Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: RANCID: Users

terminal width on Cisco ASA

  

 
RANCID users RSS feed   Index | Next | Previous | View Threaded


pc50000 at gmail

Sep 8, 2011, 9:26 AM

Post #1 of 10 (3933 views)
Permalink
terminal width on Cisco ASA
How is the terminal width communicated to the Cisco security appliance
by rancid-run when kicked off via crontab? I am getting output in my
alerts like this, almost like it's cutting off at ~60-70 characters or
so. When viewing through a shell via SSH, the output is the width of
the window without issue and is not truncated.

Is this some sort of variable I can set so the output does not get
kicked to the next line like this?

Or perhaps is this happening after the SSH session, and during the
e-mail/CVS diff process?

I have also considered terminal width xxx Cisco ASA side, but this is
a permanent configuration command (config) mode and not a per-session
exec command, so it's probably better just to send the right width to
it in the first place via the SSH/terminal negotiation, however this
may be done.

+ access-list myaclname extended permit ip host 10.100.100.100
+ object-group MY_OBJECT log warnings interval 10
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


cgauthier at mapscu

Sep 8, 2011, 9:41 AM

Post #2 of 10 (3813 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
I find that I get wrapped lines and combined lines occasionally in the email, but is stored correctly in the repository. It's never been that big of a deal to me, so I just live with it and recognize it's something to do with diff and email. I'll see if I can find an example and forward it on.


Chris Gauthier, CCNA Security
Network Administrator
Maps Credit Union
v: 503.588.0181 x3401
f: 503.779.1083
https://www.mapscu.com


> -----Original Message-----
> From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-
> bounces [at] shrubbery] On Behalf Of P C
> Sent: Thursday, September 08, 2011 9:27 AM
> To: rancid-discuss [at] shrubbery
> Subject: [rancid] terminal width on Cisco ASA
>
> How is the terminal width communicated to the Cisco security appliance by
> rancid-run when kicked off via crontab? I am getting output in my alerts like
> this, almost like it's cutting off at ~60-70 characters or so. When viewing
> through a shell via SSH, the output is the width of the window without issue and
> is not truncated.
>
> Is this some sort of variable I can set so the output does not get kicked to the
> next line like this?
>
> Or perhaps is this happening after the SSH session, and during the e-mail/CVS
> diff process?
>
> I have also considered terminal width xxx Cisco ASA side, but this is a permanent
> configuration command (config) mode and not a per-session exec command, so
> it's probably better just to send the right width to it in the first place via the
> SSH/terminal negotiation, however this may be done.
>
> + access-list myaclname extended permit ip host 10.100.100.100
> + object-group MY_OBJECT log warnings interval 10
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


peo at chalmers

Sep 9, 2011, 2:47 AM

Post #3 of 10 (4013 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Not running any ASA but IOS and nexus switches.

Have done some tests to extend width to max, by set width
it multiple times in clogin script.

Just now running clogin using width 500 (nexus max 512) or
"no wrap" for IOS switches supporting "terminal width 0".

If you not set width in scripts you will get
80 when running from cron ("default vt100") or
current window width from where you run command by hand.

In later versions of clogin width set to 80

Diff from my running version of clogin.in (rancid 2.3.6)
------------------------------------------------------
> diff -c clogin.in.ORG clogin.in

*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Wed Jan 19 12:18:57 2011
***************
*** 622,627 ****
--- 622,629 ----
set command "set logging session disable;$command"
} else {
send "terminal length 0\r"
+ # More ugly code to turn of line wrap /Peo
+ set command "terminal width 0;$command"
}
# match cisco config mode prompts too, such as router(config-if)#,
# but catalyst does not change in this fashion.
***************
*** 921,927 ****
} else {
send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 923,934 ----
} else {
send "terminal length 0\r"
expect -re $prompt {}
! # send "terminal width 80\r"
! # Set long lines for NEXUS
! # and no line wrap on IOS /Peo
! send "set width 500\r"
! expect -re $prompt {}
! send "set width 0\r"
}
expect -re $prompt {}
source $sfile
-----------------------------------

P C skrev 2011-09-08 18:26:
> How is the terminal width communicated to the Cisco security appliance
> by rancid-run when kicked off via crontab? I am getting output in my
> alerts like this, almost like it's cutting off at ~60-70 characters or
> so. When viewing through a shell via SSH, the output is the width of
> the window without issue and is not truncated.
>
> Is this some sort of variable I can set so the output does not get
> kicked to the next line like this?
>
> Or perhaps is this happening after the SSH session, and during the
> e-mail/CVS diff process?
>
> I have also considered terminal width xxx Cisco ASA side, but this is
> a permanent configuration command (config) mode and not a per-session
> exec command, so it's probably better just to send the right width to
> it in the first place via the SSH/terminal negotiation, however this
> may be done.
>
> + access-list myaclname extended permit ip host 10.100.100.100
> + object-group MY_OBJECT log warnings interval 10
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


/Peo
----------------------------------------------------------
Per-Olof Olsson Email: peo [at] chalmers
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


cgauthier at mapscu

Sep 9, 2011, 8:52 AM

Post #4 of 10 (3819 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;)

Index: configs/172.16.0.2
===================================================================
retrieving revision 1.393
diff -U 4 -r1.393 172.16.0.2
@@ -898,8 +898,11 @@
access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0
access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248
access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248
+ access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
+ 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip
+ 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
+ nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
+ 255.255.255.248
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0
access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0
access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1
access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host 10.0.1.2 @@ -1103,8 +1106,10 @@
access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0
access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0
+ access-list vendor3 extended permit ip host 172.16.6.3 host
+ 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
+ host 172.16.0.2
no pager
logging enable
logging timestamp
logging asdm-buffer-size 200


--Chris


> -----Original Message-----
> From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-
> bounces [at] shrubbery] On Behalf Of Per-Olof Olsson
> Sent: Friday, September 09, 2011 2:48 AM
> To: P C
> Cc: rancid-discuss [at] shrubbery
> Subject: Re: [rancid] terminal width on Cisco ASA
>
> Not running any ASA but IOS and nexus switches.
>
> Have done some tests to extend width to max, by set width
> it multiple times in clogin script.
>
> Just now running clogin using width 500 (nexus max 512) or
> "no wrap" for IOS switches supporting "terminal width 0".
>
> If you not set width in scripts you will get
> 80 when running from cron ("default vt100") or
> current window width from where you run command by hand.
>
> In later versions of clogin width set to 80
>
> Diff from my running version of clogin.in (rancid 2.3.6)
> ------------------------------------------------------
> > diff -c clogin.in.ORG clogin.in
>
> *** clogin.in.ORG Wed Oct 6 22:31:24 2010
> --- clogin.in Wed Jan 19 12:18:57 2011
> ***************
> *** 622,627 ****
> --- 622,629 ----
> set command "set logging session disable;$command"
> } else {
> send "terminal length 0\r"
> + # More ugly code to turn of line wrap /Peo
> + set command "terminal width 0;$command"
> }
> # match cisco config mode prompts too, such as router(config-if)#,
> # but catalyst does not change in this fashion.
> ***************
> *** 921,927 ****
> } else {
> send "terminal length 0\r"
> expect -re $prompt {}
> ! send "terminal width 80\r"
> }
> expect -re $prompt {}
> source $sfile
> --- 923,934 ----
> } else {
> send "terminal length 0\r"
> expect -re $prompt {}
> ! # send "terminal width 80\r"
> ! # Set long lines for NEXUS
> ! # and no line wrap on IOS /Peo
> ! send "set width 500\r"
> ! expect -re $prompt {}
> ! send "set width 0\r"
> }
> expect -re $prompt {}
> source $sfile
> -----------------------------------
>
> P C skrev 2011-09-08 18:26:
> > How is the terminal width communicated to the Cisco security appliance
> > by rancid-run when kicked off via crontab? I am getting output in my
> > alerts like this, almost like it's cutting off at ~60-70 characters or
> > so. When viewing through a shell via SSH, the output is the width of
> > the window without issue and is not truncated.
> >
> > Is this some sort of variable I can set so the output does not get
> > kicked to the next line like this?
> >
> > Or perhaps is this happening after the SSH session, and during the
> > e-mail/CVS diff process?
> >
> > I have also considered terminal width xxx Cisco ASA side, but this is
> > a permanent configuration command (config) mode and not a per-session
> > exec command, so it's probably better just to send the right width to
> > it in the first place via the SSH/terminal negotiation, however this
> > may be done.
> >
> > + access-list myaclname extended permit ip host 10.100.100.100
> > + object-group MY_OBJECT log warnings interval 10
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss [at] shrubbery
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
>
> /Peo
> ----------------------------------------------------------
> Per-Olof Olsson Email: peo [at] chalmers
> Chalmers tekniska högskola IT-service
> Hörsalsvägen 5 412 96 Göteborg
> Tel: 031/772 6738 Fax: 031/772 8680
> ----------------------------------------------------------
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


heas at shrubbery

Sep 9, 2011, 8:53 AM

Post #5 of 10 (3855 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Fri, Sep 09, 2011 at 11:47:35AM +0200, Per-Olof Olsson:
> Not running any ASA but IOS and nexus switches.
>
> Have done some tests to extend width to max, by set width
> it multiple times in clogin script.
>
> Just now running clogin using width 500 (nexus max 512) or
> "no wrap" for IOS switches supporting "terminal width 0".
>
> If you not set width in scripts you will get
> 80 when running from cron ("default vt100") or
> current window width from where you run command by hand.

crons vary; you might get the device's default.

> In later versions of clogin width set to 80

i changed that to 132 for clogin [-s|-c], but this was to stop a few
show commands from oscillating, particularly show vlan. but, i've not
seen the device wrap other lines as thread is implying for nexus and
ASA, of which I have none. is this perhaps driven by some other variable
on these devices, such as terminal type? ie: particular types have or
lack some capability. 500 seems like it would not be strictly portable.

> ! # send "terminal width 80\r"
> ! # Set long lines for NEXUS
> ! # and no line wrap on IOS /Peo
> ! send "set width 500\r"
> ! expect -re $prompt {}
> ! send "set width 0\r"


> expect -re $prompt {}
> source $sfile
> -----------------------------------
>
> P C skrev 2011-09-08 18:26:
> >How is the terminal width communicated to the Cisco security appliance
> >by rancid-run when kicked off via crontab? I am getting output in my
> >alerts like this, almost like it's cutting off at ~60-70 characters or
> >so. When viewing through a shell via SSH, the output is the width of
> >the window without issue and is not truncated.
> >
> >Is this some sort of variable I can set so the output does not get
> >kicked to the next line like this?
> >
> >Or perhaps is this happening after the SSH session, and during the
> >e-mail/CVS diff process?
> >
> >I have also considered terminal width xxx Cisco ASA side, but this is
> >a permanent configuration command (config) mode and not a per-session
> >exec command, so it's probably better just to send the right width to
> >it in the first place via the SSH/terminal negotiation, however this
> >may be done.
> >
> >+ access-list myaclname extended permit ip host 10.100.100.100
> >+ object-group MY_OBJECT log warnings interval 10
^ due to the + on the second line; i think its occuring at the device.
the truncation is odd though; i'd guess that its doing that annoying "line
shifting" (or lack of a term) that IOS does to prevent lines from wrapping.
we'd have to look at expect debug output to know if thats the case.

if term size can only be communicated via telnet/ssh/rsh, then it has to
be set on the pty.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


heas at shrubbery

Sep 9, 2011, 9:02 AM

Post #6 of 10 (3812 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier:
> Here is an excerpt of the emails I get sometimes. They are stored correctly in the repository, though. I am running rancid 2.3.2 on Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed to protect the names of the innocent, as well as my job. ;)

is this IOS, PIX, ASA, or ??

> Index: configs/172.16.0.2
> ===================================================================
> retrieving revision 1.393
> diff -U 4 -r1.393 172.16.0.2
> @@ -898,8 +898,11 @@
> access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0 10.119.17.0 255.255.255.0
> access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0 172.16.6.0 255.255.255.248
> access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0 172.16.6.0 255.255.255.248
> access-list nat0_inside extended permit ip 192.168.100.0 255.255.255.0 172.16.6.0 255.255.255.248
> + access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
> + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit ip
> + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
> + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
> + 255.255.255.248
> access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 192.168.254.0 255.255.255.0
> access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0 10.16.0.0 255.255.0.0
> access-list static_nat_vendor1 extended permit ip 192.168.100.0 255.255.255.0 host 172.30.255.1
> access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host 10.0.1.2 @@ -1103,8 +1106,10 @@
> access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
> access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 10.0.0.0 255.0.0.0
> access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 172.16.0.0 255.240.0.0
> access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248 192.168.0.0 255.255.0.0
> + access-list vendor3 extended permit ip host 172.16.6.3 host
> + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
> + host 172.16.0.2
> no pager
> logging enable
> logging timestamp
> logging asdm-buffer-size 200
>
>
> --Chris
>
>
> > -----Original Message-----
> > From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-
> > bounces [at] shrubbery] On Behalf Of Per-Olof Olsson
> > Sent: Friday, September 09, 2011 2:48 AM
> > To: P C
> > Cc: rancid-discuss [at] shrubbery
> > Subject: Re: [rancid] terminal width on Cisco ASA
> >
> > Not running any ASA but IOS and nexus switches.
> >
> > Have done some tests to extend width to max, by set width
> > it multiple times in clogin script.
> >
> > Just now running clogin using width 500 (nexus max 512) or
> > "no wrap" for IOS switches supporting "terminal width 0".
> >
> > If you not set width in scripts you will get
> > 80 when running from cron ("default vt100") or
> > current window width from where you run command by hand.
> >
> > In later versions of clogin width set to 80
> >
> > Diff from my running version of clogin.in (rancid 2.3.6)
> > ------------------------------------------------------
> > > diff -c clogin.in.ORG clogin.in
> >
> > *** clogin.in.ORG Wed Oct 6 22:31:24 2010
> > --- clogin.in Wed Jan 19 12:18:57 2011
> > ***************
> > *** 622,627 ****
> > --- 622,629 ----
> > set command "set logging session disable;$command"
> > } else {
> > send "terminal length 0\r"
> > + # More ugly code to turn of line wrap /Peo
> > + set command "terminal width 0;$command"
> > }
> > # match cisco config mode prompts too, such as router(config-if)#,
> > # but catalyst does not change in this fashion.
> > ***************
> > *** 921,927 ****
> > } else {
> > send "terminal length 0\r"
> > expect -re $prompt {}
> > ! send "terminal width 80\r"
> > }
> > expect -re $prompt {}
> > source $sfile
> > --- 923,934 ----
> > } else {
> > send "terminal length 0\r"
> > expect -re $prompt {}
> > ! # send "terminal width 80\r"
> > ! # Set long lines for NEXUS
> > ! # and no line wrap on IOS /Peo
> > ! send "set width 500\r"
> > ! expect -re $prompt {}
> > ! send "set width 0\r"
> > }
> > expect -re $prompt {}
> > source $sfile
> > -----------------------------------
> >
> > P C skrev 2011-09-08 18:26:
> > > How is the terminal width communicated to the Cisco security appliance
> > > by rancid-run when kicked off via crontab? I am getting output in my
> > > alerts like this, almost like it's cutting off at ~60-70 characters or
> > > so. When viewing through a shell via SSH, the output is the width of
> > > the window without issue and is not truncated.
> > >
> > > Is this some sort of variable I can set so the output does not get
> > > kicked to the next line like this?
> > >
> > > Or perhaps is this happening after the SSH session, and during the
> > > e-mail/CVS diff process?
> > >
> > > I have also considered terminal width xxx Cisco ASA side, but this is
> > > a permanent configuration command (config) mode and not a per-session
> > > exec command, so it's probably better just to send the right width to
> > > it in the first place via the SSH/terminal negotiation, however this
> > > may be done.
> > >
> > > + access-list myaclname extended permit ip host 10.100.100.100
> > > + object-group MY_OBJECT log warnings interval 10
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss [at] shrubbery
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> >
> > /Peo
> > ----------------------------------------------------------
> > Per-Olof Olsson Email: peo [at] chalmers
> > Chalmers tekniska h?gskola IT-service
> > H?rsalsv?gen 5 412 96 G?teborg
> > Tel: 031/772 6738 Fax: 031/772 8680
> > ----------------------------------------------------------
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss [at] shrubbery
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> CONFIDENTIALITY NOTICE
> Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


heas at shrubbery

Sep 9, 2011, 9:07 AM

Post #7 of 10 (3818 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Fri, Sep 09, 2011 at 03:53:14PM +0000, john heasley:
> > In later versions of clogin width set to 80
>
> i changed that to 132 for clogin [-s|-c], but this was to stop a few
> show commands from oscillating, particularly show vlan. but, i've not
> seen the device wrap other lines as thread is implying for nexus and
> ASA, of which I have none. is this perhaps driven by some other variable
> on these devices, such as terminal type? ie: particular types have or
> lack some capability. 500 seems like it would not be strictly portable.

fwiw, the desired effect from my PoV is that the device do no screen
manipulation in any manner what so ever for -c or -s (command or script)
mode of the login scripts. no line length handling, no line shifting,
no bolding, refreshing, etc etc.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


cgauthier at mapscu

Sep 9, 2011, 9:12 AM

Post #8 of 10 (3818 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
> Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier:
> > Here is an excerpt of the emails I get sometimes. They are stored
> > correctly in the repository, though. I am running rancid 2.3.2 on
> > Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been changed
> > to protect the names of the innocent, as well as my job. ;)
>
> is this IOS, PIX, ASA, or ??

Sorry, ASA 5520 running v8.2(2.17)

>
> > Index: configs/172.16.0.2
> >
> =============================================================
> ======
> > retrieving revision 1.393
> > diff -U 4 -r1.393 172.16.0.2
> > @@ -898,8 +898,11 @@
> > access-list nat0_inside extended permit ip 192.168.124.0 255.255.255.0
> 10.119.17.0 255.255.255.0
> > access-list nat0_inside extended permit ip 192.168.123.0 255.255.255.0
> 172.16.6.0 255.255.255.248
> > access-list nat0_inside extended permit ip 192.168.4.0 255.255.255.0
> 172.16.6.0 255.255.255.248
> > access-list nat0_inside extended permit ip 192.168.100.0
> > 255.255.255.0 172.16.6.0 255.255.255.248
> > + access-list nat0_inside extended permit ip 192.168.0.0 255.255.255.0
> > + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit
> > + ip
> > + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
> > + nat0_inside extended permit ip 172.16.0.0 255.255.255.240 172.16.6.0
> > + 255.255.255.248
> > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
> 192.168.254.0 255.255.255.0
> > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
> 10.16.0.0 255.255.0.0
> > access-list static_nat_vendor1 extended permit ip 192.168.100.0
> 255.255.255.0 host 172.30.255.1
> > access-list cryptomap_vendor2 extended permit ip host 10.255.255.2 host
> 10.0.1.2 @@ -1103,8 +1106,10 @@
> > access-list outside_access_out extended deny ip any 172.16.0.0 255.240.0.0
> > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248
> 10.0.0.0 255.0.0.0
> > access-list nat0_vendor3 extended permit ip 172.16.6.0 255.255.255.248
> 172.16.0.0 255.240.0.0
> > access-list nat0_vendor3 extended permit ip 172.16.6.0
> > 255.255.255.248 192.168.0.0 255.255.0.0
> > + access-list vendor3 extended permit ip host 172.16.6.3 host
> > + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
> > + host 172.16.0.2
> > no pager
> > logging enable
> > logging timestamp
> > logging asdm-buffer-size 200
> >
> >
> > --Chris
> >
> >
> > > -----Original Message-----
> > > From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-
> > > bounces [at] shrubbery] On Behalf Of Per-Olof Olsson
> > > Sent: Friday, September 09, 2011 2:48 AM
> > > To: P C
> > > Cc: rancid-discuss [at] shrubbery
> > > Subject: Re: [rancid] terminal width on Cisco ASA
> > >
> > > Not running any ASA but IOS and nexus switches.
> > >
> > > Have done some tests to extend width to max, by set width it
> > > multiple times in clogin script.
> > >
> > > Just now running clogin using width 500 (nexus max 512) or "no wrap"
> > > for IOS switches supporting "terminal width 0".
> > >
> > > If you not set width in scripts you will get
> > > 80 when running from cron ("default vt100") or current window width
> > > from where you run command by hand.
> > >
> > > In later versions of clogin width set to 80
> > >
> > > Diff from my running version of clogin.in (rancid 2.3.6)
> > > ------------------------------------------------------
> > > > diff -c clogin.in.ORG clogin.in
> > >
> > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010
> > > --- clogin.in Wed Jan 19 12:18:57 2011
> > > ***************
> > > *** 622,627 ****
> > > --- 622,629 ----
> > > set command "set logging session disable;$command"
> > > } else {
> > > send "terminal length 0\r"
> > > + # More ugly code to turn of line wrap /Peo set command "terminal
> > > + width 0;$command"
> > > }
> > > # match cisco config mode prompts too, such as router(config-if)#,
> > > # but catalyst does not change in this fashion.
> > > ***************
> > > *** 921,927 ****
> > > } else {
> > > send "terminal length 0\r"
> > > expect -re $prompt {}
> > > ! send "terminal width 80\r"
> > > }
> > > expect -re $prompt {}
> > > source $sfile
> > > --- 923,934 ----
> > > } else {
> > > send "terminal length 0\r"
> > > expect -re $prompt {}
> > > ! # send "terminal width 80\r"
> > > ! # Set long lines for NEXUS
> > > ! # and no line wrap on IOS /Peo
> > > ! send "set width 500\r"
> > > ! expect -re $prompt {}
> > > ! send "set width 0\r"
> > > }
> > > expect -re $prompt {}
> > > source $sfile
> > > -----------------------------------
> > >
> > > P C skrev 2011-09-08 18:26:
> > > > How is the terminal width communicated to the Cisco security
> > > > appliance by rancid-run when kicked off via crontab? I am getting
> > > > output in my alerts like this, almost like it's cutting off at
> > > > ~60-70 characters or so. When viewing through a shell via SSH,
> > > > the output is the width of the window without issue and is not truncated.
> > > >
> > > > Is this some sort of variable I can set so the output does not get
> > > > kicked to the next line like this?
> > > >
> > > > Or perhaps is this happening after the SSH session, and during the
> > > > e-mail/CVS diff process?
> > > >
> > > > I have also considered terminal width xxx Cisco ASA side, but this
> > > > is a permanent configuration command (config) mode and not a
> > > > per-session exec command, so it's probably better just to send the
> > > > right width to it in the first place via the SSH/terminal
> > > > negotiation, however this may be done.
> > > >
> > > > + access-list myaclname extended permit ip host 10.100.100.100
> > > > + object-group MY_OBJECT log warnings interval 10
> > > > _______________________________________________
> > > > Rancid-discuss mailing list
> > > > Rancid-discuss [at] shrubbery
> > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >
> > >
> > > /Peo
> > > ----------------------------------------------------------
> > > Per-Olof Olsson Email: peo [at] chalmers
> > > Chalmers tekniska h?gskola IT-service
> > > H?rsalsv?gen 5 412 96 G?teborg
> > > Tel: 031/772 6738 Fax: 031/772 8680
> > > ----------------------------------------------------------
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss [at] shrubbery
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> >
> > ----------------------------------------------------------------------
> > ----------------------------------------------------------------------
> > ----------------------------------------------------------------------
> > CONFIDENTIALITY NOTICE
> > Attention: The information contained in this email and/or attachments is
> intended only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon, this
> information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and delete the
> material from any system and destroy any copies.
> > _______________________________________________
> > Rancid-discuss mailing list
> > Rancid-discuss [at] shrubbery
> > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


cgauthier at mapscu

Sep 16, 2011, 11:21 AM

Post #9 of 10 (3779 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
Did anyone ever figure out the line wrapping at all? It seems to be in the post-processing and not in the ASA.

> > Fri, Sep 09, 2011 at 08:52:41AM -0700, Chris Gauthier:
> > > Here is an excerpt of the emails I get sometimes. They are stored
> > > correctly in the repository, though. I am running rancid 2.3.2 on
> > > Ubuntu Server 10.04.1 LTS. Portions of this excerpt have been
> > > changed to protect the names of the innocent, as well as my job. ;)
> >
> > is this IOS, PIX, ASA, or ??
>
> Sorry, ASA 5520 running v8.2(2.17)
>
> >
> > > Index: configs/172.16.0.2
> > >
> >
> =============================================================
> > ======
> > > retrieving revision 1.393
> > > diff -U 4 -r1.393 172.16.0.2
> > > @@ -898,8 +898,11 @@
> > > access-list nat0_inside extended permit ip 192.168.124.0
> > > 255.255.255.0
> > 10.119.17.0 255.255.255.0
> > > access-list nat0_inside extended permit ip 192.168.123.0
> > > 255.255.255.0
> > 172.16.6.0 255.255.255.248
> > > access-list nat0_inside extended permit ip 192.168.4.0
> > > 255.255.255.0
> > 172.16.6.0 255.255.255.248
> > > access-list nat0_inside extended permit ip 192.168.100.0
> > > 255.255.255.0 172.16.6.0 255.255.255.248
> > > + access-list nat0_inside extended permit ip 192.168.0.0
> > > + 255.255.255.0
> > > + 172.16.6.0 255.255.255.248 access-list nat0_inside extended permit
> > > + ip
> > > + 10.75.2.0 255.255.255.0 172.16.6.0 255.255.255.248 access-list
> > > + nat0_inside extended permit ip 172.16.0.0 255.255.255.240
> > > + 172.16.6.0
> > > + 255.255.255.248
> > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
> > 192.168.254.0 255.255.255.0
> > > access-list nat0_dmz extended permit ip 172.16.1.0 255.255.255.0
> > 10.16.0.0 255.255.0.0
> > > access-list static_nat_vendor1 extended permit ip 192.168.100.0
> > 255.255.255.0 host 172.30.255.1
> > > access-list cryptomap_vendor2 extended permit ip host 10.255.255.2
> > > host
> > 10.0.1.2 @@ -1103,8 +1106,10 @@
> > > access-list outside_access_out extended deny ip any 172.16.0.0
> 255.240.0.0
> > > access-list nat0_vendor3 extended permit ip 172.16.6.0
> > > 255.255.255.248
> > 10.0.0.0 255.0.0.0
> > > access-list nat0_vendor3 extended permit ip 172.16.6.0
> > > 255.255.255.248
> > 172.16.0.0 255.240.0.0
> > > access-list nat0_vendor3 extended permit ip 172.16.6.0
> > > 255.255.255.248 192.168.0.0 255.255.0.0
> > > + access-list vendor3 extended permit ip host 172.16.6.3 host
> > > + 172.16.6.1 access-list vendor3 extended permit ip host 172.16.6.3
> > > + host 172.16.0.2
> > > no pager
> > > logging enable
> > > logging timestamp
> > > logging asdm-buffer-size 200
> > >
> > >
> > > --Chris
> > >
> > >
> > > > -----Original Message-----
> > > > From: rancid-discuss-bounces [at] shrubbery [mailto:rancid-discuss-
> > > > bounces [at] shrubbery] On Behalf Of Per-Olof Olsson
> > > > Sent: Friday, September 09, 2011 2:48 AM
> > > > To: P C
> > > > Cc: rancid-discuss [at] shrubbery
> > > > Subject: Re: [rancid] terminal width on Cisco ASA
> > > >
> > > > Not running any ASA but IOS and nexus switches.
> > > >
> > > > Have done some tests to extend width to max, by set width it
> > > > multiple times in clogin script.
> > > >
> > > > Just now running clogin using width 500 (nexus max 512) or "no wrap"
> > > > for IOS switches supporting "terminal width 0".
> > > >
> > > > If you not set width in scripts you will get
> > > > 80 when running from cron ("default vt100") or current window
> > > > width from where you run command by hand.
> > > >
> > > > In later versions of clogin width set to 80
> > > >
> > > > Diff from my running version of clogin.in (rancid 2.3.6)
> > > > ------------------------------------------------------
> > > > > diff -c clogin.in.ORG clogin.in
> > > >
> > > > *** clogin.in.ORG Wed Oct 6 22:31:24 2010
> > > > --- clogin.in Wed Jan 19 12:18:57 2011
> > > > ***************
> > > > *** 622,627 ****
> > > > --- 622,629 ----
> > > > set command "set logging session disable;$command"
> > > > } else {
> > > > send "terminal length 0\r"
> > > > + # More ugly code to turn of line wrap /Peo set command "terminal
> > > > + width 0;$command"
> > > > }
> > > > # match cisco config mode prompts too, such as router(config-if)#,
> > > > # but catalyst does not change in this fashion.
> > > > ***************
> > > > *** 921,927 ****
> > > > } else {
> > > > send "terminal length 0\r"
> > > > expect -re $prompt {}
> > > > ! send "terminal width 80\r"
> > > > }
> > > > expect -re $prompt {}
> > > > source $sfile
> > > > --- 923,934 ----
> > > > } else {
> > > > send "terminal length 0\r"
> > > > expect -re $prompt {}
> > > > ! # send "terminal width 80\r"
> > > > ! # Set long lines for NEXUS
> > > > ! # and no line wrap on IOS /Peo
> > > > ! send "set width 500\r"
> > > > ! expect -re $prompt {}
> > > > ! send "set width 0\r"
> > > > }
> > > > expect -re $prompt {}
> > > > source $sfile
> > > > -----------------------------------
> > > >
> > > > P C skrev 2011-09-08 18:26:
> > > > > How is the terminal width communicated to the Cisco security
> > > > > appliance by rancid-run when kicked off via crontab? I am
> > > > > getting output in my alerts like this, almost like it's cutting
> > > > > off at
> > > > > ~60-70 characters or so. When viewing through a shell via SSH,
> > > > > the output is the width of the window without issue and is not truncated.
> > > > >
> > > > > Is this some sort of variable I can set so the output does not
> > > > > get kicked to the next line like this?
> > > > >
> > > > > Or perhaps is this happening after the SSH session, and during
> > > > > the e-mail/CVS diff process?
> > > > >
> > > > > I have also considered terminal width xxx Cisco ASA side, but
> > > > > this is a permanent configuration command (config) mode and not
> > > > > a per-session exec command, so it's probably better just to send
> > > > > the right width to it in the first place via the SSH/terminal
> > > > > negotiation, however this may be done.
> > > > >
> > > > > + access-list myaclname extended permit ip host 10.100.100.100
> > > > > + object-group MY_OBJECT log warnings interval 10
> > > > > _______________________________________________
> > > > > Rancid-discuss mailing list
> > > > > Rancid-discuss [at] shrubbery
> > > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > > >
> > > >
> > > > /Peo
> > > > ----------------------------------------------------------
> > > > Per-Olof Olsson Email: peo [at] chalmers
> > > > Chalmers tekniska h?gskola IT-service
> > > > H?rsalsv?gen 5 412 96 G?teborg
> > > > Tel: 031/772 6738 Fax: 031/772 8680
> > > > ----------------------------------------------------------
> > > > _______________________________________________
> > > > Rancid-discuss mailing list
> > > > Rancid-discuss [at] shrubbery
> > > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
> > >
> > > --------------------------------------------------------------------
> > > --
> > > --------------------------------------------------------------------
> > > --
> > > --------------------------------------------------------------------
> > > --
> > > CONFIDENTIALITY NOTICE
> > > Attention: The information contained in this email and/or
> > > attachments is
> > intended only for the person or entity to which it is addressed and
> > may contain confidential and/or privileged material. Any review,
> > retransmission, dissemination or other use of, or taking of any action
> > in reliance upon, this information by persons or entities other than
> > the intended recipient is prohibited. If you received this in error,
> > please contact the sender and delete the material from any system and
> destroy any copies.
> > > _______________________________________________
> > > Rancid-discuss mailing list
> > > Rancid-discuss [at] shrubbery
> > > http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
>
> ------------------------------------------------------------------------------------------------------
> ------------------------------------------------------------------------------------------------------
> ------
> CONFIDENTIALITY NOTICE
> Attention: The information contained in this email and/or attachments is
> intended only for the person or entity to which it is addressed and may contain
> confidential and/or privileged material. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon, this
> information by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the sender and delete the
> material from any system and destroy any copies.
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss [at] shrubbery
> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONFIDENTIALITY NOTICE
Attention: The information contained in this email and/or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies.
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


peo at chalmers

Sep 17, 2011, 1:20 AM

Post #10 of 10 (3870 views)
Permalink
Re: terminal width on Cisco ASA [In reply to]
john heasley skrev 2011-09-09 18:07:
> Fri, Sep 09, 2011 at 03:53:14PM +0000, john heasley:
>>> In later versions of clogin width set to 80
>>
>> i changed that to 132 for clogin [-s|-c], but this was to stop a few
>> show commands from oscillating, particularly show vlan. but, i've not
>> seen the device wrap other lines as thread is implying for nexus and
>> ASA, of which I have none. is this perhaps driven by some other variable
>> on these devices, such as terminal type? ie: particular types have or
>> lack some capability. 500 seems like it would not be strictly portable.
>
> fwiw, the desired effect from my PoV is that the device do no screen
> manipulation in any manner what so ever for -c or -s (command or script)
> mode of the login scripts. no line length handling, no line shifting,
> no bolding, refreshing, etc etc.


Sorry.
Some days, most get wrong.


1. First nexus that fooled me.

After some test I find out that turning of pager also turn off wrapping.
(Nexus 5000 running version 4.2(1)N2(1a) )

Can't find any notes of this in Nexus manuals. Only ACE manual have a
note about terminal length settings:
"A value of 0 instructs the ACE to scroll continuously (no pausing) and
overrides the terminal width command."

For NX-os it looks like "terminal length 0" is what needed for initial
terminal settings to rancid.




2. Thanks for the note. I have installed the wrong version when I
updated clogin.in

Rewrite it one more time to make i easy to read and use the same lines
for command and script.
I still like to ad "terminal width 0" to one of ours 6500. The output
from show vlan is 600+ character long! And it's easier to post process
one liners from rancid.

-x_test-----------------------
show terminal
exit
-eof--------------------------

-s_test-----------------------
send "\r"
expect -re $prompt {}
send "show terminal\r"
expect -re $prompt {}
send_user $expect_out(buffer)
send "exit\r"
-eof--------------------------

/115-> clogin -x x_test cisco_6500
cisco_6500
spawn ssh -c 3des -x -l rancid cisco_6500

cisco_6500>enable
Password:
cisco_6500#
cisco_6500#terminal width 0
cisco_6500#terminal length 0
cisco_6500#show terminal
Line 1, Location: "", Type: "xterm"
Length: 0 lines, Width: 0 columns
Baud rate (TX/RX) is 9600/9600
...

/116-> clogin -s s_test cisco_6500
cisco_6500
show terminal
Line 1, Location: "", Type: "xterm"
Length: 0 lines, Width: 0 columns
Baud rate (TX/RX) is 9600/9600


/117-> clogin -x x_test nx-5000
nx-5000
spawn ssh -i .ssh/Rancid-to-Nexus -c 3des -x -l rancid nx_5000
Nexus 5000 Switch
...
nx-5000#
nx-5000# terminal width 0
^
% Invalid number, range is (24:511) at '^' marker.
nx-5000# terminal length 0
nx-5000# show terminal
TTY: /dev/pts/2 Type: "xterm"
Length: 0 lines, Width: 81 columns
Session Timeout: 30 minutes
...


/118-> clogin -s s_test nx_5000
nx_5000
show terminal
TTY: /dev/pts/2 Type: "xterm"
Length: 0 lines, Width: 81 columns
Session Timeout: 30 minutes
...


After install new patch I test to run it on our site with a mix of
2950,2960,3750, 3560, 6500 and nx-5010's.



My new patch---------------------------------------------
*** clogin.in.ORG Wed Oct 6 22:31:24 2010
--- clogin.in Thu Sep 15 05:20:01 2011
***************
*** 621,626 ****
--- 621,634 ----
# subsequent expects to handle everything as normal.
set command "set logging session disable;$command"
} else {
+ # To prevent diffs from some IOS "show vlan" output
+ # use fixed line width
+ # send "terminal width 80\r"
+ # expect -re $prompt {}
+ # some IOS "no wrap"
+ send "terminal width 0\r"
+ expect -re $prompt {}
+ #
send "terminal length 0\r"
}
# match cisco config mode prompts too, such as router(config-if)#,
***************
*** 919,927 ****
expect -re $prompt {}
send "set logging session disable\r"
} else {
! send "terminal length 0\r"
expect -re $prompt {}
! send "terminal width 80\r"
}
expect -re $prompt {}
source $sfile
--- 927,940 ----
expect -re $prompt {}
send "set logging session disable\r"
} else {
! # use fixed line width
! # send "terminal width 80\r"
! # expect -re $prompt {}
! # some ios "no wrap"
! send "terminal width 0\r"
expect -re $prompt {}
! #
! send "terminal length 0\r"
}
expect -re $prompt {}
source $sfile
-end of patch------------------------------------



Notes:
1. I can't test extreme switches but it look lite clogin skip initial
terminal settings only for commands
“ if { [ string compare "extreme" "$platform" ] } {“
not for scripts!

2. Is there any dist of clogin having “terminal width” for commands?
clogin 2.3.6 only have it for scripts!


/Peo
----------------------------------------------------------
Per-Olof Olsson Email: peo [at] chalmers
Chalmers tekniska högskola IT-service
Hörsalsvägen 5 412 96 Göteborg
Tel: 031/772 6738 Fax: 031/772 8680
----------------------------------------------------------
_______________________________________________
Rancid-discuss mailing list
Rancid-discuss [at] shrubbery
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss

RANCID users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.