[rancid] Help with Removing encrypted secret

Discussion:

Khurram Khan

2013-02-20 10:17:51 UTC

Hello All,

I've been lurking around the mailing list trying to find a solution to my
issue. I'm trying to grab configuration from a Cisco ASR5000 which contains
the configuration in the form of:

spi remote-address 192.168.3.50 spi-number 256 encrypted secret
ba8533de9d50051d04c124ccebb16563 description "REMOTE-1"

Regex is not one of my forte's , and so far I've got the following to
remove the encrypted key from the configuration which doesn't seem to be
working

if (/(\s+spi remote-address (.*) spi-number (.*) encrypted secret .*
description .* )/ && $filter_pwds >= 1) {
ProcessHistory("ADMIN","","","#spi remote-address $1 spi-number
$2 encrypted secret <removed> description $4 $5\n");
next;
}

the result that I get in the configuration looks like:

#spi remote-address spi remote-address 192.168.3.50 spi-number 256
encrypted secret ba8533de9d50051d04c124ccebb16563 description "REMOTE-1"
spi-number encrypted secret <removed> description

i'm pretty sure i'm missing something in regex. If someone could point me
in the right direction, I would really appreciate it.

Thank you in advance!

Scott Brynen

2013-02-20 15:46:22 UTC

Permalink

The $1 is matching the entire matched string because you put () around the whole thing
What you're looking for is:
if (/#spi remote-address (.*) spi-number (.*) encrypted secret .* description (.*)/ && $filter_pwds >= 1) {
ProcessHistory("ADMIN","","","#spi remote-address $1 spi-number $2 encrypted secret <removed> description $3\n");
next;
}

Scott Brynen
Systems Operations Lead | Vision Critical
direct +1.604.638.9804 mobile +1.778.788.0543
web visioncritical.com<http://www.visioncritical.com>
From: rancid-discuss-***@shrubbery.net [mailto:rancid-discuss-***@shrubbery.net] On Behalf Of Khurram Khan
Sent: Wednesday, February 20, 2013 2:18 AM
To: rancid-***@shrubbery.net
Subject: [rancid] Help with Removing encrypted secret

Hello All,

I've been lurking around the mailing list trying to find a solution to my issue. I'm trying to grab configuration from a Cisco ASR5000 which contains the configuration in the form of:

spi remote-address 192.168.3.50 spi-number 256 encrypted secret ba8533de9d50051d04c124ccebb16563 description "REMOTE-1"

Regex is not one of my forte's , and so far I've got the following to remove the encrypted key from the configuration which doesn't seem to be working

if (/(\s+spi remote-address (.*) spi-number (.*) encrypted secret .* description .* )/ && $filter_pwds >= 1) {
ProcessHistory("ADMIN","","","#spi remote-address $1 spi-number $2 encrypted secret <removed> description $4 $5\n");
next;
}

the result that I get in the configuration looks like:

#spi remote-address spi remote-address 192.168.3.50 spi-number 256 encrypted secret ba8533de9d50051d04c124ccebb16563 description "REMOTE-1" spi-number encrypted secret <removed> description

i'm pretty sure i'm missing something in regex. If someone could point me in the right direction, I would really appreciate it.

Thank you in advance!

Khurram Khan

2013-02-20 17:29:30 UTC

Permalink

Thank you Scott for pointing me in the right direction. Taking your example
I tweaked this a little which looks like it worked. The final regex looks
like:

if (/\s+spi remote-address (.*) spi-number (.*) encrypted secret .*
description (.*)/ && $filter_pwds >= 1) {
ProcessHistory("ADMIN","","","#spi remote-address $1 spi-number
$2 encrypted secret <removed> description $3\n");
next;
}

and the configuration now looks like:

#spi remote-address 192.168.3.50 spi-number 256 encrypted secret
<removed> description "REMOTE-1"

On Wed, Feb 20, 2013 at 8:46 AM, Scott Brynen <

Post by Scott Brynen
The $1 is matching the entire matched string because you put () around
the whole thing****
What you're looking for is:****
if (/#spi remote-address (.*) spi-number (.*) encrypted secret .*
description (.*)/ && $filter_pwds >= 1) {****
ProcessHistory("ADMIN","","","#spi remote-address $1
spi-number $2 encrypted secret <removed> description $3\n");****
next;****
}****
** **
** **
** **
** **
*Scott Brynen*
Systems Operations Lead | Vision Critical
direct +1.604.638.9804 mobile +1.778.788.0543
web visioncritical.com <http://www.visioncritical.com> ****
*Sent:* Wednesday, February 20, 2013 2:18 AM
*Subject:* [rancid] Help with Removing encrypted secret****
** **
Hello All,****
** **
I've been lurking around the mailing list trying to find a solution to my
issue. I'm trying to grab configuration from a Cisco ASR5000 which contains
the configuration in the form of:****
** **
spi remote-address 192.168.3.50 spi-number 256 encrypted secret
ba8533de9d50051d04c124ccebb16563 description "REMOTE-1" ****
** **
Regex is not one of my forte's , and so far I've got the following to
remove the encrypted key from the configuration which doesn't seem to be
working****
** **
if (/(\s+spi remote-address (.*) spi-number (.*) encrypted secret
.* description .* )/ && $filter_pwds >= 1) {****
ProcessHistory("ADMIN","","","#spi remote-address $1
spi-number $2 encrypted secret <removed> description $4 $5\n");****
next;****
}****
** **
the result that I get in the configuration looks like:****
** **
#spi remote-address spi remote-address 192.168.3.50 spi-number 256
encrypted secret ba8533de9d50051d04c124ccebb16563 description "REMOTE-1"
spi-number encrypted secret <removed> description ****
** **
i'm pretty sure i'm missing something in regex. If someone could point me
in the right direction, I would really appreciate it. ****
** **
Thank you in advance!****
** **
** **

--
- kk