From: Brant I. Stevens (branto@branto.com)
Date: Mon Dec 11 2006 - 14:39:42 ART
RANCID is pretty cool, especially when you combine it with a bit of
scripting/PERL. People often overlook its ability to distribute
configuration changes/commands to multiple devices... And unlike
Ciscoworks, you aren't limited to Cisco-only equipment.
Below is a simple BASH script that will execute the commands in the file
"ntp-and-logging.commands" on all routers, in a group specified on the
command line, with "vpn" in their name. The output of the run will be
directed to the file logging.log for reference later.
#!/bin/bash
export routergroup=$1
export current_time=`date`
for router in `cat ~rancid/var/$routergroup/router.db | cut -d: -f1 | grep
-v vpn`
do
~rancid/bin/clogin -f ~rancid/.cloginrc -x
~rancid/scripts/ntp-and-logging.commands $router >> ~rancid/logging.log
done
#~rancid/scripts/ntp-and-logging.commands
conf t
ntp update-calendar
no ntp server 10.1.10.15
no ntp server 10.1.10.16
ntp server a.b.c.d
ntp server e.f.g.h
ntp server i.j.k.l
ip domain-lookup
ip name-server 10.1.10.15
ip name-server 10.1.10.16
logging buff 131072 notifications
no logging console
logging monitor debug
ip access-list standard remote-management-restriction
permit x.x.x.x 0.0.0.255
permit x.x.x.x 0.0.0.255
permit 10.1.1.0 0.0.0.255
permit 10.1.10.0 0.0.0.255
permit y.y.y.y 0.0.0.255
permit z.z.z.z 0.0.0.255
no permit any
exit
exit
wr
show ntp assoc
show clock
If you are going to do a new installation, I'd recommend using an SVN
repository in lieu of CVS. SVN allows for the renaming of
files/directories, and your repository can still be accessed via web
interface if so desired.
On 12/11/06 8:13 AM, "VirtRack.com Mailing Lists" <ciscolists@gmail.com>
wrote:
> I have rancid polling about 500 devices....combination of Cisco and HP. It
> is a great program and is free. When I first got it installed I told the
> other network guys that "I was watching everything they do" and would call
> them up randomly and talk about changes they had made. "So I see you set
> port 16 to 100-full today?" It freaked them out until I finally showed them
> what I had running. If you need any help with it contact me off list and
> I'll offer any advice I can.
>
> On 12/11/06, Godswill Oletu <oletu@inbox.lv> wrote:
>>
>> Darby,
>>
>> That was one darn good sales piece; hope you negotiated a very fat
>> commission?:)
>>
>> Godswill Oletu
>> CCIE #16464
>>
>> ----- Original Message -----
>> From: "Darby Weaver" <darbyweaver@yahoo.com>
>> To: "Darby Weaver" <darbyweaver@yahoo.com>; "Brad Ellis"
>> <brad@ccbootcamp.com>; "Cisco certification" <ccielab@groupstudy.com>
>> Sent: Monday, December 11, 2006 12:34 AM
>> Subject: Re: Rancid anyone?
>>
>>
>>> If you are located in the US, regardless of your
>>> feelings, chances are that you need rancid or
>>> something like it for legal compliance -- between SOX,
>>> FISMA, and HIPAA, most commercial and government
>>> entities need lots of monitoring. If you don't think
>>> you need it now, but you are subject to any kind of
>>> auditing and haven't been audited yet, do yourself a
>>> favor and implement it now.
>>>
>>> Quite aside from legal issues, tools like rancid are
>>> great for lots of real-life reasons. They are good
>>> for:
>>>
>>> * detecting surprise changes ("when did that change
>>> occur? Sure would be nice to have an automated tool
>>> to tell us when someone makes a change in the middle
>>> of the night and forgets to send email");
>>>
>>> * security monitoring of routers ("where did that
>>> permissive ACL come from? Sure would be nice if a
>>> tool could tell us what changes occurred on routers,
>>> so if anything suspicious happens, we can know
>>> immediately instead of when it ends up in the media");
>>>
>>> * exercising router flashes ("Whoops, the flash went
>>> bad but the device continued to function in-memory, so
>>> nobody noticed until a power outage. Sure would be
>>> nice if we had a tool that periodically logged in to
>>> devices and ran a bunch of commands that demonstrate
>>> that it is working well");
>>>
>>> * backing up configs ("Our last manual backup of the
>>> router config was 5 years ago; we've upgraded it
>>> twice, and added lots of ACLs since then. Wouldn't an
>>> automated way to get config backups make sense?")
>>>
>>>
>>> --- Darby Weaver <darbyweaver@yahoo.com> wrote:
>>>
>>>> Actually,
>>>>
>>>> I was thinking more of SolarWind's Cirrus product.
>>>>
>>>> And I was talking about Rancid and its usage of CVS
>>>> (Common Versioning System) to email configs of one's
>>>> network's devices to report change.
>>>>
>>>> I was thinking in terms of using these tools in
>>>> conjuntion with Cisco ACS for instance in the sense
>>>> of
>>>> Change Management and accountability.
>>>>
>>>>
>>>>
>>>> --- Brad Ellis <brad@ccbootcamp.com> wrote:
>>>>
>>>>> I fly a Cirrus SR-22...does that count???
>>>>>
>>>>> (actually, the darn thing almost ran me over
>>>>> yesterday...was pulling it out
>>>>> of the hanger down a steep downslope and the
>>>>> co-pilot side brakes
>>>>> failed...not a fun day)
>>>>>
>>>>> -b
>>>>> ----- Original Message -----
>>>>> From: "Darby Weaver" <darbyweaver@yahoo.com>
>>>>> To: "Cisco certification" <ccielab@groupstudy.com>
>>>>> Sent: Sunday, December 10, 2006 9:19 PM
>>>>> Subject: Rancid anyone?
>>>>>
>>>>>
>>>>>> Anyone using Rancid?
>>>>>>
>>>>>> Or are most using CatTools? CiscoWorks? or
>>>> Cirrus?
>>>>>>
>>>>>>
>>>>>
>>>>
>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>
>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART