Re: [rancid] Palo Alto Networks

[Guillaume Dupuis]

Nate Beck <Nate.Beck <at> jivesoftware.com> writes:

>
>
> Has anyone on the list worked with Palo Alto Network firewalls and Rancid?  I
was wondering if anyone has created a *login for them.
> Thanks-------------------
> Nathan BeckSr. IT Engineer
> Jive Software
> 503.972.9024

Hi Nate,

Did you find a *login script for PAN?

Thanks,

Guillaume Dupuis

_______________________________________________
Rancid-discuss mailing list
Rancid-...@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

[Kishore Rajani]

HI,

did you manage to get the RANCID running with PAN?

Regards,
Kishore

[Kishore Rajani]

Hi All,

Thanks for your inputs.. much appreciated.

I think i had downloaded these files from some other website, not sure if you have modified it, Doug..

In my setup, I am able to login into the device using panlogin.. however the device config are not backed up. Everything works smooth for Cisco devices.

I have updated the routers.db and other files for PAN devices, but no luck yet.

Unfortunately, I am unable to reach my remote site server at the moment, else would have pasted the log file.

Regards,

Kishore

On 24 September 2013 22:01, Hughes, Doug <Douglas...@deshawresearch.com> wrote:

Sure they can. I do it for 3 of them right now.

 

Attached. Set your ‘switch type’ to paloalto. Works with names or IP addresses.

 

From: Ryan Milton [mailto:rmi...@mvsusa.com]
Sent: Tuesday, September 24, 2013 4:58 PM
To: Hughes, Doug; Kishore Rajani; rancid-...@googlegroups.com
Cc: guillaum...@novidys.com; rancid-...@shrubbery.net
Subject: RE: [rancid] Palo Alto Networks

 

I would certainly be interested in adding PAN devices to Rancid. I thought that they couldn’t be read. That is what I’ve found with my HP switches—but that is another matter. Any ideas on getting PAN devices read by Rancid would be useful.

 

Regards,

Ryan Milton

 

From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Hughes, Doug
Sent: Tuesday, September 24, 2013 12:26 PM
To: Kishore Rajani; rancid-...@googlegroups.com
Cc: guillaum...@novidys.com; rancid-...@shrubbery.net
Subject: Re: [rancid] Palo Alto Networks

 

Yes, I have working panlogin and panrancid and have contributed them upstream. Have you not been able to get them to work?

[Kishore Rajani]

I will use them as soon as the remote site becomes available.. and will also let you know how did it go.

Appreciate your help.

Regards,

Kishore

On 25 September 2013 01:40, Hughes, Doug <Douglas...@deshawresearch.com> wrote:

I just sent you the latest versions. I’m the original creator. I can’t say if the other version is older, but if they are different, use the ones I sent. (and make sure they are first in the path)

 

So you are saying when you run panrancid it doesn’t create the config file for you?

[Kishore Rajani]

HI Doug,

Now that I have my remote site up, here are the logs that are generated by rancid-run:
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory
exec failed router manufacturer paloalto: No such file or directory

Any idea where I could have been wrong. I have the panlogin and panrancid in the "/usr/local/rancid/bin/" directory. Also I have checked the router.db file and it has the config like:
FWL1:paloalto:up

FWL2:paloalto:up
FWL3:paloalto:up
FWL4:paloalto:up
FWL5:paloalto:up

Thanks and Regards,
Kishore

[Kishore Rajani]

Just checked, I do have that entry as well:

   'netscaler'         => 'nsrancid',
    'netscreen'         => 'nrancid',
    'paloalto'          => 'panrancid',
    'procket'           => 'prancid',

Do you think I have missed it anywhere else.. is there any modification needed in the rancid-run script? the cisco devices are being backed up without any problem..

Regards,
Kishore

On 2 October 2013 15:21, Hughes, Doug <Douglas...@deshawresearch.com> wrote:

I suspect you haven’t added the mapping to your vendor table.

In rancid-fe, find the %vendortable hash (about 2/3 of the way down)

 

Add a line:

    'paloalto'          => 'panrancid',

 

 

I put mine in alphabetical order, just below netscreen.

[Kishore Rajani]

Hi Doug,

Finally got it working !!!! great thanks :)

I removed all the files and config related to PAN and applied everything again and volla it started working :)

Regards,
Kishore

On 2 October 2013 15:34, Hughes, Doug <Douglas...@deshawresearch.com> wrote:

That message is definitely coming from rancid-fe. It’s just below the vendor table. Are you sure that you don’t have ‘another’ version of rancid-fe somewhere else in the path? That’s the only explanation that I could think of other than a misspelling. You could use strace –f –e trace=execve to find out exactly what it’s running.

[Maria Jose Erquiaga]

Hi Everyone!

I'm having the same problem, but with Mikrotik.

I follow these instructions : http://falz.net/tech/rancid-mikrotik

and I have this error when I run Rancid :
exec failed router manufacturer mikrotik: No such file or directory

I'm using these files as well : http://falz.net/static/rancid/ and pearl5 is installed in my ubuntu server.
I have created the /var/lib/rancid/ap/router.db file as well with the IP of my devices
I have access to my device but I can't obtain the config file, I can see a file in /var/lib/rancid/all/configs but it is empty.-

Thanks in advance

[Konstantin Konstantin]

fix it?

суббота, 18 января 2014 г., 18:45:03 UTC+4 пользователь Maria Jose Erquiaga написал: