[rancid] Panrancid with PAN 6.0

Discussion:

Chip Pleasants

2014-06-16 18:01:09 UTC

Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP
Incorporated.
line: It is for authorized users only. Unauthorized users are
prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit
expectation of
line: privacy. Any or all uses of this system may be subject to one or
more of the
line: following actions: interception, monitoring, recording, auditing,
inspection and
line: disclosing to security personnel and law enforcement personnel, as
well as
line: authorized officials of other agencies, both domestic and foreign.
By using this
line: system, the user consents to these actions. Unauthorized or
improper use of
line: this system may result in administrative disciplinary action and
civil and criminal
line: penalties. By accessing this system you indicate your awareness of
and
line: consent to these terms and conditions of use. Discontinue access
immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli
***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)>
set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set
cli ***@CMH1-Z4-F01(active)> set cli scripting-mode
***@CMH1-Z4-F01(active)>
set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set
cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)>
set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)>
show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)>
show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found

Hughes, Doug

2014-06-16 20:37:16 UTC

Permalink

Yes, itâs working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com<http://cmh1vlobs01.domain.com/>
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found

Hughes, Doug

2014-06-17 18:28:51 UTC

Permalink

Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I donât run any in HA)

It looks to me like âset cli scripting-mode onâ is failing

To confirm this, login to the PA at command line, then type set cli scripting-mode on

Now type âset cli scripting-mode ?â

If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Thanks Doug. I am running the most recent version, but for grins I replaced them anyway. Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Yes, itâs working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net>] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com<http://cmh1vlobs01.domain.com/>
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found

Chip Pleasants

2014-06-17 18:48:12 UTC

Permalink

Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.

***@FIREWALL(active)> set cli scripting-mode on
***@FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>

Invalid syntax.
***@FIREWALL(active)>

line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli
***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli
pager off
PROMPT MATCH: ***@FIREWALL$active$[#>]
HIT COMMAND:***@FIREWALL(active)> set ***@FIREWALL(active)> set cli
***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli
pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALL(active)> show ***@FIREWALL(active)> show
system ***@FIREWALL(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)>
show system ***@FIREWALL(active)> show system info
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
[***@server rancid]$

On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <

Post by Hughes, Doug
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
*Sent:* Tuesday, June 17, 2014 1:39 PM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of *Chip Pleasants
*Sent:* Monday, June 16, 2014 2:01 PM
*Subject:* [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found

Hughes, Doug

2014-06-17 19:10:30 UTC

Permalink

Sorry, I meant âoffâ, you need to set it to off and then try the ? test.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Tuesday, June 17, 2014 2:48 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Here's what I get. I get the same result from a version 5.x PA. I removed the "set cli scripting-mode on" from the script to test. Version 5.x PA works and version 6.x PA end up with the same result.

***@FIREWALL(active)> set cli scripting-mode on
***@FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>

Invalid syntax.
***@FIREWALL(active)>

line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
PROMPT MATCH: ***@FIREWALL$active$[#>]
HIT COMMAND:***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
#
[***@server rancid]$

On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I donât run any in HA)

It looks to me like âset cli scripting-mode onâ is failing

To confirm this, login to the PA at command line, then type set cli scripting-mode on

Now type âset cli scripting-mode ?â

If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Thanks Doug. I am running the most recent version, but for grins I replaced them anyway. Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Yes, itâs working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net>] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com/>
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com<http://cmh1vlobs01.domain.com/>
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01.<http://cmh1-z4-f01.dswinc.net/>domain.com<http://cmh1-z4-f01.domain.com/> : End of run not found

Hughes, Doug

2014-06-17 19:34:09 UTC

Permalink

Hrm. Yes, I had it correct the first time. (oof, busy day)

‘on’ is needed to prevent this ‘feature’:
line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off

After each space, it does essentially a rewrite of the line as it tried to ‘auto-correct’ you from typing the wrong thing. This gets in the way of parsing with expect quite heavily, so I attempt to disable it as soon as possible. If set cli scripting-mode on does not cause this to stop (and it looks like it doesn’t), then that appears to be a bug. You can also see this by using type script:

Here’s how it looks at the command line:
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
***@paloalto.en's password:
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
***@paloalto.en> set cli scripting-mode on
***@paloalto.en> set cli ? <ENTER here>

Invalid syntax.
***@paloalto.en> exit

Here's how it looks in the corresponding typescript file:
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
***@paloalto.en's password: ^M
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com^M^M
Welcome admin.^M
***@paloalto.en> set ^M^[[***@paloalto.en> set cli ^M^[[***@paloalto.en>
set cli scripting-mode ^M^[[***@paloalto.en> set cli scripting-mode on^M
***@paloalto.en> set cli ?^M
^M
Invalid syntax.^M
***@paloalto.en> exit^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M

Script done on Tue 17 Jun 2014 03:25:34 PM EDT

If 'set cli scripting-mode on' doesn't disable the 'space' feature, then the rest of the expect is very iffy at best and difficult to manage

Here's another way to confirm the behavior

Type config <space>

If it autocompletes to 'configure', then cli scripting-mode is not on and results *will* vary.
Disabling the pager is also important since it disables the --more-- when show config is running.

I am running 6.0.2 but no HA on PA-3020 and PA-2050

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Tried it on both versions. Seems like they both yield the same result. Doesn't the script turn cli scripting-mode on? Or do we don't really care that's its on or off?

***@FIREWALLV6(active)> set cli scripting-mode off
***@FIREWALLV6(active)> set cli scripting-mode
off off
on on

***@FIREWALLV6(active)> set cli scripting-mode

***@FIREWALLV5(active)> set cli scripting-mode off
***@FIREWALLV5(active)> set cli scripting-mode
off off
on on

***@FIREWALLV5(active)> set cli scripting-mode

-Chip

On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <***@deshawresearch.com> wrote:
Sorry, I meant ‘off’, you need to set it to off and then try the ? test.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Tuesday, June 17, 2014 2:48 PM

To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Here's what I get. I get the same result from a version 5.x PA. I removed the "set cli scripting-mode on" from the script to test. Version 5.x PA works and version 6.x PA end up with the same result.

***@FIREWALL(active)> set cli scripting-mode on
***@FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>

Invalid syntax.
***@FIREWALL(active)>

line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
PROMPT MATCH: ***@FIREWALL$active$[#>]
HIT COMMAND:***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
[***@server rancid]$

On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <***@deshawresearch.com> wrote:
Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I don’t run any in HA)

It looks to me like ‘set cli scripting-mode on’ is failing

To confirm this, login to the PA at command line, then type set cli scripting-mode on

Now type “set cli scripting-mode ?”

If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

Thanks Doug. I am running the most recent version, but for grins I replaced them anyway. Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <***@deshawresearch.com> wrote:
Yes, it’s working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z

Chip Pleasants

2014-06-18 12:51:37 UTC

Permalink

It doesn't appear to be a bug, because I think its operating as you
describe. When I turn on 'set cli scripting-mode on' it doesn't
autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be
going on?

Thanks,
Chip

On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <

Post by Hughes, Doug
Hrm. Yes, I had it correct the first time. (oof, busy day)
pager off
After each space, it does essentially a rewrite of the line as it tried to
âauto-correctâ you from typing the wrong thing. This gets in the way of
parsing with expect quite heavily, so I attempt to disable it as soon as
possible. If set cli scripting-mode on does not cause this to stop (and it
looks like it doesnât), then that appears to be a bug. You can also see
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
Invalid syntax.
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
^M^M
Welcome admin.^M
^M
Invalid syntax.^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M
Script done on Tue 17 Jun 2014 03:25:34 PM EDT
If 'set cli scripting-mode on' doesn't disable the 'space' feature, then
the rest of the expect is very iffy at best and difficult to manage
Here's another way to confirm the behavior
Type config <space>
If it autocompletes to 'configure', then cli scripting-mode is not on and
results *will* vary.
Disabling the pager is also important since it disables the --more-- when
show config is running.
I am running 6.0.2 but no HA on PA-3020 and PA-2050
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Tried it on both versions. Seems like they both yield the same result.
Doesn't the script turn cli scripting-mode on? Or do we don't really care
that's its on or off?
off off
on on
off off
on on
-Chip
On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.
Sent: Tuesday, June 17, 2014 2:48 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.
? is not one of <on|off>
Invalid syntax.
pager off
pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
Subject: [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found

Hughes, Doug

2014-06-18 15:35:40 UTC

Permalink

It doesnât look like it is from your very first debugging output:
COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

if scripting-mode was on, we wouldnât see the stuff in red. (html mode on to read). The fact that the extra prompts show up indicates that it is intercepting the spaces and attempting to do âhelpful command completionâ.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Wednesday, June 18, 2014 8:52 AM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

It doesn't appear to be a bug, because I think its operating as you describe. When I turn on 'set cli scripting-mode on' it doesn't autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be going on?

Thanks,
Chip

On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Hrm. Yes, I had it correct the first time. (oof, busy day)

âonâ is needed to prevent this âfeatureâ:
line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
After each space, it does essentially a rewrite of the line as it tried to âauto-correctâ you from typing the wrong thing. This gets in the way of parsing with expect quite heavily, so I attempt to disable it as soon as possible. If set cli scripting-mode on does not cause this to stop (and it looks like it doesnât), then that appears to be a bug. You can also see this by using type script:

Hereâs how it looks at the command line:
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
***@paloalto.en's<mailto:***@paloalto.en's> password:
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com<http://drdbcntl.en.desres.deshaw.com>
Welcome admin.
***@paloalto.en<mailto:***@paloalto.en>> set cli scripting-mode on
***@paloalto.en<mailto:***@paloalto.en>> set cli ? <ENTER here>

Invalid syntax.
***@paloalto.en<mailto:***@paloalto.en>> exit

Here's how it looks in the corresponding typescript file:
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
***@paloalto.en's<mailto:***@paloalto.en's> password: ^M
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com<http://drdbcntl.en.desres.deshaw.com>^M^M
Welcome admin.^M
***@paloalto.en<mailto:***@paloalto.en>> set ^M^[[***@paloalto.en> set cli ^M^[[***@paloalto.en>
set cli scripting-mode ^M^[[***@paloalto.en> set cli scripting-mode on^M
***@paloalto.en<mailto:***@paloalto.en>> set cli ?^M
^M
Invalid syntax.^M
***@paloalto.en<mailto:***@paloalto.en>> exit^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M

Script done on Tue 17 Jun 2014 03:25:34 PM EDT

If 'set cli scripting-mode on' doesn't disable the 'space' feature, then the rest of the expect is very iffy at best and difficult to manage

Here's another way to confirm the behavior

Type config <space>

If it autocompletes to 'configure', then cli scripting-mode is not on and results *will* vary.
Disabling the pager is also important since it disables the --more-- when show config is running.

I am running 6.0.2 but no HA on PA-3020 and PA-2050

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Tried it on both versions. Seems like they both yield the same result. Doesn't the script turn cli scripting-mode on? Or do we don't really care that's its on or off?

***@FIREWALLV6(active)> set cli scripting-mode off
***@FIREWALLV6(active)> set cli scripting-mode
off off
on on

***@FIREWALLV6(active)> set cli scripting-mode

***@FIREWALLV5(active)> set cli scripting-mode off
***@FIREWALLV5(active)> set cli scripting-mode
off off
on on

***@FIREWALLV5(active)> set cli scripting-mode

-Chip

On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 2:48 PM

To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Here's what I get. I get the same result from a version 5.x PA. I removed the "set cli scripting-mode on" from the script to test. Version 5.x PA works and version 6.x PA end up with the same result.

***@FIREWALL(active)> set cli scripting-mode on
***@FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>

Invalid syntax.
***@FIREWALL(active)>

line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
PROMPT MATCH: ***@FIREWALL$active$[#>]
HIT COMMAND:***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
#
[***@server rancid]$

On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I donât run any in HA)

It looks to me like âset cli scripting-mode onâ is failing

To confirm this, login to the PA at command line, then type set cli scripting-mode on

Now type âset cli scripting-mode ?â

If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Thanks Doug. I am running the most recent version, but for grins I replaced them anyway. Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Yes, itâs working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net>] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com<http://cmh1vlobs01.domain.com>
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : missed cmd(s): show config running
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : missed cmd(s): show config running
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : End of run not found
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : End of run not found

Chip Pleasants

2014-06-18 16:11:48 UTC

Permalink

I think I see what you are talking about now. Here are the two examples.
One from a version 6 and one from a version 5. Now the odd part is when
I perform this test manually turning on 'set cli scripting-mode on' it
doesn't auto-complete on versions 6.0.2 or 5.0.11. Would there be
a difference with the EatCommand portion of the script? Thanks for taking
the time to work with me Doug.

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
FIREWALLV5.domain.com

executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV5.domain.com

line: FIREWALLV5.domain.com

line: ***@FIREWALLV5(active)>

line: ***@FIREWALLV5(active)> set ***@FIREWALLV5(active)> set cli
***@FIREWALLV5(active)> set cli scripting-mode ***@FIREWALLV5(active)>
set cli scripting-mode on

PROMPT MATCH: ***@FIREWALLV5$active$[#>]

HIT COMMAND:***@FIREWALLV5(active)> set ***@FIREWALLV5(active)> set
cli ***@FIREWALLV5(active)> set cli scripting-mode
***@FIREWALLV5(active)>
set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand

HIT COMMAND:***@FIREWALLV5(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand

HIT COMMAND:***@FIREWALLV5(active)> show system info

COMMAND is: show system info|ShowInfo

In ShowInfo:: ***@FIREWALLV5(active)> show system info

HIT COMMAND:***@FIREWALLV5(active)> show config running

COMMAND is: show config running|ShowConfig

In ShowConfig: ***@FIREWALLV5(active)> show config running

line:

exiting

[***@cmh1vlobs01 rancid]$

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d
FIREWALLV6.domain.com

executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV6.domain.com

line: FIREWALLV6.domain.com

line: ***@FIREWALLV6(active)>

line: ***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set cli
***@FIREWALLV6(active)> set cli scripting-mode ***@FIREWALLV6(active)>
set cli scripting-mode on

PROMPT MATCH: ***@FIREWALLV6$active$[#>]

HIT COMMAND:***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set
cli ***@FIREWALLV6(active)> set cli scripting-mode
***@FIREWALLV6(active)>
set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand

HIT COMMAND:***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set
cli ***@FIREWALLV6(active)> set cli pager ***@FIREWALLV6(active)> set
cli pager off

COMMAND is: set cli pager off|EatCommand

HIT COMMAND:***@FIREWALLV6(active)> show ***@FIREWALLV6(active)> show
system ***@FIREWALLV6(active)> show system info

COMMAND is: show system info|ShowInfo

In ShowInfo:: ***@FIREWALLV6(active)> show ***@FIREWALLV6(active)>
show system ***@FIREWALLV6(active)> show system info

FIREWALLV6.domain.com: missed cmd(s): show config running

FIREWALLV6.domain.com: missed cmd(s): show config running

FIREWALLV6.domain.com: End of run not found

FIREWALLV6.domain.com: End of run not found

#

[***@cmh1vlobs01 rancid]$ !

-Chip

On Wed, Jun 18, 2014 at 11:35 AM, Hughes, Doug <

Post by Chip Pleasants
COMMAND is: show system info|ShowInfo
if scripting-mode was on, we wouldnât see the stuff in red. (html mode on
to read). The fact that the extra prompts show up indicates that it is
intercepting the spaces and attempting to do âhelpful command completionâ.
*Sent:* Wednesday, June 18, 2014 8:52 AM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
It doesn't appear to be a bug, because I think its operating as you
describe. When I turn on 'set cli scripting-mode on' it doesn't
autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be
going on?
Thanks,
Chip
On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <
Hrm. Yes, I had it correct the first time. (oof, busy day)
pager off
After each space, it does essentially a rewrite of the line as it tried to
âauto-correctâ you from typing the wrong thing. This gets in the way of
parsing with expect quite heavily, so I attempt to disable it as soon as
possible. If set cli scripting-mode on does not cause this to stop (and it
looks like it doesnât), then that appears to be a bug. You can also see
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
Invalid syntax.
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
^M^M
Welcome admin.^M
^M
Invalid syntax.^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M
Script done on Tue 17 Jun 2014 03:25:34 PM EDT
If 'set cli scripting-mode on' doesn't disable the 'space' feature, then
the rest of the expect is very iffy at best and difficult to manage
Here's another way to confirm the behavior
Type config <space>
If it autocompletes to 'configure', then cli scripting-mode is not on and
results *will* vary.
Disabling the pager is also important since it disables the --more-- when
show config is running.
I am running 6.0.2 but no HA on PA-3020 and PA-2050
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Tried it on both versions. Seems like they both yield the same result.
Doesn't the script turn cli scripting-mode on? Or do we don't really care
that's its on or off?
off off
on on
off off
on on
-Chip
On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.
Sent: Tuesday, June 17, 2014 2:48 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.
? is not one of <on|off>
Invalid syntax.
pager off
pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
Subject: [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found

Hughes, Doug

2014-06-18 17:14:38 UTC

Permalink

EatCommand just takes care of registering and aligning for the next command since that command doesnât produce any ouput, but you still need to do something with what echoes back to expect.

Your below panlogin to firewallv5 worked perfectly.
You can see it repeating each word and building until cli scripting-mode is on, and then everything after that works ok.

Yet it didnât work for firewallv6. This seems like a bug. Iâd open a case with support.paloaltonetworks.com to see whatâs going on. Something weird is causing the cli scripting-mode on to fail.

From: Chip Pleasants [mailto:***@gmail.com]
Sent: Wednesday, June 18, 2014 12:12 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net
Subject: Re: [rancid] Panrancid with PAN 6.0

I think I see what you are talking about now. Here are the two examples. One from a version 6 and one from a version 5. Now the odd part is when I perform this test manually turning on 'set cli scripting-mode on' it doesn't auto-complete on versions 6.0.2 or 5.0.11. Would there be a difference with the EatCommand portion of the script? Thanks for taking the time to work with me Doug.

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d FIREWALLV5.domain.com<http://FIREWALLV5.domain.com>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" FIREWALLV5.domain.com<http://FIREWALLV5.domain.com>
line: FIREWALLV5.domain.com<http://FIREWALLV5.domain.com>
line: ***@FIREWALLV5(active)>
line: ***@FIREWALLV5(active)> set ***@FIREWALLV5(active)> set cli ***@FIREWALLV5(active)> set cli scripting-mode ***@FIREWALLV5(active)> set cli scripting-mode on
PROMPT MATCH: ***@FIREWALLV5$active$[#>]
HIT COMMAND:***@FIREWALLV5(active)> set ***@FIREWALLV5(active)> set cli ***@FIREWALLV5(active)> set cli scripting-mode ***@FIREWALLV5(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@FIREWALLV5(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALLV5(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALLV5(active)> show system info
HIT COMMAND:***@FIREWALLV5(active)> show config running

COMMAND is: show config running|ShowConfig
In ShowConfig: ***@FIREWALLV5(active)> show config running
line:
exiting
[***@cmh1vlobs01 rancid]$

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>
line: FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>
line: ***@FIREWALLV6(active)>
line: ***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set cli ***@FIREWALLV6(active)> set cli scripting-mode ***@FIREWALLV6(active)> set cli scripting-mode on
PROMPT MATCH: ***@FIREWALLV6$active$[#>]
HIT COMMAND:***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set cli ***@FIREWALLV6(active)> set cli scripting-mode ***@FIREWALLV6(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@FIREWALLV6(active)> set ***@FIREWALLV6(active)> set cli ***@FIREWALLV6(active)> set cli pager ***@FIREWALLV6(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALLV6(active)> show ***@FIREWALLV6(active)> show system ***@FIREWALLV6(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALLV6(active)> show ***@FIREWALLV6(active)> show system ***@FIREWALLV6(active)> show system info
FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>: missed cmd(s): show config running
FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>: missed cmd(s): show config running
FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>: End of run not found
FIREWALLV6.domain.com<http://FIREWALLV6.domain.com>: End of run not found
#
[***@cmh1vlobs01 rancid]$ !

-Chip

On Wed, Jun 18, 2014 at 11:35 AM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
It doesnât look like it is from your very first debugging output:
COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

if scripting-mode was on, we wouldnât see the stuff in red. (html mode on to read). The fact that the extra prompts show up indicates that it is intercepting the spaces and attempting to do âhelpful command completionâ.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Wednesday, June 18, 2014 8:52 AM

To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

It doesn't appear to be a bug, because I think its operating as you describe. When I turn on 'set cli scripting-mode on' it doesn't autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be going on?

Thanks,
Chip

On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Hrm. Yes, I had it correct the first time. (oof, busy day)

âonâ is needed to prevent this âfeatureâ:
line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
After each space, it does essentially a rewrite of the line as it tried to âauto-correctâ you from typing the wrong thing. This gets in the way of parsing with expect quite heavily, so I attempt to disable it as soon as possible. If set cli scripting-mode on does not cause this to stop (and it looks like it doesnât), then that appears to be a bug. You can also see this by using type script:

Hereâs how it looks at the command line:
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
***@paloalto.en's<mailto:***@paloalto.en's> password:
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com<http://drdbcntl.en.desres.deshaw.com>
Welcome admin.
***@paloalto.en<mailto:***@paloalto.en>> set cli scripting-mode on
***@paloalto.en<mailto:***@paloalto.en>> set cli ? <ENTER here>

Invalid syntax.
***@paloalto.en<mailto:***@paloalto.en>> exit

Here's how it looks in the corresponding typescript file:
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
***@paloalto.en's<mailto:***@paloalto.en's> password: ^M
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com<http://drdbcntl.en.desres.deshaw.com>^M^M
Welcome admin.^M
***@paloalto.en<mailto:***@paloalto.en>> set ^M^[[***@paloalto.en> set cli ^M^[[***@paloalto.en>
set cli scripting-mode ^M^[[***@paloalto.en> set cli scripting-mode on^M
***@paloalto.en<mailto:***@paloalto.en>> set cli ?^M
^M
Invalid syntax.^M
***@paloalto.en<mailto:***@paloalto.en>> exit^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M

Script done on Tue 17 Jun 2014 03:25:34 PM EDT

If 'set cli scripting-mode on' doesn't disable the 'space' feature, then the rest of the expect is very iffy at best and difficult to manage

Here's another way to confirm the behavior

Type config <space>

If it autocompletes to 'configure', then cli scripting-mode is not on and results *will* vary.
Disabling the pager is also important since it disables the --more-- when show config is running.

I am running 6.0.2 but no HA on PA-3020 and PA-2050

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Tried it on both versions. Seems like they both yield the same result. Doesn't the script turn cli scripting-mode on? Or do we don't really care that's its on or off?

***@FIREWALLV6(active)> set cli scripting-mode off
***@FIREWALLV6(active)> set cli scripting-mode
off off
on on

***@FIREWALLV6(active)> set cli scripting-mode

***@FIREWALLV5(active)> set cli scripting-mode off
***@FIREWALLV5(active)> set cli scripting-mode
off off
on on

***@FIREWALLV5(active)> set cli scripting-mode

-Chip

On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 2:48 PM

To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Here's what I get. I get the same result from a version 5.x PA. I removed the "set cli scripting-mode on" from the script to test. Version 5.x PA works and version 6.x PA end up with the same result.

***@FIREWALL(active)> set cli scripting-mode on
***@FIREWALL(active)> set cli scripting-mode ?
? is not one of <on|off>

Invalid syntax.
***@FIREWALL(active)>

line: ***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off
PROMPT MATCH: ***@FIREWALL$active$[#>]
HIT COMMAND:***@FIREWALL(active)> set ***@FIREWALL(active)> set cli ***@FIREWALL(active)> set cli pager ***@FIREWALL(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@FIREWALL(active)> show ***@FIREWALL(active)> show system ***@FIREWALL(active)> show system info
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: missed cmd(s): show config running
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
FIREWALL.dswinc.net<http://FIREWALL.dswinc.net>: End of run not found
#
[***@server rancid]$

On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Ah, you are running in HA mode I see. That could be throwing things off, but I think I fixed that in 2013 sometime.
(I donât run any in HA)

It looks to me like âset cli scripting-mode onâ is failing

To confirm this, login to the PA at command line, then type set cli scripting-mode on

Now type âset cli scripting-mode ?â

If you get any sort of command completion, the cli scripting mode setting is not working and needs to be turned into a PA bug report. That is what it looks like it is happening by looking at the command staggering for subsequent lines.

From: Chip Pleasants [mailto:***@gmail.com<mailto:***@gmail.com>]
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Cc: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: Re: [rancid] Panrancid with PAN 6.0

Thanks Doug. I am running the most recent version, but for grins I replaced them anyway. Still seeing the issue on two sets. The others seem to work fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <***@deshawresearch.com<mailto:***@deshawresearch.com>> wrote:
Yes, itâs working for me. Are you using the latest? (attached)

From: Rancid-discuss [mailto:rancid-discuss-***@shrubbery.net<mailto:rancid-discuss-***@shrubbery.net>] On Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
To: rancid-***@shrubbery.net<mailto:rancid-***@shrubbery.net>
Subject: [rancid] Panrancid with PAN 6.0

Does anyone have Panrancid working with PAN version 6.0.2? I have four sets running PAN version 5.0.11 without an issues. Once I upgraded one set the script times out. Below is a debug. Let me know if you have any questions.

Cheers,

Chip

[***@cmh1vlobs01 rancid]$ /usr/libexec/rancid/panrancid -d cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager off;show system info;show config running" cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com>
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line:
line: Password:
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com<http://cmh1vlobs01.domain.com>
line: Welcome rancid.
line:
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)>
line: ***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on
PROMPT MATCH: ***@CMH1-Z4-F01$active$[#>]
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli scripting-mode ***@CMH1-Z4-F01(active)> set cli scripting-mode on

COMMAND is: set cli scripting-mode on|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> set ***@CMH1-Z4-F01(active)> set cli ***@CMH1-Z4-F01(active)> set cli pager ***@CMH1-Z4-F01(active)> set cli pager off

COMMAND is: set cli pager off|EatCommand
HIT COMMAND:***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info

COMMAND is: show system info|ShowInfo
In ShowInfo:: ***@CMH1-Z4-F01(active)> show ***@CMH1-Z4-F01(active)> show system ***@CMH1-Z4-F01(active)> show system info
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : missed cmd(s): show config running
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : missed cmd(s): show config running
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : End of run not found
cmh1-z4-f01.domain.com<http://cmh1-z4-f01.domain.com> : End of run not found

Chip Pleasants

2014-06-18 17:27:22 UTC

Permalink

I can open a ticket, but I'm concerned that I can not show them an example
of it broke besides the script. They may work with me if can't show its
broke manually. Thanks again Doug for assistance.

-Chip

Post by Hughes, Doug
EatCommand just takes care of registering and aligning for the next
command since that command doesnât produce any ouput, but you still need to
do something with what echoes back to expect.
Your below panlogin to firewallv5 worked perfectly.
You can see it repeating each word and building until cli scripting-mode
is on, and then everything after that works ok.
Yet it didnât work for firewallv6. This seems like a bug. Iâd open a case
with support.paloaltonetworks.com to see whatâs going on. Something weird
is causing the cli scripting-mode on to fail.
*Sent:* Wednesday, June 18, 2014 12:12 PM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
I think I see what you are talking about now. Here are the two examples.
One from a version 6 and one from a version 5. Now the odd part is when
I perform this test manually turning on 'set cli scripting-mode on' it
doesn't auto-complete on versions 6.0.2 or 5.0.11. Would there be
a difference with the EatCommand portion of the script? Thanks for taking
the time to work with me Doug.
FIREWALLV5.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV5.domain.com
line: FIREWALLV5.domain.com
set cli scripting-mode on
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
COMMAND is: show config running|ShowConfig
exiting
FIREWALLV6.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV6.domain.com
line: FIREWALLV6.domain.com
set cli scripting-mode on
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALLV6.domain.com: missed cmd(s): show config running
FIREWALLV6.domain.com: missed cmd(s): show config running
FIREWALLV6.domain.com: End of run not found
FIREWALLV6.domain.com: End of run not found
#
-Chip
On Wed, Jun 18, 2014 at 11:35 AM, Hughes, Doug <
COMMAND is: show system info|ShowInfo
if scripting-mode was on, we wouldnât see the stuff in red. (html mode on
to read). The fact that the extra prompts show up indicates that it is
intercepting the spaces and attempting to do âhelpful command completionâ.
*Sent:* Wednesday, June 18, 2014 8:52 AM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
It doesn't appear to be a bug, because I think its operating as you
describe. When I turn on 'set cli scripting-mode on' it doesn't
autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be
going on?
Thanks,
Chip
On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <
Hrm. Yes, I had it correct the first time. (oof, busy day)
pager off
After each space, it does essentially a rewrite of the line as it tried to
âauto-correctâ you from typing the wrong thing. This gets in the way of
parsing with expect quite heavily, so I attempt to disable it as soon as
possible. If set cli scripting-mode on does not cause this to stop (and it
looks like it doesnât), then that appears to be a bug. You can also see
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
Invalid syntax.
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
^M^M
Welcome admin.^M
^M
Invalid syntax.^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M
Script done on Tue 17 Jun 2014 03:25:34 PM EDT
If 'set cli scripting-mode on' doesn't disable the 'space' feature, then
the rest of the expect is very iffy at best and difficult to manage
Here's another way to confirm the behavior
Type config <space>
If it autocompletes to 'configure', then cli scripting-mode is not on and
results *will* vary.
Disabling the pager is also important since it disables the --more-- when
show config is running.
I am running 6.0.2 but no HA on PA-3020 and PA-2050
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Tried it on both versions. Seems like they both yield the same result.
Doesn't the script turn cli scripting-mode on? Or do we don't really care
that's its on or off?
off off
on on
off off
on on
-Chip
On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.
Sent: Tuesday, June 17, 2014 2:48 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.
? is not one of <on|off>
Invalid syntax.
pager off
pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
Subject: [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found

Peter Jackson

2014-09-15 18:30:05 UTC

Permalink

Chip, did you get RANCID working with PAN 6? I had the same or similar
issue as you and we are running HA.

I had updated to Doug's latest version of panrancid but was on an old
version of panlogin (that set 'pager off'). After I updated panlogin
RANCID works as expected.

Post by Chip Pleasants
I can open a ticket, but I'm concerned that I can not show them an example
of it broke besides the script. They may work with me if can't show its
broke manually. Thanks again Doug for assistance.
-Chip

Post by Hughes, Doug
EatCommand just takes care of registering and aligning for the next
command since that command doesnât produce any ouput, but you still need to
do something with what echoes back to expect.
Your below panlogin to firewallv5 worked perfectly.
You can see it repeating each word and building until cli scripting-mode
is on, and then everything after that works ok.
Yet it didnât work for firewallv6. This seems like a bug. Iâd open a case
with support.paloaltonetworks.com to see whatâs going on. Something
weird is causing the cli scripting-mode on to fail.
*Sent:* Wednesday, June 18, 2014 12:12 PM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
I think I see what you are talking about now. Here are the two examples.
One from a version 6 and one from a version 5. Now the odd part is when
I perform this test manually turning on 'set cli scripting-mode on' it
doesn't auto-complete on versions 6.0.2 or 5.0.11. Would there be
a difference with the EatCommand portion of the script? Thanks for taking
the time to work with me Doug.
FIREWALLV5.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV5.domain.com
line: FIREWALLV5.domain.com
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
COMMAND is: show config running|ShowConfig
exiting
FIREWALLV6.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" FIREWALLV6.domain.com
line: FIREWALLV6.domain.com
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALLV6.domain.com: missed cmd(s): show config running
FIREWALLV6.domain.com: missed cmd(s): show config running
FIREWALLV6.domain.com: End of run not found
FIREWALLV6.domain.com: End of run not found
#
-Chip
On Wed, Jun 18, 2014 at 11:35 AM, Hughes, Doug <
COMMAND is: show system info|ShowInfo
if scripting-mode was on, we wouldnât see the stuff in red. (html mode on
to read). The fact that the extra prompts show up indicates that it is
intercepting the spaces and attempting to do âhelpful command completionâ.
*Sent:* Wednesday, June 18, 2014 8:52 AM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
It doesn't appear to be a bug, because I think its operating as you
describe. When I turn on 'set cli scripting-mode on' it doesn't
autocomplete on versions 6.0.2 or 5.0.11. Any other thoughts what could be
going on?
Thanks,
Chip
On Tue, Jun 17, 2014 at 3:34 PM, Hughes, Doug <
Hrm. Yes, I had it correct the first time. (oof, busy day)
pager off
After each space, it does essentially a rewrite of the line as it tried
to âauto-correctâ you from typing the wrong thing. This gets in the way of
parsing with expect quite heavily, so I attempt to disable it as soon as
possible. If set cli scripting-mode on does not cause this to stop (and it
looks like it doesnât), then that appears to be a bug. You can also see
Drdgpfs0002:/tmp$ script
drdgpfs0002:/tmp$ ssh -l admin paloalto.en
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
Welcome admin.
Invalid syntax.
i Script started on Tue 17 Jun 2014 03:25:13 PM EDT
drdgpfs0002:/tmp$ ssh -l admin paloalto
Last login: Tue Jun 17 15:05:06 2014 from drdbcntl.en.desres.deshaw.com
^M^M
Welcome admin.^M
^M
Invalid syntax.^M
Connection to paloalto.en closed.^M^M
drdgpfs0002:/tmp$ exit^M^M
exit^M
Script done on Tue 17 Jun 2014 03:25:34 PM EDT
If 'set cli scripting-mode on' doesn't disable the 'space' feature, then
the rest of the expect is very iffy at best and difficult to manage
Here's another way to confirm the behavior
Type config <space>
If it autocompletes to 'configure', then cli scripting-mode is not on and
results *will* vary.
Disabling the pager is also important since it disables the --more-- when
show config is running.
I am running 6.0.2 but no HA on PA-3020 and PA-2050
Sent: Tuesday, June 17, 2014 3:21 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Tried it on both versions. Seems like they both yield the same result.
Doesn't the script turn cli scripting-mode on? Or do we don't really care
that's its on or off?
off off
on on
off off
on on
-Chip
On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.
Sent: Tuesday, June 17, 2014 2:48 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.
? is not one of <on|off>
Invalid syntax.
pager off
cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
Sent: Tuesday, June 17, 2014 1:39 PM
To: Hughes, Doug
Subject: Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of Chip Pleasants
Sent: Monday, June 16, 2014 2:01 PM
Subject: [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and
civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : missed cmd(s): show config running
cmh1-z4-f01.domain.com : End of run not found
cmh1-z4-f01.domain.com : End of run not found

_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo/rancid-discuss

Chip Pleasants

2014-06-17 19:20:46 UTC

Permalink

Tried it on both versions. Seems like they both yield the same result.
Doesn't the script turn cli scripting-mode on? Or do we don't really care
that's its on or off?

***@FIREWALLV6(active)> set cli scripting-mode off
***@FIREWALLV6(active)> set cli scripting-mode
off off
on on

***@FIREWALLV6(active)> set cli scripting-mode

***@FIREWALLV5(active)> set cli scripting-mode off
***@FIREWALLV5(active)> set cli scripting-mode
off off
on on

***@FIREWALLV5(active)> set cli scripting-mode

-Chip

On Tue, Jun 17, 2014 at 3:10 PM, Hughes, Doug <

Post by Hughes, Doug
Sorry, I meant âoffâ, you need to set it to off and then try the ? test.
*Sent:* Tuesday, June 17, 2014 2:48 PM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
Here's what I get. I get the same result from a version 5.x PA. I removed
the "set cli scripting-mode on" from the script to test. Version 5.x PA
works and version 6.x PA end up with the same result.
? is not one of <on|off>
Invalid syntax.
pager off
pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: missed cmd(s): show config running
FIREWALL.dswinc.net: End of run not found
FIREWALL.dswinc.net: End of run not found
#
On Tue, Jun 17, 2014 at 2:28 PM, Hughes, Doug <
Ah, you are running in HA mode I see. That could be throwing things off,
but I think I fixed that in 2013 sometime.
(I donât run any in HA)
It looks to me like âset cli scripting-mode onâ is failing
To confirm this, login to the PA at command line, then type set cli scripting-mode on
Now type âset cli scripting-mode ?â
If you get any sort of command completion, the cli scripting mode setting
is not working and needs to be turned into a PA bug report. That is what it
looks like it is happening by looking at the command staggering for
subsequent lines.
*Sent:* Tuesday, June 17, 2014 1:39 PM
*To:* Hughes, Doug
*Subject:* Re: [rancid] Panrancid with PAN 6.0
Thanks Doug. I am running the most recent version, but for grins I
replaced them anyway. Still seeing the issue on two sets. The others seem
to work fine. Anything I provide that help find the trouble?
-Chip
On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of *Chip Pleasants
*Sent:* Monday, June 16, 2014 2:01 PM
*Subject:* [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found

Chip Pleasants

2014-06-17 17:39:21 UTC

Permalink

Thanks Doug. I am running the most recent version, but for grins I replaced
them anyway. Still seeing the issue on two sets. The others seem to work
fine. Anything I provide that help find the trouble?

-Chip

On Mon, Jun 16, 2014 at 4:37 PM, Hughes, Doug <

Post by Hughes, Doug
Yes, itâs working for me. Are you using the latest? (attached)
Behalf Of *Chip Pleasants
*Sent:* Monday, June 16, 2014 2:01 PM
*Subject:* [rancid] Panrancid with PAN 6.0
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP Incorporated.
line: It is for authorized users only. Unauthorized users are prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit expectation of
line: privacy. Any or all uses of this system may be subject to one or more of the
line: following actions: interception, monitoring, recording, auditing, inspection and
line: disclosing to security personnel and law enforcement personnel, as well as
line: authorized officials of other agencies, both domestic and foreign. By using this
line: system, the user consents to these actions. Unauthorized or improper use of
line: this system may result in administrative disciplinary action and civil and criminal
line: penalties. By accessing this system you indicate your awareness of and
line: consent to these terms and conditions of use. Discontinue access immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found

Chip Pleasants

2014-09-15 20:18:13 UTC

Permalink

Just found out what it was the day. Apparently the local on account on the
firewalls changed roles, which disabled the set commands. I'm a bonehead.
I swear I could run the commands manually after the upgrade. Thanks for
checking in with me.

-Chip

Post by Chip Pleasants
Does anyone have Panrancid working with PAN version 6.0.2? I have four
sets running PAN version 5.0.11 without an issues. Once I upgraded one set
the script times out. Below is a debug. Let me know if you have any
questions.
Cheers,
Chip
cmh1-z4-f01.domain.com
executing panlogin -t 90 -c"set cli scripting-mode on;set cli pager
off;show system info;show config running" cmh1-z4-f01.domain.com
line: cmh1-z4-f01.domain.com
line: spawn ssh -c 3des -x -l rancid cmh1-z4-f01.domain.com
line: NOTICE TO USERS
line: This is an official computer system and is the property of POOP
Incorporated.
line: It is for authorized users only. Unauthorized users are
prohibited.
line: Users (authorized or unauthorized) have no explicit or implicit
expectation of
line: privacy. Any or all uses of this system may be subject to one or
more of the
line: following actions: interception, monitoring, recording, auditing,
inspection and
line: disclosing to security personnel and law enforcement personnel, as
well as
line: authorized officials of other agencies, both domestic and foreign.
By using this
line: system, the user consents to these actions. Unauthorized or
improper use of
line: this system may result in administrative disciplinary action and
civil and criminal
line: penalties. By accessing this system you indicate your awareness
of and
line: consent to these terms and conditions of use. Discontinue access
immediately
line: if you do not agree to the conditions stated in this notice.
line: Last login: Mon Jun 16 08:00:00 2014 from cmh1vlobs01.domain.com
line: Welcome rancid.
set cli scripting-mode on
COMMAND is: set cli scripting-mode on|EatCommand
set cli pager off
COMMAND is: set cli pager off|EatCommand
COMMAND is: show system info|ShowInfo
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : missed cmd(s): show config running
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found
cmh1-z4-f01. <http://cmh1-z4-f01.dswinc.net/>domain.com
<http://cmh1-z4-f01.domain.com/> : End of run not found