021 12:35 PM
To: rancid-discuss@www.shrubbery.net
Subject: [rancid] Newbie question - ACL changes causing too many diffs

CAUTION: This message originated from outside of the organization. Be cautious opening any links or attachments.


Using rancid to monitor router diffs, we see that numerous routers generate diffs every 5 minutes because they have automated processes to auto-update their ACLs against attacks. How can one config rancid to ignore ACL changes?

Thanks,
Hank

----------Legal Disclaimer----------
The information contained in this message may be privileged and confidential, and is intended solely for the use of the named addressee. No other person is authorized to access, copy or re-use this message (or any information contained herein). If you are not the intended recipient, please notify us immediately by replying to this message and delete it from your computer.
Re: Newbie question - ACL changes causing too many diffs [ In reply to ]
On 14/06/2021 14:47, Herlitz, Johannes wrote:
Thanks for the clue!
Would that code damage the config backup of rancid whereby all ACLs would be ignored and not backed up? How can we backup the full config once a day all the while eliminating the annoying ACL updates every 5 minutes?

Regards, Hank



You could have RANCID ignore all ACL lines in a config.

Modify the source code: edit lib/rancid/ios.pm and search for "sub WriteTerm". RANCID ignores a few config lines already by default, e.g.  the "Last configuration" line at the beginning of a "sh run". You should see it in the sub WriteTerm.

 

Inside the WriteTerm sub, add your own regex pattern && next command to ignore lines containing patterns you don’t want backed up by RANCID, e.g.:

    /^ (permit|deny) / && next;

Should ignore all ACL entries.

 

From: Rancid-discuss <rancid-discuss-bounces@www.shrubbery.net> On Behalf Of Hank Nussbacher
Sent: Monday, June 14, 2021 12:35 PM
To: rancid-discuss@www.shrubbery.net
Subject: [rancid] Newbie question - ACL changes causing too many diffs

 

CAUTION: This message originated from outside of the organization. Be cautious opening any links or attachments.

 

 

Using rancid to monitor router diffs, we see that numerous routers generate diffs every 5 minutes because they have automated processes to auto-update their ACLs against attacks. How can one config rancid to ignore ACL changes?

 

Thanks,

Hank
----------Legal Disclaimer----------
The information contained in this message may be privileged and confidential, and is intended solely for the use of the named addressee. No other person is authorized to access, copy or re-use this message (or any information contained herein). If you are not the intended recipient, please notify us immediately by replying to this message and delete it from your computer.
Re: Newbie question - ACL changes causing too many diffs [ In reply to ]
Mon, Jun 14, 2021 at 01:34:36PM +0300, Hank Nussbacher:
> <p>Using rancid to monitor router diffs, we see that numerous
> routers generate diffs <b>every </b>5 minutes because they have
> automated processes to auto-update their ACLs against attacks. How
> can one config rancid to ignore ACL changes?</p>

There isn't a way currently, but I would implement something for you.
Would you show me a few examples? please do not send html mail when
you do.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss