Dale Shaw
2010-03-09 05:27:03 UTC
Hi all,
I'm running RANCID 2.3.2 on Ubuntu 9.04.
I'm trying to collect configs from a bunch of Cisco ASA 5500 series firewalls.
Recently we brought them into production and as part of that exercise,
enabled AAA (TACACS). The command set doesn't permit some of the
commands RANCID is attempting to execute. It looks like it's bombing
out when parsing the output from 'dir /all disk0:', which in this case
is "Command authorization failed".
I'll probably just end up adding this command to the authorised set,
but am I missing something or is this behaviour a bit .. ungraceful?
:-)
rancid -d and clogin -c output below.
Cheers,
Dale
***@utility:/usr/local/rancid/var/customer-all/configs$ sudo -u
rancid /usr/local/rancid/bin/rancid -d customer-fw01
executing clogin -t 90 -c"admin show version;show version;show
redundancy secondary;show idprom backplane;show install active;admin
show env all;show env all;show rsp chassis-info;show gsr chassis;show
diag chassis-info;show boot;show bootvar;admin show variables
boot;show variables boot;show flash;dir /all nvram:;dir /all
bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all
disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all
sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all
slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all
slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all
slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir
/all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
controllers;show controllers cbus;show diagbus;admin show diag;show
diag;show module;show spe version;show c7200;show inventory raw;show
vtp status;show vlan;show vlan-switch;show debug;more
system:running-config;show running-config;write term" customer-fw01
PROMPT MATCH: CUSTOMER-FW01#
HIT COMMAND:CUSTOMER-FW01# admin show version
In ShowVersion: CUSTOMER-FW01# admin show version
HIT COMMAND:CUSTOMER-FW01# show version
In ShowVersion: CUSTOMER-FW01# show version
HIT COMMAND:CUSTOMER-FW01# show redundancy secondary
In ShowRedundancy: CUSTOMER-FW01# show redundancy secondary
HIT COMMAND:CUSTOMER-FW01# show idprom backplane
In ShowIDprom: CUSTOMER-FW01# show idprom backplane
HIT COMMAND:CUSTOMER-FW01# show install active
In ShowInstallActive: CUSTOMER-FW01# show install active
HIT COMMAND:CUSTOMER-FW01# admin show env all
In ShowEnv: CUSTOMER-FW01# admin show env all
HIT COMMAND:CUSTOMER-FW01# show env all
In ShowEnv: CUSTOMER-FW01# show env all
HIT COMMAND:CUSTOMER-FW01# show rsp chassis-info
In ShowRSP: CUSTOMER-FW01# show rsp chassis-info
HIT COMMAND:CUSTOMER-FW01# show gsr chassis
In ShowGSR: CUSTOMER-FW01# show gsr chassis
HIT COMMAND:CUSTOMER-FW01# show diag chassis-info
In ShowGSR: CUSTOMER-FW01# show diag chassis-info
HIT COMMAND:CUSTOMER-FW01# show boot
In ShowBoot: CUSTOMER-FW01# show boot
HIT COMMAND:CUSTOMER-FW01# show bootvar
In ShowBoot: CUSTOMER-FW01# show bootvar
HIT COMMAND:CUSTOMER-FW01# admin show variables boot
In ShowBoot: CUSTOMER-FW01# admin show variables boot
HIT COMMAND:CUSTOMER-FW01# show variables boot
In ShowBoot: CUSTOMER-FW01# show variables boot
HIT COMMAND:CUSTOMER-FW01# show flash
In ShowFlash: CUSTOMER-FW01# show flash
HIT COMMAND:CUSTOMER-FW01# dir /all nvram:
In DirSlotN: CUSTOMER-FW01# dir /all nvram:
HIT COMMAND:CUSTOMER-FW01# dir /all bootflash:
In DirSlotN: CUSTOMER-FW01# dir /all bootflash:
HIT COMMAND:CUSTOMER-FW01# dir /all slot0:
In DirSlotN: CUSTOMER-FW01# dir /all slot0:
HIT COMMAND:CUSTOMER-FW01# dir /all disk0:
In DirSlotN: CUSTOMER-FW01# dir /all disk0:
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*CUSTOMER([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprom..."
(procedure "run_commands" line 39)
invoked from within
"run_commands $prompt $command"
("foreach" body line 149)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/usr/local/rancid/bin/clogin" line 723)
***@utility:~$ clogin -c "dir /all disk0:" customer-fw01
customer-fw01
spawn ssh -c 3des -x -l user customer-fw01
***@customer-fw01's password:
Type help or '?' for a list of available commands.
CUSTOMER-FW01> enable
Password: ********
CUSTOMER-FW01#
CUSTOMER-FW01# terminal length 0
^
ERROR: % Invalid input detected at '^' marker.
CUSTOMER-FW01# dir /all disk0:
Command authorization failed
CUSTOMER-FW01#exit
Logoff
Connection to customer-fw01 closed.
I'm running RANCID 2.3.2 on Ubuntu 9.04.
I'm trying to collect configs from a bunch of Cisco ASA 5500 series firewalls.
Recently we brought them into production and as part of that exercise,
enabled AAA (TACACS). The command set doesn't permit some of the
commands RANCID is attempting to execute. It looks like it's bombing
out when parsing the output from 'dir /all disk0:', which in this case
is "Command authorization failed".
I'll probably just end up adding this command to the authorised set,
but am I missing something or is this behaviour a bit .. ungraceful?
:-)
rancid -d and clogin -c output below.
Cheers,
Dale
***@utility:/usr/local/rancid/var/customer-all/configs$ sudo -u
rancid /usr/local/rancid/bin/rancid -d customer-fw01
executing clogin -t 90 -c"admin show version;show version;show
redundancy secondary;show idprom backplane;show install active;admin
show env all;show env all;show rsp chassis-info;show gsr chassis;show
diag chassis-info;show boot;show bootvar;admin show variables
boot;show variables boot;show flash;dir /all nvram:;dir /all
bootflash:;dir /all slot0:;dir /all disk0:;dir /all slot1:;dir /all
disk1:;dir /all slot2:;dir /all disk2:;dir /all harddisk:;dir /all
harddiska:;dir /all harddiskb:;dir /all sup-bootflash:;dir /all
sup-microcode:;dir /all slavenvram:;dir /all slavebootflash:;dir /all
slaveslot0:;dir /all slavedisk0:;dir /all slaveslot1:;dir /all
slavedisk1:;dir /all slaveslot2:;dir /all slavedisk2:;dir /all
slavesup-bootflash:;dir /all sec-nvram:;dir /all sec-bootflash:;dir
/all sec-slot0:;dir /all sec-disk0:;dir /all sec-slot1:;dir /all
sec-disk1:;dir /all sec-slot2:;dir /all sec-disk2:;show
controllers;show controllers cbus;show diagbus;admin show diag;show
diag;show module;show spe version;show c7200;show inventory raw;show
vtp status;show vlan;show vlan-switch;show debug;more
system:running-config;show running-config;write term" customer-fw01
PROMPT MATCH: CUSTOMER-FW01#
HIT COMMAND:CUSTOMER-FW01# admin show version
In ShowVersion: CUSTOMER-FW01# admin show version
HIT COMMAND:CUSTOMER-FW01# show version
In ShowVersion: CUSTOMER-FW01# show version
HIT COMMAND:CUSTOMER-FW01# show redundancy secondary
In ShowRedundancy: CUSTOMER-FW01# show redundancy secondary
HIT COMMAND:CUSTOMER-FW01# show idprom backplane
In ShowIDprom: CUSTOMER-FW01# show idprom backplane
HIT COMMAND:CUSTOMER-FW01# show install active
In ShowInstallActive: CUSTOMER-FW01# show install active
HIT COMMAND:CUSTOMER-FW01# admin show env all
In ShowEnv: CUSTOMER-FW01# admin show env all
HIT COMMAND:CUSTOMER-FW01# show env all
In ShowEnv: CUSTOMER-FW01# show env all
HIT COMMAND:CUSTOMER-FW01# show rsp chassis-info
In ShowRSP: CUSTOMER-FW01# show rsp chassis-info
HIT COMMAND:CUSTOMER-FW01# show gsr chassis
In ShowGSR: CUSTOMER-FW01# show gsr chassis
HIT COMMAND:CUSTOMER-FW01# show diag chassis-info
In ShowGSR: CUSTOMER-FW01# show diag chassis-info
HIT COMMAND:CUSTOMER-FW01# show boot
In ShowBoot: CUSTOMER-FW01# show boot
HIT COMMAND:CUSTOMER-FW01# show bootvar
In ShowBoot: CUSTOMER-FW01# show bootvar
HIT COMMAND:CUSTOMER-FW01# admin show variables boot
In ShowBoot: CUSTOMER-FW01# admin show variables boot
HIT COMMAND:CUSTOMER-FW01# show variables boot
In ShowBoot: CUSTOMER-FW01# show variables boot
HIT COMMAND:CUSTOMER-FW01# show flash
In ShowFlash: CUSTOMER-FW01# show flash
HIT COMMAND:CUSTOMER-FW01# dir /all nvram:
In DirSlotN: CUSTOMER-FW01# dir /all nvram:
HIT COMMAND:CUSTOMER-FW01# dir /all bootflash:
In DirSlotN: CUSTOMER-FW01# dir /all bootflash:
HIT COMMAND:CUSTOMER-FW01# dir /all slot0:
In DirSlotN: CUSTOMER-FW01# dir /all slot0:
HIT COMMAND:CUSTOMER-FW01# dir /all disk0:
In DirSlotN: CUSTOMER-FW01# dir /all disk0:
write(spawn_id=1): broken pipe
while executing
"send_user -- "$expect_out(buffer)""
invoked from within
"expect -nobrace -re+ { exp_continue } -re {^[^
*]*CUSTOMER([^#>\r\n]+)?[#>](\([^)\r\n]+\))?} { send_user --
"$expect_out(buffer)"
} -re {..."
invoked from within
"expect {
-re "\b+" { exp_continue }
-re "^\[^\n\r *]*$reprompt" { send_user --
"$expect_out(buffer)"
}
-re "^\[^\n\r]*$reprom..."
(procedure "run_commands" line 39)
invoked from within
"run_commands $prompt $command"
("foreach" body line 149)
invoked from within
"foreach router [lrange $argv $i end] {
set router [string tolower $router]
# attempt at platform switching.
set platform ""
send_user ..."
(file "/usr/local/rancid/bin/clogin" line 723)
***@utility:~$ clogin -c "dir /all disk0:" customer-fw01
customer-fw01
spawn ssh -c 3des -x -l user customer-fw01
***@customer-fw01's password:
Type help or '?' for a list of available commands.
CUSTOMER-FW01> enable
Password: ********
CUSTOMER-FW01#
CUSTOMER-FW01# terminal length 0
^
ERROR: % Invalid input detected at '^' marker.
CUSTOMER-FW01# dir /all disk0:
Command authorization failed
CUSTOMER-FW01#exit
Logoff
Connection to customer-fw01 closed.