[rancid] Palo Alto

Discussion:

[rancid] Palo Alto

Arthur Chilipweli

2013-01-02 19:41:16 UTC

All, I hope someone can help me out, I have followed up on the configuration of the rancid to pull configs from Palo alto devices, based on this discussion string found here:
http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread<http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread%23unread>

The login script seems to be working, however I am unable to pull the configs using the scripts, can someone please point me to the right direction please:
[***@mdrancid ~]$ panlogin 3040-palo-altofw01
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Password:
Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14
***@palo-altofw01 (active)>
***@palo-altofw01 (active)> exit

But running a test script to pull configs seems not to be working:

[***@mdrancid ~]$ panlogin -t 120 -c "show config running" 3040-palo-altofw01
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Password:
Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14
***@palo-altofw01 (active)>
***@palo-altofw01 (active)> set cli pager off
***@palo-altofw01 (active)>
Error: TIMEOUT reached

--Arthur

Hughes, Doug

2013-01-02 21:32:47 UTC

Permalink

Yes, somebody else has run across this two, and it's because of the HA firewall setup and prompt change. Try this version that Wouter de Jong and I came up with:

From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Arthur Chilipweli
Sent: Wednesday, January 02, 2013 2:41 PM
To: rancid-***@shrubbery.net
Subject: [rancid] Palo Alto

All, I hope someone can help me out, I have followed up on the configuration of the rancid to pull configs from Palo alto devices, based on this discussion string found here:
http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread<http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread%23unread>

The login script seems to be working, however I am unable to pull the configs using the scripts, can someone please point me to the right direction please:
[***@mdrancid ~]$ panlogin 3040-palo-altofw01
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Password:
Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14
***@palo-altofw01 (active)>
***@palo-altofw01 (active)> exit

But running a test script to pull configs seems not to be working:

[***@mdrancid ~]$ panlogin -t 120 -c "show config running" 3040-palo-altofw01
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Password:
Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14
***@palo-altofw01 (active)>
***@palo-altofw01 (active)> set cli pager off
***@palo-altofw01 (active)>
Error: TIMEOUT reached

--Arthur

heasley

2013-01-08 17:04:57 UTC

Permalink

Extreme and Catalyst alter their prompts too; see clogin for a code example
that does this.

Post by Hughes, Doug
Sent: Wednesday, January 02, 2013 2:41 PM
Subject: [rancid] Palo Alto
http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread#unread<http://www.gossamer-threads.com/lists/rancid/users/6483?page=unread%23unread>
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Last login: Wed Jan 2 13:22:13 2013 from 10.1.5.14
3040-palo-altofw01
spawn ssh -c 3des -x -l admin 3040-palo-altofw01
Last login: Wed Jan 2 13:27:43 2013 from 10.1.5.14
Error: TIMEOUT reached
--Arthur
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Arthur Chilipweli

2013-01-03 22:01:59 UTC

Permalink

Doug,

Thank you for the work you and Wouter de Jong did, it is working thank you very much.

Thanks,

Arthur

Peter Jackson

2013-01-05 03:31:57 UTC

Permalink

Which platform are you guys using? And which version of PA?

When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine
for the first command, 'set cli scripting-mode on' as if there is no input
from this command.

On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli <

Doug,****
** **
Thank you for the work you and Wouter de Jong did, it is working thank you
very much.****
** **
Thanks,****
** **
Arthur****
** **
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

Hughes, Doug

2013-01-05 20:54:57 UTC

Permalink

Try this/these version. I moved cli scripting-mode to earlier, put cli pager mode after it, and modified panlogin to just send return to determine prompt

Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050.

From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Peter Jackson
Sent: Friday, January 04, 2013 10:32 PM
To: Arthur Chilipweli
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Palo Alto

Which platform are you guys using? And which version of PA?

When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine for the first command, 'set cli scripting-mode on' as if there is no input from this command.

On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli <***@solutionary.com<mailto:***@solutionary.com>> wrote:
Doug,

Thank you for the work you and Wouter de Jong did, it is working thank you very much.

Thanks,

Arthur

Peter Jackson

2013-01-06 00:46:32 UTC

Permalink

This one works! Thank you so much.

I spent some time on a bash script that uses panlogin to copy the
running-config.xml file to a tftp server, rename it, and move it into an
archive directory. But having RANCID working is so much better.

I have attached your panrancid modified for the set mode.

On Sat, Jan 5, 2013 at 3:54 PM, Hughes, Doug <

Post by Hughes, Doug
Try this/these version. I moved cli scripting-mode to earlier, put cli
pager mode after it, and modified panlogin to just send return to determine
prompt****
** **
Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050.****
** **
*Sent:* Friday, January 04, 2013 10:32 PM
*To:* Arthur Chilipweli
*Subject:* Re: [rancid] Palo Alto****
** **
Which platform are you guys using? And which version of PA?
When I run rancid-run for our PA-200s it hangs at the EatCommand
subroutine for the first command, 'set cli scripting-mode on' as if there
is no input from this command.
****
On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli <
Doug,****
****
Thank you for the work you and Wouter de Jong did, it is working thank you
very much.****
****
Thanks,****
****
Arthur****
****
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss****
** **

Arthur Chilipweli

2013-01-06 02:10:59 UTC

Permalink

Yeah thank you guys very much

--Arthur

From: Peter Jackson [mailto:***@gmail.com]
Sent: Saturday, January 05, 2013 6:47 PM
To: Hughes, Doug
Cc: Arthur Chilipweli; rancid-***@shrubbery.net
Subject: Re: [rancid] Palo Alto

This one works! Thank you so much.

I spent some time on a bash script that uses panlogin to copy the running-config.xml file to a tftp server, rename it, and move it into an archive directory. But having RANCID working is so much better.

I have attached your panrancid modified for the set mode.

On Sat, Jan 5, 2013 at 3:54 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Try this/these version. I moved cli scripting-mode to earlier, put cli pager mode after it, and modified panlogin to just send return to determine prompt

Tested on 4.1.8, 5.0.1, and HA firewalls. Tested on my 2020 and 2050.

From: rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net> [mailto:rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net>] On Behalf Of Peter Jackson
Sent: Friday, January 04, 2013 10:32 PM
To: Arthur Chilipweli
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Palo Alto

Which platform are you guys using? And which version of PA?

When I run rancid-run for our PA-200s it hangs at the EatCommand subroutine for the first command, 'set cli scripting-mode on' as if there is no input from this command.
On Thu, Jan 3, 2013 at 5:01 PM, Arthur Chilipweli <***@solutionary.com<mailto:***@solutionary.com>> wrote:
Doug,

Thank you for the work you and Wouter de Jong did, it is working thank you very much.

Thanks,

Arthur