Mailing List Archive

Fortigate 7.x filter_osc additional churn
Looking to see if we can get an easy patch added to fortigate.pm to filter
out some more filter_osc stuff. for context, in the past some stuff was
added here:

https://shrubbery.net/pipermail/rancid-discuss/2017-June/009636.html

We had someone upgrade FortiOS from 6.x to 7.x recently and a new line is
added that churns:

- #AV AI/ML Model: 2.05854(2022-06-02 02:45)
+ #AV AI/ML Model: 2.05855(2022-06-02 03:45)

We added this line manually to sub GetSystem to the existing "if
($filter_osc >= 2) {" and it worked for us to remove it:

next if (/^\s*AV AI\/ML Model: .*/);

--Chris
Re: Fortigate 7.x filter_osc additional churn [ In reply to ]
Thu, Jun 02, 2022 at 12:31:37PM -0500, Chris Wopat:
> Looking to see if we can get an easy patch added to fortigate.pm to filter
> out some more filter_osc stuff. for context, in the past some stuff was
> added here:
>
> https://shrubbery.net/pipermail/rancid-discuss/2017-June/009636.html
>
> We had someone upgrade FortiOS from 6.x to 7.x recently and a new line is
> added that churns:
>
> - #AV AI/ML Model: 2.05854(2022-06-02 02:45)
> + #AV AI/ML Model: 2.05855(2022-06-02 03:45)
>
> We added this line manually to sub GetSystem to the existing "if
> ($filter_osc >= 2) {" and it worked for us to remove it:
>
> next if (/^\s*AV AI\/ML Model: .*/);

Sure. Don't you want to only remove the timestamp? hint: I do not know what
an AV AI/ML is.

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@www.shrubbery.net
https://www.shrubbery.net/mailman/listinfo/rancid-discuss
Re: Fortigate 7.x filter_osc additional churn [ In reply to ]
On Thu, Jun 2, 2022 at 11:36 PM heasley <heas@shrubbery.net> wrote:

> Thu, Jun 02, 2022 at 12:31:37PM -0500, Chris Wopat:
> > Looking to see if we can get an easy patch added to fortigate.pm to
> filter
> > out some more filter_osc stuff. for context, in the past some stuff was
> > added here:
> >
> > https://shrubbery.net/pipermail/rancid-discuss/2017-June/009636.html
> >
> > We had someone upgrade FortiOS from 6.x to 7.x recently and a new line is
> > added that churns:
> >
> > - #AV AI/ML Model: 2.05854(2022-06-02 02:45)
> > + #AV AI/ML Model: 2.05855(2022-06-02 03:45)
> >
> > We added this line manually to sub GetSystem to the existing "if
> > ($filter_osc >= 2) {" and it worked for us to remove it:
> >
> > next if (/^\s*AV AI\/ML Model: .*/);
>
> Sure. Don't you want to only remove the timestamp? hint: I do not know
> what
> an AV AI/ML is.
>
>
Anti-virus, Artificial Intelligence/Machine Learning, if it's like the
Fortiweb.
Re: Fortigate 7.x filter_osc additional churn [ In reply to ]
On Thu, Jun 2, 2022 at 10:36 PM heasley <heas@shrubbery.net> wrote:

> Thu, Jun 02, 2022 at 12:31:37PM -0500, Chris Wopat:
> >
> > next if (/^\s*AV AI\/ML Model: .*/);
>
> Sure. Don't you want to only remove the timestamp? hint: I do not know
> what
> an AV AI/ML is.
>

Also no clue what that is, just some internal antivirus database or
something.

Like the others in the old patch, removing the entire line is fine. Both
the timestamp and version number (2.05855) change so I don't see what good
the line without both would do.