=================================================================== retrieving revision 1.29 diff -u -4 -r1.29 mpls-jhb-pe1 @@ -288,9 +288,9 @@ ! interface Serial0/0 description Link to Client X bandwidth 2048 - ip address 192.168.1.244 255.255.255.254 + ip address 192.168.1.234 255.255.255.254 ip route-cache flow ip tcp header-compression iphc-format ip tcp compression-connections 256 ! ip ospf message-digest-key 1 md5 the - symbol represents what was removed the + symbol represents what was added
The above example is from a Cisco Router, however Rancid also is known to support I Suggest that you also use Tacacs+ if your hardware supports it.
Installing Rancid Install the port in /usr/ports/net-mgmt/rancid/ you can just run a "make install clean" Once installed there are a few places where the files are found that you The config files are in /usr/local/etc/rancid The bin files are in /usr/local/libexec/rancid The CVS and other files needed are in /usr/local/var/rancid more other files /usr/local/share/rancid/
Frstly the rancid.conf file.
Copy the rancid.conf.sample to rancid.conf The Conf file is pretty well commented and there are only 2 or 3 lines The lines I changed are as follows.
LIST_OF_GROUPS="networks" MAILDOMAIN="@yourdomain.tld"; export MAILDOMAIN
you might also want to check this line OLDTIME=4; export OLDTIME 4 hours is the default, you could change it to 1 or 2 hours But if your cron that checks the config is set to every 2 hours setting OLDTIME is the amount of hours that pass before rancid complains about
Creating a Rancid User
I would suggest creating a rancid user No special privileges are needed that I have noticed I just used a standard user and a bash shell (I'm more comfortable using bash)
The .cloginrc file
This file is also pretty well commented and should be pretty easy to figure out. here is an example on mine add user * rancid will log in as the rancid user if the device uses a username prompt i.e. tacacs+ add password *-pix-fw add method *-pix-fw ssh The above will log into any host matching somehost-pix.fw as rancid with the add password specific-hosting-fw add method specific-hosting-fw ssh The above will log only into the firewall whose host is specific-hosting-fw
# all our routers, i.e.: everything else add password *
# set ssh encryption type, dflt: 3des add cyphertype *
There are namy other options in the file but these are the basics of what you su to your rancid user "su rancid" and run: /usr/local/libexec/rancid/clogin ipaddr of the host you want to log into if all goes well you should see something like this
[rancid@rat ~]$ clogin 10.0.0.1 10.0.0.1 spawn telnet 10.0.0.1 Trying 10.0.0.1... Connected to MPLS-JHB-PE1. Escape character is '^]'.
MPLS-JHB-PE1 line 162
User Access Verification
Username: rancid Password:
MPLS-JHB-PE1>enable Password: MPLS-JHB-PE1# MPLS-JHB-PE1#
you might want to consider linking the clogin script on the libexec dir i.e ln -s /usr/local/libexec/rancid/clogin /usr/sbin/clogin
If your hosts are not in your DNS server zone files you can add
Yes you guessed it im a lazy swine so the first thing i did was added
no all i have to do to log into a router switch or firewall is type in the however there are security considerations that you might want to think about
here is an example of my aliases in the .bashrc file
## Aliases ## alias mpls='clear;clogin mpls-ny-pe1;clear' alias mcore1='clear;clogin mcore1-ny-sw;clear' alias mcore2='clear;clogin mcore2-ny-sw;clear'
Ok now most of the hard work is done. Setting up the CVS and telling Rancid what devices monitor for config changes.
The first thing to do here is to check if the this directory exists /usr/local/var/rancid/ any way if it exists cd to /usr/local/ (as root) and rm -fr var/rancid
then as the rancid user do the follwing mkdir /usr/local/var/ mkdir /usr/local/var/rancid
then run rancid-run it should already be in /usr/local/bin/rancid-run when you run rancid-run as the rancid user you should not get any errors then you run rancid-cvs Between these 2 rancid binaries your /user/local/var/rancid directory should
CVS logs networks <-- networks here is the group in the /usr/local/etc/rancid/conf file
cd to the networks (or what ever group you created)
vi the router.db file and add the hosts you want to monitor Example below: mpls-tex-pe1:cisco:up mpls-la-pe1:cisco:up mpls-ny-pe1:cisco:up mpls-was-pe1:cisco:up mpls-london-pe1:cisco:up mpls-oz-pe1:cisco:up fw-client:cisco:up core1-sw-ny-1:cisco:up core2-sw-ny-2:cisco:up
ETC.
I would suggest just adding one line for for now so you can test it.
also on your mail server add an alias to mail you or your group the vi /etc/aliases
rancid-networks: bob,john,jack
or you could do this networks: bob,john,jack rancid-networks: networks
But mail policy�s are up to you. Remember that rancid-xxxxxx will be
Once you have setup the mail to send you the logs of rancid data. Run rancid-run again.
With any luck you will receive an email that will have a bunch of info it should look similar to the output example right near the top of this page.
if not then either you have a problem with your rancid config or maybe your alias is not working or the server you are running rancid from
Last Step if all works add a crontab as the rancid user
something like this crontab-e @hourly /usr/local/bin/rancid-run |
||||||||||
|
|
||||||||||
