Amanda Lalli-Cafini
2011-09-20 02:43:07 UTC
Good Day All,
We have rancid running on a server that is also running TACACS+
We have rancid running every 4 hours using crontab.
I have been asked to get it running in response to a user making a change to the configuration.
I found some help in the FAQ about this, but I am not exactally sure where to get started.
I suppose the first thing I need to do is to see if I have syslog on the TACACS server.
I was wondering if anyone could expand on the FAQ a bit and give me a little more idea of how to get this going please?
thanks in advance for any assistance
regards
Amanda
Q. I'd like to have RANCID automatically begin collection when someone
finishes configuring a router. How can I do this?
A. Using a syslog watcher script, one can trigger RANCID from the syslog
line emitted by, for example, an IOS router after configuration mode is
ended.
Here's a simple example using the Simple Event Correlator:
(http://simple-evcorr.sourceforge.net/)
If the syslog line in your logs looks like this (wrapped for readability):
Apr 5 09:56:52 acc1.geo269.example.com 72: 000069: *Mar 6 21:40:13.466 \
AEDT: %SYS-5-CONFIG_I: Configured from console by gwbush on vty0 (10.1.1.1)
You would use a SEC configuration stanza like this:
# example rancid trigger
#
type=SingleWithSuppress
ptype=RegExp
pattern=\s\S+:\S+\S+\s(\S+)\.example\.com.*SYS-5-CONFIG_I
action=shellcmd /opt/rancid/bin/do-diffs -r $1
window=1800
This will execute the command '/opt/rancid/bin/do-diffs -r acc1.geo269'
when it is fed a line like that syslog line. The command will be run at
most once every 1800 seconds. If you do not get hostnames in your
log lines that match your router.db entries, either fix your reverse
DNS or remove the '-r $1' part.
We have rancid running on a server that is also running TACACS+
We have rancid running every 4 hours using crontab.
I have been asked to get it running in response to a user making a change to the configuration.
I found some help in the FAQ about this, but I am not exactally sure where to get started.
I suppose the first thing I need to do is to see if I have syslog on the TACACS server.
I was wondering if anyone could expand on the FAQ a bit and give me a little more idea of how to get this going please?
thanks in advance for any assistance
regards
Amanda
Q. I'd like to have RANCID automatically begin collection when someone
finishes configuring a router. How can I do this?
A. Using a syslog watcher script, one can trigger RANCID from the syslog
line emitted by, for example, an IOS router after configuration mode is
ended.
Here's a simple example using the Simple Event Correlator:
(http://simple-evcorr.sourceforge.net/)
If the syslog line in your logs looks like this (wrapped for readability):
Apr 5 09:56:52 acc1.geo269.example.com 72: 000069: *Mar 6 21:40:13.466 \
AEDT: %SYS-5-CONFIG_I: Configured from console by gwbush on vty0 (10.1.1.1)
You would use a SEC configuration stanza like this:
# example rancid trigger
#
type=SingleWithSuppress
ptype=RegExp
pattern=\s\S+:\S+\S+\s(\S+)\.example\.com.*SYS-5-CONFIG_I
action=shellcmd /opt/rancid/bin/do-diffs -r $1
window=1800
This will execute the command '/opt/rancid/bin/do-diffs -r acc1.geo269'
when it is fed a line like that syslog line. The command will be run at
most once every 1800 seconds. If you do not get hostnames in your
log lines that match your router.db entries, either fix your reverse
DNS or remove the '-r $1' part.