[rancid] Rancid and Syslog-ng

[Satyam Mathura]

Guys,
Has anyone ever been successful with setting up rancid and syslog-ng so that whenever a config change is written to memory, syslog-ng calls the rancid executable for that host only?
Basically we're looking to have rancid query a device only when that device's configuration has been modified.

[Sam Munzani]

Google search revealed this.

http://www.syslog.org/forum/syslog-ng/syslog-ng-to-trigger-rancid/

Thanks,
Sam

Guys,
Has anyone ever been successful with setting up rancid and syslog-ng so that whenever a config change is written to memory, syslog-ng calls the rancid executable for that host only?
Basically we're looking to have rancid query a device only when that device's configuration has been modified.

_______________________________________________
Rancid-discuss mailing list
Rancid-...@shrubbery.net
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

[Mr. James W. Laferriere]

On Tue, 2 Jun 2009, Sam Munzani wrote:
> Google search revealed this.
> http://www.syslog.org/forum/syslog-ng/syslog-ng-to-trigger-rancid/
> Thanks,
> Sam

The link(*) there appears to continously fail in one way or another .

Is it possibly a News server that requires credentials to view .
Probably asking the wrong person that '?' .

(*) http://thread.gmane.org/gmane.comp.syslog-ng/2151/focus=2154

>> Guys,
>> Has anyone ever been successful with setting up rancid and syslog-ng so
>> that whenever a config change is written to memory, syslog-ng calls the
>> rancid executable for that host only?
>> Basically we're looking to have rancid query a device only when that
>> device's configuration has been modified.

Twyl , JimL
--
+------------------------------------------------------------------+
| James W. Laferriere | System Techniques | Give me VMS |
| Network&System Engineer | 2133 McCullam Ave | Give me Linux |
| bab...@baby-dragons.com | Fairbanks, AK. 99701 | only on AXP |
+------------------------------------------------------------------+

[Gary T. Giesen]

Another option I use is snmptt. There's an SNMP trap an IOS router can
send upon config change, and I use snmptt to run rancid against that
host when it receives such a trap.

GG

[Meli, Federico]

Hello everyone;
I implemented the solution with the following syslog-ng modification and a script in perl. When the syslog receive a change configuration trap trigger the script. You should adapt it to your specific system. In this case the syslog translate the IP add from the hosts/DNS and I use that name. also I put the script in the log directory to avoid permit issues. Hopefully It will work for you.

Syslog.conf:

source net { udp(); };

filter f_change{ match("SYS-5-CONFIG_I: Configured"); };

destination df_change { program("perl /var/log/rancid.pl"
template("$HOST\n") );
};

log { source(net); filter(f_change); destination(df_change); };

Regards

Federico Meli
Global Crossing Americas Solution, Inc.

[Ryan Harden]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I accomplished this by using sec to watch the logs and spawn rancid for
the host that generated the log entry.

You might look into sec (Simple Event Correlator) as an option.

/Ryan

> ------------------------------------------------------------------------

>
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-...@shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

- --
Ryan M. Harden, BS, KC9IHX Office: 217-265-5192
CITES - Network Engineering Cell: 630-363-0365
2130 Digital Computer Lab Fax: 217-244-7089
1304 W. Springfield email: hard...@illinois.edu
Urbana, IL 61801

University of Illinois - Urbana/Champaign
University of Illinois - ICCN
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKZj+DtuPckBBbXboRArS2AKDPFIqYnEZHIRdpMG548loVku4SQwCgs0yW
Q9TflYg7H0ZlvE34VVSfvWc=
=aR+L
-----END PGP SIGNATURE-----

[Sam Munzani]

The problem I faced with this approach is when the syslog-ng triggers the program, it memorizes that. So calling rancid-run script directly doesn't work. You need a wrapper script for this directive to work. >From the configuration it looks like you have written rancid.pl wrapper. Can you share that to the team?

Thanks,
Sam

[Meli, Federico]

Sam,
I included the attach with the previous mail but here you have the script.

rancid.pl:
#########################

#!/usr/bin/perl
use warnings;
use strict;

# strip the priority
my $host;
$host=<>;

chomp($host);
$host=lc($host);

if ($host) {system("su - rancid -c \"/home/rancid/bin/rancid-run -r $host \" ");};

################

Federico Meli

[Daniel Medina]

On Thu, Jul 23, 2009 at 08:09:34AM -0500, Sam Munzani wrote:
> The problem I faced with this approach is when the syslog-ng triggers the
> program, it memorizes that. So calling rancid-run script directly doesn't
> work. You need a wrapper script for this directive to work. From the
> configuration it looks like you have written rancid.pl wrapper. Can you
> share that to the team?

Not that it memorizes, but syslog-ng starts the program once and expects it to
hang around, waiting for input.

In perl (although the syslog-ng example below from Federico handles some of
this already with the filter and template,

#!perl
# define your $pattern of interest
while( <> ) {
if ( /$pattern/ ) {
# extract values
# Do something with your values
# Like "rancid-run -r device_name"
}
}

Note, I've seen it's useful to batch up sysconfig traps or syslog messages
before firing off data collection for every event because you may have humans
logging in manually entering config mode, exiting, re-entering or some other
sort of nonsense :)

--
Daniel Medina