[rancid] Cisco Pix "Configuration last modified" random time stamp

Discussion:

Jason Ellison

2009-02-06 05:59:50 UTC

List,

While using RANCID I have noticed that the pix "Configuration last modified"
keeps changing even though the device has not been modified. This creates
an email every time RANCID is run.

I know this is not a RANCID problem, but I thought someone on this list has
likely seen and maybe even solved this issue.

I thought it may bee related to ntp drift being applied against the
"last modified" time... but disabling the ntp server did not change
this behavior.

pix# sh ver

Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

pix# show clock
23:08:02.091 CST Thu Feb 5 2009

pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:15.162 CST Wed Feb 4 2009
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:14.792 CST Wed Feb 4 2009
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:15.292 CST Wed Feb 4 2009
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:14.872 CST Wed Feb 4 2009
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:15.492 CST Wed Feb 4 2009

pix# show clock
23:11:53.380 CST Thu Feb 5 2009

pix# show ntp status
Clock is synchronized, stratum 3, reference is 10.x.x.x
nominal freq is 99.9984 Hz, actual freq is 99.9917 Hz, precision is 2**6
reference time is cd3649b5.fad0cce6 (23:31:33.979 CST Thu Feb 5 2009)
clock offset is 13.9375 msec, root delay is 47.26 msec
root dispersion is 100.78 msec, peer dispersion is 19.13 msec

Jethro R Binks

2009-02-06 09:45:02 UTC

Permalink

Post by Jason Ellison
Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:15.162 CST Wed Feb 4 2009
pix# show ver | include modified
Configuration last modified by enable_15 at 16:38:14.792 CST Wed Feb 4 2009

...

Wow, I'd never noticed that. If I do the same:

asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.182 UTC Wed Feb 4 2009
asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.549 UTC Wed Feb 4 2009
asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.009 UTC Wed Feb 4 2009
asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.248 UTC Wed Feb 4 2009
asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.578 UTC Wed Feb 4 2009
asa1# sh ver | inc mod
Configuration last modified by admin at 14:22:04.427 UTC Wed Feb 4 2009

it similarly changes (slightly), even though 14:22 Feb 4 was a couple of
days ago. So it is broadly correct, but there's obviously some rounding
or timing issue while calculating the fractions of a second.

Post by Jason Ellison
While using RANCID I have noticed that the pix "Configuration last
modified" keeps changing even though the device has not been modified.
This creates an email every time RANCID is run.
I know this is not a RANCID problem, but I thought someone on this list
has likely seen and maybe even solved this issue.

I do not get this from rancid. The "Configuration last modified" line is
not represented in the processed output at all: looking at the ShowVersion
subroutine, it is very specific about which lines it is interested in and
doesn't just verbatim reproduce all the "show version" output. Which
version of rancid are you running? There have been many fixes for PIX/ASA
in the last several alpha releases: 2.3.2a9 works much better for me and
others.

Jethro.

--
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

LITTLEFIELD James

2009-02-06 13:01:49 UTC

Permalink

Post by Jethro R Binks
I do not get this from rancid. The "Configuration last modified" line is
not represented in the processed output at all: looking at the
ShowVersion
subroutine, it is very specific about which lines it is interested in and
doesn't just verbatim reproduce all the "show version" output. Which
version of rancid are you running? There have been many fixes for PIX/ASA
in the last several alpha releases: 2.3.2a9 works much better for me and
others.
Jethro.

This started for me after upgrading to 2.3.2a9.

Best regards,

Jim LITTLEFIELD
Information Technology
Office: +1 401 276 4457
***@3ds.com
www.3ds.com
Visit us at: www.simulia.com
SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Isla

Deny IP Any Any

2009-02-06 14:08:18 UTC

Permalink

On Fri, Feb 6, 2009 at 8:01 AM, LITTLEFIELD James

Post by LITTLEFIELD James

Post by Jethro R Binks
I do not get this from rancid. The "Configuration last modified" line is
not represented in the processed output at all: looking at the ShowVersion
subroutine, it is very specific about which lines it is interested in and
doesn't just verbatim reproduce all the "show version" output. Which
version of rancid are you running? There have been many fixes for PIX/ASA
in the last several alpha releases: 2.3.2a9 works much better for me and
others.
Jethro.

This started for me after upgrading to 2.3.2a9.
Best regards,
Jim LITTLEFIELD
Information Technology
Office: +1 401 276 4457
www.3ds.com
Visit us at: www.simulia.com
SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Island 02909 - United States
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

This is a bug in the Cisco code, bug CSCsv80536.

Fixed-In
8.0(4.13)
8.2(0.180)
7.1(2.80)
7.2(4.21)
8.1(2.7)
7.0(8.5

--
deny ip any any (4393649193 matches)

LITTLEFIELD James

2009-02-06 12:56:36 UTC

Permalink

-----Original Message-----
Sent: Friday, February 06, 2009 1:00 AM
Subject: [rancid] Cisco Pix "Configuration last modified" random time
stamp
List,
While using RANCID I have noticed that the pix "Configuration last modified"
keeps changing even though the device has not been modified. This creates
an email every time RANCID is run.
I know this is not a RANCID problem, but I thought someone on this list has
likely seen and maybe even solved this issue.
I thought it may bee related to ntp drift being applied against the
"last modified" time... but disabling the ntp server did not change
this behavior.

I have the same problem here and I'm sure it isn't an NTP issue. Time to start poking around the code...

Best regards,

Jim LITTLEFIELD
Information Technology
Office: +1 401 276 4457
***@3ds.com
www.3ds.com
Visit us at: www.simulia.com
SIMULIA - Dassault Systemes Simulia Corp. 166 Valley Street - Providence, Rhode Island 02909 -

john heasley

2009-02-06 20:53:23 UTC

Permalink

Post by LITTLEFIELD James

I have the same problem here and I'm sure it isn't an NTP issue. Time to start poking around the code...

I think this change, not in 2.3.2a9, will fix this problem.

Index: rancid.in
===================================================================
RCS file: /home/rancid/.CVS/rancid/bin/rancid.in,v
retrieving revision 1.251
retrieving revision 1.253
diff -d -u -r1.251 -r1.253
--- rancid.in 26 Nov 2008 17:43:41 -0000 1.251
+++ rancid.in 2 Feb 2009 21:40:14 -0000 1.253
@@ -1,6 +1,6 @@
#! @PERLV_PATH@
##
-## $Id: rancid.in,v 1.251 2008/11/26 17:43:41 heas Exp $
+## $Id: rancid.in,v 1.253 2009/02/02 21:40:14 heas Exp $
##
## @PACKAGE@ @VERSION@
## Copyright (c) 1997-2008 by Terrapin Communications, Inc.
@@ -1522,6 +1522,7 @@
last if (/^$prompt/);
return(1) if /Line has invalid autocommand /;
return(1) if (/(Invalid input detected|Type help or )/i);
+ return(1) if /\%Error: No such file or directory/;
return(0) if ($found_end); # Only do this routine once
return(-1) if (/command authorization failed/i);
# the pager can not be disabled per-session on the PIX
@@ -1550,6 +1551,8 @@
# some versions have other crap mixed in with the bits in the
# block above
/^! (Last configuration|NVRAM config last)/ && next;
+ # and for the ASA
+ /^: (Written by \w+ at|Saved)/ && next;

# skip consecutive comment lines to avoid oscillating extra comment
# line on some access servers. grrr.
@@ -1823,7 +1826,7 @@
next;
}

- /^Cryptochecksum:/ && next;
+ /^ *Cryptochecksum:/ && next;

# catch anything that wasnt matched above.
ProcessHistory("","","","$_");