Discussion:
[rancid] terminal width on Cisco ASA
P C
2011-09-08 16:26:52 UTC
Permalink
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.

Is this some sort of variable I can set so the output does not get
kicked to the next line like this?

Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?

I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.

+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
Chris Gauthier
2011-09-08 16:41:39 UTC
Permalink
I find that I get wrapped lines and combined lines occasionally in the email, but is stored correctly in the repository. It's never been that big of a deal to me, so I just live with it and recognize it's something to do with diff and email. I'll see if I can find an example and forward it on.


Chris Gauthier, CCNA Security
Network Administrator
Maps Credit Union
v: 503.588.0181 x3401
f: 503.779.1083
https://www.mapscu.com
-----Original Message-----
Sent: Thursday, September 08, 2011 9:27 AM
Subject: [rancid] terminal width on Cisco ASA
How is the terminal width communicated to the Cisco security appliance by
rancid-run when kicked off via crontab? I am getting output in my alerts like
this, almost like it's cutting off at ~60-70 characters or so. When viewing
through a shell via SSH, the output is the width of the window without issue and
is not truncated.
Is this some sort of variable I can set so the output does not get kicked to the
next line like this?
Or perhaps is this happening after the SSH session, and during the e-mail/CVS
diff process?
I have also considered terminal width xxx Cisco ASA side, but this is a permanent
configuration command (config) mode and not a per-session exec command, so
it's probably better just to send the right width to it in the first place via the
SSH/terminal negotiation, however this may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
Per-Olof Olsson
2011-09-09 09:47:35 UTC
Permalink
Not running any ASA but IOS and nexus switches.

Have done some tests to extend width to max, by set width
it multiple times in clogin script.

Just now running clogin using width 500 (nexus max 512) or
"no wrap" for IOS switches supporting "terminal width 0".

If you not set width in scripts you will get
80 when running from cron ("default vt100") or
current window width from where you run command by hand.

In later versions of clogin width set to 80

Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
diff -c clogin.in.ORG clogin.in
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo
+ set command "terminal width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not get
kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
john heasley
2011-09-09 15:53:14 UTC
Permalink
Post by Per-Olof Olsson
Not running any ASA but IOS and nexus switches.
Have done some tests to extend width to max, by set width
it multiple times in clogin script.
Just now running clogin using width 500 (nexus max 512) or
"no wrap" for IOS switches supporting "terminal width 0".
If you not set width in scripts you will get
80 when running from cron ("default vt100") or
current window width from where you run command by hand.
crons vary; you might get the device's default.
Post by Per-Olof Olsson
In later versions of clogin width set to 80
i changed that to 132 for clogin [-s|-c], but this was to stop a few
show commands from oscillating, particularly show vlan. but, i've not
seen the device wrap other lines as thread is implying for nexus and
ASA, of which I have none. is this perhaps driven by some other variable
on these devices, such as terminal type? ie: particular types have or
lack some capability. 500 seems like it would not be strictly portable.
Post by Per-Olof Olsson
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
expect -re $prompt {}
source $sfile
-----------------------------------
Post by P C
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not get
kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
^ due to the + on the second line; i think its occuring at the device.
the truncation is odd though; i'd guess that its doing that annoying "line
shifting" (or lack of a term) that IOS does to prevent lines from wrapping.
we'd have to look at expect debug output to know if thats the case.

if term size can only be communicated via telnet/ssh/rsh, then it has to
be set on the pty.
john heasley
2011-09-09 16:07:06 UTC
Permalink
Post by john heasley
Post by Per-Olof Olsson
In later versions of clogin width set to 80
i changed that to 132 for clogin [-s|-c], but this was to stop a few
show commands from oscillating, particularly show vlan. but, i've not
seen the device wrap other lines as thread is implying for nexus and
ASA, of which I have none. is this perhaps driven by some other variable
on these devices, such as terminal type? ie: particular types have or
lack some capability. 500 seems like it would not be strictly portable.
fwiw, the desired effect from my PoV is that the device do no screen
manipulation in any manner what so ever for -c or -s (command or script)
mode of the login scripts. no line length handling, no line shifting,
no bolding, refreshing, etc etc.
Per-Olof Olsson
2011-09-17 08:20:56 UTC
Permalink
Post by john heasley
Post by john heasley
Post by Per-Olof Olsson
In later versions of clogin width set to 80
i changed that to 132 for clogin [-s|-c], but this was to stop a few
show commands from oscillating, particularly show vlan. but, i've not
seen the device wrap other lines as thread is implying for nexus and
ASA, of which I have none. is this perhaps driven by some other variable
on these devices, such as terminal type? ie: particular types have or
lack some capability. 500 seems like it would not be strictly portable.
fwiw, the desired effect from my PoV is that the device do no screen
manipulation in any manner what so ever for -c or -s (command or script)
mode of the login scripts. no line length handling, no line shifting,
no bolding, refreshing, etc etc.
Sorry.
Some days, most get wrong.


1. First nexus that fooled me.

After some test I find out that turning of pager also turn off wrapping.
(Nexus 5000 running version 4.2(1)N2(1a) )

Can't find any notes of this in Nexus manuals. Only ACE manual have a
note about terminal length settings:
"A value of 0 instructs the ACE to scroll continuously (no pausing) and
overrides the terminal width command."

For NX-os it looks like "terminal length 0" is what needed for initial
terminal settings to rancid.




2. Thanks for the note. I have installed the wrong version when I
updated clogin.in

Rewrite it one more time to make i easy to read and use the same lines
for command and script.
I still like to ad "terminal width 0" to one of ours 6500. The output
from show vlan is 600+ character long! And it's easier to post process
one liners from rancid.

-x_test-----------------------
show terminal
exit
-eof--------------------------

-s_test-----------------------
send "\r"
expect -re $prompt {}
send "show terminal\r"
expect -re $prompt {}
send_user $expect_out(buffer)
send "exit\r"
-eof--------------------------

/115-> clogin -x x_test cisco_6500
cisco_6500
spawn ssh -c 3des -x -l rancid cisco_6500

cisco_6500>enable
Password:
cisco_6500#
cisco_6500#terminal width 0
cisco_6500#terminal length 0
cisco_6500#show terminal
Line 1, Location: "", Type: "xterm"
Length: 0 lines, Width: 0 columns
Baud rate (TX/RX) is 9600/9600
...

/116-> clogin -s s_test cisco_6500
cisco_6500
show terminal
Line 1, Location: "", Type: "xterm"
Length: 0 lines, Width: 0 columns
Baud rate (TX/RX) is 9600/9600


/117-> clogin -x x_test nx-5000
nx-5000
spawn ssh -i .ssh/Rancid-to-Nexus -c 3des -x -l rancid nx_5000
Nexus 5000 Switch
...
nx-5000#
nx-5000# terminal width 0
^
% Invalid number, range is (24:511) at '^' marker.
nx-5000# terminal length 0
nx-5000# show terminal
TTY: /dev/pts/2 Type: "xterm"
Length: 0 lines, Width: 81 columns
Session Timeout: 30 minutes
...


/118-> clogin -s s_test nx_5000
nx_5000
show terminal
TTY: /dev/pts/2 Type: "xterm"
Length: 0 lines, Width: 81 columns
Session Timeout: 30 minutes
...


After install new patch I test to run it on our site with a mix of
2950,2960,3750, 3560, 6500 and nx-5010's.



My new patch---------------------------------------------
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Thu Sep 15 05:20:01 2011
***************
*** 621,626 ****
--- 621,634 ----
# subsequent expects to handle everything as normal.
set command "set logging session disable;$command"
} else {
+ # To prevent diffs from some IOS "show vlan" output
+ # use fixed line width
+ # send "terminal width 80\r"
+ # expect -re $prompt {}
+ # some IOS "no wrap"
+ send "terminal width 0\r"
+ expect -re $prompt {}
+ #
send "terminal length 0\r"
}
# match cisco config mode prompts too, such as router(config-if)#,
***************
*** 919,927 ****
expect -re $prompt {}
send "set logging session disable\r"
} else {
! send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 927,940 ----
expect -re $prompt {}
send "set logging session disable\r"
} else {
! # use fixed line width
! # send "terminal width 80\r"
! # expect -re $prompt {}
! # some ios "no wrap"
! send "terminal width 0\r"
expect -re $prompt {}
! #
! send "terminal length 0\r"
}
expect -re $prompt {}
source $sfile
-end of patch------------------------------------



Notes:
1. I can't test extreme switches but it look lite clogin skip initial
terminal settings only for commands
“ if { [ string compare "extreme" "$platform" ] } {“
not for scripts!

2. Is there any dist of clogin having “terminal width” for commands?
clogin 2.3.6 only have it for scripts!


/Peo
----------------------------------------------------------
Per-Olof Olsson Email: ***@chalmers.se
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------

Chris Gauthier
2011-09-09 15:52:41 UTC
Permalink
Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;)

Index: configs/172.16.0.2
===================================================================
retrieving revision 1.393
diff -U 4 -r1.393 172.16.0.2
@@ -898,8 +898,11 @@
access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0
access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248
+ access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
+ 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip
+ 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
+ nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
+ 255.255.255.248
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0
access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1
access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host 10.0.1.2 @@ -1103,8 +1106,10 @@
access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0
+ access-list vendor3 extended permit ip host 172.16.6.3 host
+ 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
+ host 172.16.0.2
no pager
logging enable
logging timestamp
logging asdm-buffer-size 200


--Chris
-----Original Message-----
Sent: Friday, September 09, 2011 2:48 AM
To: P C
Subject: Re: [rancid] terminal width on Cisco ASA
Not running any ASA but IOS and nexus switches.
Have done some tests to extend width to max, by set width
it multiple times in clogin script.
Just now running clogin using width 500 (nexus max 512) or
"no wrap" for IOS switches supporting "terminal width 0".
If you not set width in scripts you will get
80 when running from cron ("default vt100") or
current window width from where you run command by hand.
In later versions of clogin width set to 80
Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
diff -c clogin.in.ORG clogin.in
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo
+ set command "terminal width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not get
kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
/Peo
----------------------------------------------------------
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
john heasley
2011-09-09 16:02:27 UTC
Permalink
Post by Chris Gauthier
Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;)
is this IOS, PIX, ASA, or ??
Post by Chris Gauthier
Index: configs/172.16.0.2
===================================================================
retrieving revision 1.393
diff -U 4 -r1.393 172.16.0.2
@@ -898,8 +898,11 @@
access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0
access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248
+ access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
+ 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip
+ 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
+ nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
+ 255.255.255.248
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0
access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1
access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0
+ access-list vendor3 extended permit ip host 172.16.6.3 host
+ 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
+ host 172.16.0.2
no pager
logging enable
logging timestamp
logging asdm-buffer-size 200
--Chris
-----Original Message-----
Sent: Friday, September 09, 2011 2:48 AM
To: P C
Subject: Re: [rancid] terminal width on Cisco ASA
Not running any ASA but IOS and nexus switches.
Have done some tests to extend width to max, by set width
it multiple times in clogin script.
Just now running clogin using width 500 (nexus max 512) or
"no wrap" for IOS switches supporting "terminal width 0".
If you not set width in scripts you will get
80 when running from cron ("default vt100") or
current window width from where you run command by hand.
In later versions of clogin width set to 80
Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
diff -c clogin.in.ORG clogin.in
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo
+ set command "terminal width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not get
kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
/Peo
----------------------------------------------------------
Chalmers tekniska h?gskola IT-service
H?rsalsv?gen 5 412 96 G?teborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Chris Gauthier
2011-09-09 16:12:37 UTC
Permalink
Post by john heasley
Post by Chris Gauthier
Here is an excerpt of the emails I get sometimes. They are stored
correctly in the repository, though. I am running rancid 2.3.2 on
Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed
to protect the names of the innocent, as well as my job. ;)
is this IOS, PIX, ASA, or ??
Sorry, ASA 5520 running v8.2(2.17)
Post by john heasley
Post by Chris Gauthier
Index: configs/172.16.0.2
=============================================================
======
Post by Chris Gauthier
retrieving revision 1.393
diff -U 4 -r1.393 172.16.0.2
@@ -898,8 +898,11 @@
access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0
10.119.17.0 255.255.255.0
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0
172.16.6.0 255.255.255.248
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0
172.16.6.0 255.255.255.248
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.100.0
255.255.255.0 172.16.6.0 255.255.255.248
+ access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
+ 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit
+ ip
+ 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
+ nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
+ 255.255.255.248
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
192.168.254.0 255.255.255.0
Post by Chris Gauthier
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
10.16.0.0 255.255.0.0
Post by Chris Gauthier
access-list static_nat_vendor1 extended permit ip 192.168.100.0
255.255.255.0 host 172.30.255.1
Post by Chris Gauthier
access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host
access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248
10.0.0.0 255.0.0.0
Post by Chris Gauthier
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248
172.16.0.0 255.240.0.0
Post by Chris Gauthier
access-list nat0_vendor3 extended permit ip 172.16.6.0
255.255.255.248 192.168.0.0 255.255.0.0
+ access-list vendor3 extended permit ip host 172.16.6.3 host
+ 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
+ host 172.16.0.2
no pager
logging enable
logging timestamp
logging asdm-buffer-size 200
--Chris
-----Original Message-----
Sent: Friday, September 09, 2011 2:48 AM
To: P C
Subject: Re: [rancid] terminal width on Cisco ASA
Not running any ASA but IOS and nexus switches.
Have done some tests to extend width to max, by set width it
multiple times in clogin script.
Just now running clogin using width 500 (nexus max 512) or "no wrap"
for IOS switches supporting "terminal width 0".
If you not set width in scripts you will get
80 when running from cron ("default vt100") or current window width
from where you run command by hand.
In later versions of clogin width set to 80
Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
diff -c clogin.in.ORG clogin.in
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo set command "terminal
+ width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------
How is the terminal width communicated to the Cisco security
appliance by rancid-run when kicked off via crontab? I am getting
output in my alerts like this, almost like it's cutting off at
~60-70 characters or so. When viewing through a shell via SSH,
the output is the width of the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not get
kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but this
is a permanent configuration command (config) mode and not a
per-session exec command, so it's probably better just to send the
right width to it in the first place via the SSH/terminal
negotiation, however this may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
/Peo
----------------------------------------------------------
Chalmers tekniska h?gskola IT-service
H?rsalsv?gen 5 412 96 G?teborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
----------------------------------------------------------------------
----------------------------------------------------------------------
----------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is
intended only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and delete the
material from any system and destroy any copies.
Post by Chris Gauthier
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
Chris Gauthier
2011-09-16 18:21:12 UTC
Permalink
Did anyone ever figure out the line wrapping at all? It seems to be in the post-processing and not in the ASA.
Post by Chris Gauthier
Post by john heasley
Post by Chris Gauthier
Here is an excerpt of the emails I get sometimes. They are stored
correctly in the repository, though. I am running rancid 2.3.2 on
Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been
changed to protect the names of the innocent, as well as my job. ;)
is this IOS, PIX, ASA, or ??
Sorry, ASA 5520 running v8.2(2.17)
Post by john heasley
Post by Chris Gauthier
Index: configs/172.16.0.2
=============================================================
Post by john heasley
======
Post by Chris Gauthier
retrieving revision 1.393
diff -U 4 -r1.393 172.16.0.2
@@ -898,8 +898,11 @@
access-list nat0_inside extended permit ip 192.168.124.0
255.255.255.0
10.119.17.0 255.255.255.0
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.123.0
255.255.255.0
172.16.6.0 255.255.255.248
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.4.0
255.255.255.0
172.16.6.0 255.255.255.248
Post by Chris Gauthier
access-list nat0_inside extended permit ip 192.168.100.0
255.255.255.0 172.16.6.0 255.255.255.248
+ access-list nat0_inside extended permit ip 192.168.0.0
+ 255.255.255.0
+ 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit
+ ip
+ 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
+ nat0_inside extended permit ip 172.16.0.0 255.255.255.240
+ 172.16.6.0
+ 255.255.255.248
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
192.168.254.0 255.255.255.0
Post by Chris Gauthier
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
10.16.0.0 255.255.0.0
Post by Chris Gauthier
access-list static_nat_vendor1 extended permit ip 192.168.100.0
255.255.255.0 host 172.30.255.1
Post by Chris Gauthier
access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host
access-list outside_access_out extended deny ip any 172.16.0.0
255.240.0.0
Post by john heasley
Post by Chris Gauthier
access-list nat0_vendor3 extended permit ip 172.16.6.0
255.255.255.248
10.0.0.0 255.0.0.0
Post by Chris Gauthier
access-list nat0_vendor3 extended permit ip 172.16.6.0
255.255.255.248
172.16.0.0 255.240.0.0
Post by Chris Gauthier
access-list nat0_vendor3 extended permit ip 172.16.6.0
255.255.255.248 192.168.0.0 255.255.0.0
+ access-list vendor3 extended permit ip host 172.16.6.3 host
+ 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
+ host 172.16.0.2
no pager
logging enable
logging timestamp
logging asdm-buffer-size 200
--Chris
-----Original Message-----
Sent: Friday, September 09, 2011 2:48 AM
To: P C
Subject: Re: [rancid] terminal width on Cisco ASA
Not running any ASA but IOS and nexus switches.
Have done some tests to extend width to max, by set width it
multiple times in clogin script.
Just now running clogin using width 500 (nexus max 512) or "no wrap"
for IOS switches supporting "terminal width 0".
If you not set width in scripts you will get
80 when running from cron ("default vt100") or current window
width from where you run command by hand.
In later versions of clogin width set to 80
Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
diff -c clogin.in.ORG clogin.in
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo set command "terminal
+ width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------
How is the terminal width communicated to the Cisco security
appliance by rancid-run when kicked off via crontab? I am
getting output in my alerts like this, almost like it's cutting
off at
~60-70 characters or so. When viewing through a shell via SSH,
the output is the width of the window without issue and is not truncated.
Is this some sort of variable I can set so the output does not
get kicked to the next line like this?
Or perhaps is this happening after the SSH session, and during
the e-mail/CVS diff process?
I have also considered terminal width xxx Cisco ASA side, but
this is a permanent configuration command (config) mode and not
a per-session exec command, so it's probably better just to send
the right width to it in the first place via the SSH/terminal
negotiation, however this may be done.
+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
/Peo
----------------------------------------------------------
Chalmers tekniska h?gskola IT-service
H?rsalsv?gen 5 412 96 G?teborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
--------------------------------------------------------------------
--
--------------------------------------------------------------------
--
--------------------------------------------------------------------
--
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or
attachments is
intended only for the person or entity to which it is addressed and
may contain confidential and/or privileged material. Any review,
retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any system and
destroy any copies.
Post by john heasley
Post by Chris Gauthier
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------
------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is
intended only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and delete the
material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
Loading...