Mailing List Archive: specify the router you want to diff on

specify the router you want to diff on

dave.packham at utah

Dec 3, 2001, 9:36 AM

Post #1 of 6 (1616 views)

Is it possible to run do-diffs on a specific router/switch instead of
the whole group? We are using some homebrew scripts that watch the
Cisco syslog output looking for user's login off from the routers, I
want to be able to do a do-diffs for just this one router/switch and
send the email to only that person that made the change. I can get the
email addr of the person but it looks like I need to mod do-diffs to
allow passing of a specific router from a specific group. Any thoughts?

Dave Packham
University of Utah Netcom
Manager Network Engineering,
Advanced Projects
ISO Office member
DSO
?
c. 718-7777 at 801
w. 585.6043 at 801
Dave.Packham at Utah.edu

ICQ#:45818442
Current ICQ status:

45818442 at pager.icq.com
SMS: (Send an SMS message to my ICQ): +278314245818442
More ways to contact me: http://wwp.icq.com/45818442
?
http://www.netcom.utah.edu/network/engineering.html
http://www.map.utah.edu/umaplink/0893.html

?

-----Original Message-----
From: Mark Cooper [mailto:mcooper@blueyonder.co.uk]
Sent: Friday, November 23, 2001 9:40 AM
To: rancid-discuss at shrubbery.net
Cc: rancid at shrubbery.net; asp at partan.com
Subject: fix for special character handling

I have run into a few problems with 'special' characters within router
banners and/or
prompts.

The following diff against clogin should fix the banner containing
expected prompt
character
and also any special characters in the prompt.

376c376,382
< -re "$p_prompt" { send "$userpswd\r" }
---
> -re "$p_prompt" { send "$userpswd\r"
> expect {
> eof
{
send_user "\nError: Couldn't login\n"; wait; return 1 }
> -re "$u_prompt"
{ send
"$user\r" }
> "$prompt"
{ set
in_proc 0; return 0 }
> }
> }
394d399
< "$prompt" { break; }
449c454,455
< regsub -all "\[)(]" $prompt {\\&} reprompt
---
> regsub -all {\[} $prompt {\\&} reprompt
> regsub -all {\]} $reprompt {\\&} reprompt

The following diff against rancid should fix handling of special
characters in the prompt.

1131c1131,1134
< if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; }
---
> if (!defined($prompt)) {
> $prompt = ($_ =~ /^([^#]+#)/)[0];
> $prompt =~ s/([][])/\\$1/g;
> }

The following diff against blogin should fix problems with there being a
banner on a
nortel.

367c367,373
< -re "$p_prompt" { send "$userpswd\r" }
---
> -re "$p_prompt" { send "$userpswd\r"
> expect {
> eof
{
send_user "\nError: Couldn't login\n"; wait; return 1 }
> -re "$u_prompt"
{ send
"$user\r" }
> "$prompt"
{ set
in_proc 0; return 0 }
> }
> }
385d390
< "$prompt" { break; }

BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid
patches installed.
I obviously
really need to provide these as full context diffs against 2.2b8....d'oh

HTH

Mark

specify the router you want to diff on [ In reply to ]

heas at shrubbery

Dec 3, 2001, 10:48 AM

Post #2 of 6 (1596 views)

control_rancid will also need to be modified. i'd suggest that a better
way to acheive this would be; given username and router

% cd /sometmpdir
% touch router.lock
% type = `grep ^fqdn /usr/local/rancid/*/router.db | awk -F: 'print $2'`
% bin/rancid-fe fqdn:<type>
% diff -c /usr/local/rancid/<group>/configs/fqdn fqdn > fqdn.diff
% ucbmail -s "diffs" username < fqdn.diff

or something to that effect, with error detection. the point is, do it
outside of rancid. this way the group still gets the diffs when the
hourly (or however often you run) diffs are run.

Mon, Dec 03, 2001 at 10:36:27AM -0700, Dave Packham:
> Is it possible to run do-diffs on a specific router/switch instead of
> the whole group? We are using some homebrew scripts that watch the
> Cisco syslog output looking for user's login off from the routers, I
> want to be able to do a do-diffs for just this one router/switch and
> send the email to only that person that made the change. I can get the
> email addr of the person but it looks like I need to mod do-diffs to
> allow passing of a specific router from a specific group. Any thoughts?
>
> Dave Packham
> University of Utah Netcom
> Manager Network Engineering,
> Advanced Projects
> ISO Office member
> DSO
> ?
> c. 718-7777 at 801
> w. 585.6043 at 801
> Dave.Packham at Utah.edu
>
> ICQ#:45818442
> Current ICQ status:
>
> 45818442 at pager.icq.com
> SMS: (Send an SMS message to my ICQ): +278314245818442
> More ways to contact me: http://wwp.icq.com/45818442
> ?
> http://www.netcom.utah.edu/network/engineering.html
> http://www.map.utah.edu/umaplink/0893.html
>
> ?
>
>
> -----Original Message-----
> From: Mark Cooper [mailto:mcooper at blueyonder.co.uk]
> Sent: Friday, November 23, 2001 9:40 AM
> To: rancid-discuss at shrubbery.net
> Cc: rancid at shrubbery.net; asp at partan.com
> Subject: fix for special character handling
>
> I have run into a few problems with 'special' characters within router
> banners and/or
> prompts.
>
> The following diff against clogin should fix the banner containing
> expected prompt
> character
> and also any special characters in the prompt.
>
> 376c376,382
> < -re "$p_prompt" { send "$userpswd\r" }
> ---
> > -re "$p_prompt" { send "$userpswd\r"
> > expect {
> > eof
> {
> send_user "\nError: Couldn't login\n"; wait; return 1 }
> > -re "$u_prompt"
> { send
> "$user\r" }
> > "$prompt"
> { set
> in_proc 0; return 0 }
> > }
> > }
> 394d399
> < "$prompt" { break; }
> 449c454,455
> < regsub -all "\[)(]" $prompt {\\&} reprompt
> ---
> > regsub -all {\[} $prompt {\\&} reprompt
> > regsub -all {\]} $reprompt {\\&} reprompt
>
>
> The following diff against rancid should fix handling of special
> characters in the prompt.
>
> 1131c1131,1134
> < if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; }
> ---
> > if (!defined($prompt)) {
> > $prompt = ($_ =~ /^([^#]+#)/)[0];
> > $prompt =~ s/([][])/\\$1/g;
> > }
>
>
> The following diff against blogin should fix problems with there being a
> banner on a
> nortel.
>
> 367c367,373
> < -re "$p_prompt" { send "$userpswd\r" }
> ---
> > -re "$p_prompt" { send "$userpswd\r"
> > expect {
> > eof
> {
> send_user "\nError: Couldn't login\n"; wait; return 1 }
> > -re "$u_prompt"
> { send
> "$user\r" }
> > "$prompt"
> { set
> in_proc 0; return 0 }
> > }
> > }
> 385d390
> < "$prompt" { break; }
>
>
> BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid
> patches installed.
> I obviously
> really need to provide these as full context diffs against 2.2b8....d'oh
>
> HTH
>
> Mark

specify the router you want to diff on [ In reply to ]

dave.packham at utah

Dec 3, 2001, 10:58 AM

Post #3 of 6 (1594 views)

Thanks for that start

We are currently doing immediate diffs when the user makes the change
and syslog notices the exit from config mode. That way the user that
made the change and the managers know when and what the person just did.
We don't do hourly/daily diffs. So some way to pass (do-diffs -r
"some-router") and have that pass that info along to the control_rancid
and allow control_rancid to do all its normal housekeeping would be the
best way.

Dave Packham
University of Utah Netcom
Manager Network Engineering,
Advanced Projects
ISO Office member
DSO
?
c. 718-7777 at 801
w. 585.6043 at 801
Dave.Packham at Utah.edu

ICQ#:45818442
Current ICQ status:

45818442 at pager.icq.com
SMS: (Send an SMS message to my ICQ): +278314245818442
More ways to contact me: http://wwp.icq.com/45818442
?
http://www.netcom.utah.edu/network/engineering.html
http://www.map.utah.edu/umaplink/0893.html

?

-----Original Message-----
From: john heasley [mailto:heas@shrubbery.net]
Sent: Monday, December 03, 2001 11:48 AM
To: Dave Packham
Cc: Mark Cooper; rancid-discuss at shrubbery.net; rancid at shrubbery.net
Subject: Re: specify the router you want to diff on

control_rancid will also need to be modified. i'd suggest that a better
way to acheive this would be; given username and router

% cd /sometmpdir
% touch router.lock
% type = `grep ^fqdn /usr/local/rancid/*/router.db | awk -F:
'print $2'`
% bin/rancid-fe fqdn:<type>
% diff -c /usr/local/rancid/<group>/configs/fqdn fqdn >
fqdn.diff
% ucbmail -s "diffs" username < fqdn.diff

or something to that effect, with error detection. the point is, do it
outside of rancid. this way the group still gets the diffs when the
hourly (or however often you run) diffs are run.

Mon, Dec 03, 2001 at 10:36:27AM -0700, Dave Packham:
> Is it possible to run do-diffs on a specific router/switch instead of
> the whole group? We are using some homebrew scripts that watch the
> Cisco syslog output looking for user's login off from the routers, I
> want to be able to do a do-diffs for just this one router/switch and
> send the email to only that person that made the change. I can get
the
> email addr of the person but it looks like I need to mod do-diffs to
> allow passing of a specific router from a specific group. Any
thoughts?
>
> Dave Packham
> University of Utah Netcom
> Manager Network Engineering,
> Advanced Projects
> ISO Office member
> DSO
> ?
> c. 718-7777 at 801
> w. 585.6043 at 801
> Dave.Packham at Utah.edu
>
> ICQ#:45818442
> Current ICQ status:
>
> 45818442 at pager.icq.com
> SMS: (Send an SMS message to my ICQ): +278314245818442
> More ways to contact me: http://wwp.icq.com/45818442
> ?
> http://www.netcom.utah.edu/network/engineering.html
> http://www.map.utah.edu/umaplink/0893.html
>
> ?
>
>
> -----Original Message-----
> From: Mark Cooper [mailto:mcooper at blueyonder.co.uk]
> Sent: Friday, November 23, 2001 9:40 AM
> To: rancid-discuss at shrubbery.net
> Cc: rancid at shrubbery.net; asp at partan.com
> Subject: fix for special character handling
>
> I have run into a few problems with 'special' characters within router
> banners and/or
> prompts.
>
> The following diff against clogin should fix the banner containing
> expected prompt
> character
> and also any special characters in the prompt.
>
> 376c376,382
> < -re "$p_prompt" { send "$userpswd\r" }
> ---
> > -re "$p_prompt" { send "$userpswd\r"
> > expect {
> > eof
> {
> send_user "\nError: Couldn't login\n"; wait; return 1 }
> > -re
"$u_prompt"
> { send
> "$user\r" }
> > "$prompt"
> { set
> in_proc 0; return 0 }
> > }
> > }
> 394d399
> < "$prompt" { break; }
> 449c454,455
> < regsub -all "\[)(]" $prompt {\\&} reprompt
> ---
> > regsub -all {\[} $prompt {\\&} reprompt
> > regsub -all {\]} $reprompt {\\&} reprompt
>
>
> The following diff against rancid should fix handling of special
> characters in the prompt.
>
> 1131c1131,1134
> < if (!defined($prompt)) {$prompt = ($_ =~ /^([^#]+#)/)[0]; }
> ---
> > if (!defined($prompt)) {
> > $prompt = ($_ =~ /^([^#]+#)/)[0];
> > $prompt =~ s/([][])/\\$1/g;
> > }
>
>
> The following diff against blogin should fix problems with there being
a
> banner on a
> nortel.
>
> 367c367,373
> < -re "$p_prompt" { send "$userpswd\r" }
> ---
> > -re "$p_prompt" { send "$userpswd\r"
> > expect {
> > eof
> {
> send_user "\nError: Couldn't login\n"; wait; return 1 }
> > -re
"$u_prompt"
> { send
> "$user\r" }
> > "$prompt"
> { set
> in_proc 0; return 0 }
> > }
> > }
> 385d390
> < "$prompt" { break; }
>
>
> BTW, all these diffs are against 2.2b7 with Mordechai T. Abzug brancid
> patches installed.
> I obviously
> really need to provide these as full context diffs against
2.2b8....d'oh
>
> HTH
>
> Mark

specify the router you want to diff on [ In reply to ]

heas at shrubbery

Dec 3, 2001, 11:20 AM

Post #4 of 6 (1590 views)

Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham:
> Thanks for that start
>
> We are currently doing immediate diffs when the user makes the change
> and syslog notices the exit from config mode. That way the user that
> made the change and the managers know when and what the person just did.
> We don't do hourly/daily diffs. So some way to pass (do-diffs -r
> "some-router") and have that pass that info along to the control_rancid
> and allow control_rancid to do all its normal housekeeping would be the
> best way.

then you do not get diffs resulting from such things as reloads or crashes
until someone makes a change. my book would mark that undesirable.

specify the router you want to diff on [ In reply to ]

dave.packham at utah

Dec 3, 2001, 11:20 AM

Post #5 of 6 (1596 views)

No the syslogger follows that to. With router AAA access turned on and
all logging sent to local sysloggers we get it all

Dave Packham
University of Utah Netcom
Manager Network Engineering,
Advanced Projects
ISO Office member
DSO
?
c. 718-7777 at 801
w. 585.6043 at 801
Dave.Packham at Utah.edu

ICQ#:45818442
Current ICQ status:

45818442 at pager.icq.com
SMS: (Send an SMS message to my ICQ): +278314245818442
More ways to contact me: http://wwp.icq.com/45818442
?
http://www.netcom.utah.edu/network/engineering.html
http://www.map.utah.edu/umaplink/0893.html

?

-----Original Message-----
From: john heasley [mailto:heas@shrubbery.net]
Sent: Monday, December 03, 2001 12:20 PM
To: Dave Packham
Cc: john heasley; Mark Cooper; rancid-discuss at shrubbery.net;
rancid at shrubbery.net
Subject: Re: specify the router you want to diff on

Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham:
> Thanks for that start
>
> We are currently doing immediate diffs when the user makes the change
> and syslog notices the exit from config mode. That way the user that
> made the change and the managers know when and what the person just
did.
> We don't do hourly/daily diffs. So some way to pass (do-diffs -r
> "some-router") and have that pass that info along to the
control_rancid
> and allow control_rancid to do all its normal housekeeping would be
the
> best way.

then you do not get diffs resulting from such things as reloads or
crashes
until someone makes a change. my book would mark that undesirable.

specify the router you want to diff on [ In reply to ]

Dec 3, 2001, 6:07 PM

Post #6 of 6 (1597 views)

On Mon, Dec 03, 2001 at 11:20:10AM -0800, john heasley wrote:
> Mon, Dec 03, 2001 at 11:58:08AM -0700, Dave Packham:
> > We are currently doing immediate diffs when the user makes the change
> > and syslog notices the exit from config mode. That way the user that
> > made the change and the managers know when and what the person just did.
> > We don't do hourly/daily diffs. So some way to pass (do-diffs -r
> > "some-router") and have that pass that info along to the control_rancid
> > and allow control_rancid to do all its normal housekeeping would be the
> > best way.
>
> then you do not get diffs resulting from such things as reloads or crashes
> until someone makes a change. my book would mark that undesirable.

belt & suspenders. i'd do 2 setups - one for diffs when triggered
(by syslog or what have you) and one run every hour.

what if the router you triggered on was not reachable? or if your
collection machine could not log into it? unless you have something
periodic going, you could loose that change & never catch it.
--asp