Discussion:
[rancid] problem with get config from asa (version 8.x)
Tom Vaknin
2017-08-02 11:35:46 UTC
Permalink
while running clogin -m i find the following:
FWASA
autoenable:/opt/rancid/.cloginrc:334: FWASA 0
noenable:/opt/rancid/.cloginrc:128: * 1
password:/opt/rancid/.cloginrc:333: FWASA userpass enablepass
user:/opt/rancid/.cloginrc:332: FWASA rancid
method:/opt/rancid/.cloginrc:209: FWASA ssh

i found our that it matches to line noenable.
it was global line to all .cloginrc file.

thanks a lot!
much appreciate
Subject: Re: [rancid] problem with get config from asa (version 8.x)
Hi Ryan,
FWASA
spawn ssh -x -l rancid FWASA
Type help or '?' for a list of available commands.
FWASA /act>
FWASA /act>
FWASA /act>
You're not getting to enable, it might be an issue with the password
file. Have you tried putting the password in {}? Clogin for that device
should go enable automatically with your .cloginrc file.
assuming a more recent version of rancid, try
clogin -m FWASA
it will show you which cloginrc lines were matched. it may not be matching
what you think.
Gauthier, Chris
2017-08-01 14:50:22 UTC
Permalink
Chris GauthierSenior Network Engineer | comScore, Inc.
o +1 503-331-***@comscore.com
317 SW Alder St, Suite 500 | Portland | OR97204
............................................................................................................................................................................................................................

From: Rancid-discuss <rancid-discuss-***@shrubbery.net> on behalf of Tom Vaknin <***@gmail.com>
Date: Tuesday, August 1, 2017 at 7:36 AM
To: "rancid-***@shrubbery.net" <rancid-***@shrubbery.net>
Subject: [rancid] problem with get config from asa (version 8.x)

Hi all

ASAs with version lower then 9.2 are not support auto-enable.
therefore, my .cloginrc file look like this:

.cloginrc:
add user FWASA rancid
add password FWASA userpass enablepass
add autoenable FWASA 0

i can see on tac log that rancid login and logout couple of times:
2017-08-01 08:27:04 +0000,1.1.1.1,rancid,482,2.2.2.2,shell login succeeded
2017-08-01 08:27:17 +0000,1.1.1.1,rancid,483,2.2.2.2,shell login succeeded
2017-08-01 08:27:31 +0000,1.1.1.1,rancid,484,2.2.2.2,shell login succeeded
2017-08-01 08:27:45 +0000,1.1.1.1,rancid,485,2.2.2.2,shell login succeeded

and run the following commands:
2017-08-01 08:27:07 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,show,version
2017-08-01 08:27:12 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,exit,
2017-08-01 08:27:20 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,show,version
2017-08-01 08:27:26 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,exit,
2017-08-01 08:27:33 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,show,version
2017-08-01 08:27:40 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,exit,
2017-08-01 08:27:48 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,show,version
2017-08-01 08:27:53 +0000,1.1.1.1,rancid,22,2.2.2.2,permit,exit,

the rancid log look like this:
Trying to get all of the configs.
1.1.1.1<http://1.1.1.1>: End of run not found
!
=====================================
Getting missed routers: round 1.
1.1.1.1<http://1.1.1.1>: End of run not found
!
=====================================
Getting missed routers: round 2.
1.1.1.1<http://1.1.1.1>: End of run not found
!
=====================================
Getting missed routers: round 3.
1.1.1.1<http://1.1.1.1>: End of run not found
!
=====================================
Getting missed routers: round 4.
1.1.1.1<http://1.1.1.1>: End of run not found

Any idea what am i missing here?
Thanks.
Tom

Tom,

Have you tried

Export NOPIPE=YES
/usr/local/rancid/bin/rancid –d –t cisco device.example.com

Take a look at both the .new file and the .raw file. I find the .raw file is more useful for this kind of issue, but you can see what is happening.

--Chris

Loading...