>
>
> Has anyone on the list worked with Palo Alto Network firewalls and Rancid? I
was wondering if anyone has created a *login for them.
> Thanks-------------------
> Nathan BeckSr. IT Engineer
> Jive Software
> 503.972.9024
Hi Nate,
Did you find a *login script for PAN?
Thanks,
Guillaume Dupuis
_______________________________________________
Rancid-discuss mailing list
Rancid-...@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Sure they can. I do it for 3 of them right now.
Attached. Set your ‘switch type’ to paloalto. Works with names or IP addresses.
From: Ryan Milton [mailto:rmi...@mvsusa.com]
Sent: Tuesday, September 24, 2013 4:58 PM
To: Hughes, Doug; Kishore Rajani; rancid-...@googlegroups.com
Cc: guillaum...@novidys.com; rancid-...@shrubbery.net
Subject: RE: [rancid] Palo Alto Networks
I would certainly be interested in adding PAN devices to Rancid. I thought that they couldn’t be read. That is what I’ve found with my HP switches—but that is another matter. Any ideas on getting PAN devices read by Rancid would be useful.
Regards,
Ryan Milton
From: rancid-disc...@shrubbery.net [mailto:rancid-disc...@shrubbery.net] On Behalf Of Hughes, Doug
Sent: Tuesday, September 24, 2013 12:26 PM
To: Kishore Rajani; rancid-...@googlegroups.com
Cc: guillaum...@novidys.com; rancid-...@shrubbery.net
Subject: Re: [rancid] Palo Alto Networks
Yes, I have working panlogin and panrancid and have contributed them upstream. Have you not been able to get them to work?
I just sent you the latest versions. I’m the original creator. I can’t say if the other version is older, but if they are different, use the ones I sent. (and make sure they are first in the path)
So you are saying when you run panrancid it doesn’t create the config file for you?
I suspect you haven’t added the mapping to your vendor table.
In rancid-fe, find the %vendortable hash (about 2/3 of the way down)
Add a line:
'paloalto' => 'panrancid',
I put mine in alphabetical order, just below netscreen.
That message is definitely coming from rancid-fe. It’s just below the vendor table. Are you sure that you don’t have ‘another’ version of rancid-fe somewhere else in the path? That’s the only explanation that I could think of other than a misspelling. You could use strace –f –e trace=execve to find out exactly what it’s running.