ConfigStore Plugin

[chadd]

Can someone post screenshots of their working configstore settings and device settings?? I 'm using v7 and when I add a device/under debug info i see a successful tftp backup to my tftp server...but the file is not on my tftp server .....I can successfully run the copy run tftp from any of my cisco switches and send the config files to the /tftpboot dir on my server...

Thanks
Cliff

I would make sure that the path to your TFTP root is specified in the ConfigStore settings, and that your web server user has r/w permissions to that directory. If those things are the case, please provide the debug log, your settings, and an ls -al(dir) of the directory you have configured in the settings.

-chadd.

[tgrenda34]

Having ttrouble troubleshooting configstore. I created a new expect file that works for the Juniper EX4200. I cannot get the capture to work. When I look at the debug output it is blank. There is no log file created either. I am running Ubuntu 10.04.4 AMD64 wit cacti 0.8.7i with PIA 3.1. Any assistance would be greatly appreciated. The expect file works when using the following command:
./juniper.exp switch_ip username password enablepw scp cacti_server_ip path_to_storage_folder ssh cacti_server_username cacti_server_password

The files successfully downloads into the correct folder provided when run from the command line. any ideas where to begin looking?

[chadd]

Having ttrouble troubleshooting configstore. I created a new expect file that works for the Juniper EX4200. I cannot get the capture to work. When I look at the debug output it is blank. There is no log file created either. I am running Ubuntu 10.04.4 AMD64 wit cacti 0.8.7i with PIA 3.1. Any assistance would be greatly appreciated. The expect file works when using the following command:
./juniper.exp switch_ip username password enablepw scp cacti_server_ip path_to_storage_folder ssh cacti_server_username cacti_server_password

The files successfully downloads into the correct folder provided when run from the command line. any ideas where to begin looking?

first, does this (path_to_storage_folder) mean the filename? Because it needs to be a filename, not the path.

Second, did you create a PHP script to drive the expect script? Take a look at the example I gave earlier in this thread. The PHP script is what saves things to the database, creates the debug, etc. The expect script is only for command line interaction with the device.

Look in the [path to configstore]/lib directory, and you will find a cisco-ios.php file. Use that as a template, and see how it calls the cisco_ios-ssh.exp script to initiate a backup via the command line. The cisco-ios.php script handles the snmp backup method by itself. Also, the PHP script is what is "indexed" by the web front end. When you edit a device, and choose a backup script (when your done creating your scripts) you should see a "juniper" method (or whatever you called it) in the drop down.

Let me know if this helps.

-chadd.

[tgrenda34]

I put the new php script (juniper.php) into the configstor/lib folder. I addedd the three expectfiles for the juniper switch into the configstore/lib folder (juniper-ssh.exp, juniper-telnet.exp, juniper-scpserver.exp). The Device type Juniper did not show up in the drop down menu. Am I missing something here or do i need to add it in via mysql database?

To answer your previous question, I did use the complete path and filename wehn running the expect file juniper-ssh.exp.

Thanks again for your assistance.

Tony

[tgrenda34]

Found out I had permissions wrong on cacti/rra, cacti/log, cacti/plugins/configstore/log and, cacti/plugins/configstore/backup folders. I am now receiving debug information i can use to fix the issues.

Thanks

[tgrenda34]

Correction. Added debug line $log->lwrite($cmd); to file juniper.php right before exec($cmd, $result, $return_code);

Nothing added to file. Receiving this debug output:
spawn /usr/bin/ssh ######@######
Could not create directory '/var/www/.ssh'.
The authenticity of host '######## (########)' can't be established.
RSA key fingerprint is a1:41:9c:66:ea:19:3b:8a:8a:af:38:0c:5d:05:a1:d5.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).
root@10.1.1.1's password:
--- JUNOS 10.4R3.4 built 2011-03-19 22:06:32 UTC
Terminal type? [xterm] RETURN CODE: 1

Looks like a permission error

[chadd]

Correction. Added debug line $log->lwrite($cmd); to file juniper.php right before exec($cmd, $result, $return_code);

Nothing added to file. Receiving this debug output:
spawn /usr/bin/ssh ######@######
Could not create directory '/var/www/.ssh'.
The authenticity of host '######## (########)' can't be established.
RSA key fingerprint is a1:41:9c:66:ea:19:3b:8a:8a:af:38:0c:5d:05:a1:d5.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).
root@10.1.1.1's password:
--- JUNOS 10.4R3.4 built 2011-03-19 22:06:32 UTC
Terminal type? [xterm] RETURN CODE: 1

Looks like a permission error

Did you get it figured out? Yes, that would be a permission error. If you are running your scripts with a user (say cactiuser) and not www-data, you will have to make sure that the user you are running the php process with has permission to r/w to the /var/www directory. There are many ways to accomplish this, but I'll leave that up to you and your security practices. Keep in mind that the way in which SSH is configured out of the box, is to use the "know_hosts" file. This means that when you, say, change out a switch because it failed (and your using "known_hosts" - for example), you will have to go into the "known_hosts" file and delete the line that contains the RSA key fingerprint for that host. That way, when you do a backup again, you don't get a "keys don't match" error. FYI.

Hope it is working for you.

-chadd.

[tgrenda34]

I did get it worked out for the Juniper EX 4200 Switches. I will post in a later. Now I am working on Nortel Networks 470, 5510, and Business Policy Switch 2000 confgiuration dumping using telnet.

[chadd]

I did get it worked out for the Juniper EX 4200 Switches. I will post in a later. Now I am working on Nortel Networks 470, 5510, and Business Policy Switch 2000 confgiuration dumping using telnet.

Good luck with the Nortels.. I tried that myself a while back and found that the Nortel switches were so different, depending on the model, switch code, etc. that I couldn't find a standard method of backing them up. Besides the fact that most of the time, the text config you where able to get would still require additional configuration when restoring it to another switch. Anyway, thanks for the update.

[tgrenda34]

Found a generic method of downloading Nortel code for the following versions - 470, 5510, and Business Policy Switch 2000. Have to check the text file closely to see if it is missing anything from configuration. Working good for the small selection of switches we have here. All switches within a model type are running the same firmware version. I am backing up using telnet and TFTP.

[spoonman]

Thanks to Chadd for this great plugin...i've finally gotten mine backing up all IOS devices, my ASA...my CATOS switches are alittle tough..the files uploaded work but it seems to timeout and not run the cisco-CATOS.php completely..does anyone know if there is a place to add more time for this to run? im trying to look thru the script...


I usually get something like this..
HOST> (enable) copy config tftp://HOST.cfg all
IP address or name of remote host [***.30.23.32]? ***.30.23.32

Upload configuration to tftp://HOST.cfg, (y/n) [n]? y

...............
..........................
..........................
..........................
..........RETURN CODE: 1


Thanks

[andrewpaulb]

Hi Guys,

I need a script to simple get the version of my cisco switches... I tried to modify current scripts but without success.. Can you help ?

Thanks
Andrew

[chadd]

Thanks to Chadd for this great plugin...i've finally gotten mine backing up all IOS devices, my ASA...my CATOS switches are alittle tough..the files uploaded work but it seems to timeout and not run the cisco-CATOS.php completely..does anyone know if there is a place to add more time for this to run? im trying to look thru the script...


I usually get something like this..
HOST> (enable) copy config tftp://HOST.cfg all
IP address or name of remote host [***.30.23.32]? ***.30.23.32

Upload configuration to tftp://HOST.cfg, (y/n) [n]? y

...............
..........................
..........................
..........................
..........RETURN CODE: 1


Thanks

I would run the expect script manually from the command line and see where it is failing. Could be all sorts of things, but it likely can be fixed by tweaking the expect script.
The script is here: cacti/plugins/configstore/lib/cisco_ios-telnet.exp or cacti/plugins/configstore/lib/cisco_ios-ssh.exp - not sure which one your using.. Good luck, and sorry I have been away from Cacti for a while. I'll try to keep a better eye on the forums.

[chadd]

Hi Guys,

I need a script to simple get the version of my cisco switches... I tried to modify current scripts but without success.. Can you help ?

Thanks
Andrew

Not sure what your goal is, but if you just want to get the version of software running on a device, your best bet is to do the following:

snmpget -v [version] -c [read string] [ip of device] sysDescr.0

You'll get something like the following (this is a Cisco switch):

SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SED1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 22-Nov-05 23:37 by yenanh

You'll want to put that string in a variable, use explode to break it into an array by commas (or whatever your delimiter is), and then find the piece you are looking for in the resulting array and store that string in a variable to do with what you want - like so:

<?php
$sys_descr = `/usr/bin/snmpget -v [version] -c [read string] [ip of device] sysDescr.0`;

$my_array = explode(',', $sys_descr);

foreach ($my_array as $line) {
if (preg_match("/version/i", $line)) {
$do_something_with_this_string = $line;
}
}

Obviously I have not tried that code, but as a rough example it should work for getting the version in an Cisco IOS device. Other devices will likely have different output of the sysDescr MIB, and you'll have to likely write different code for different vendors devices. Anyway, good luck. Hope this helped.

[redneckgeek]

Must be missing something simple here...

Cacti 0.8.8a on Ubuntu 10.04.4 LTS
Plugins mactrack discovery aggregate configstore

configstore looks like it's working.. debug shows appropriate info, tftp server shows that the file was transferred, but backup fails, and there is no file in the directory or database. SNMP type debug also shows success for the commands, again tftp logs show transfer, but no file and backup fails.

Thoughts????
--- syslog - tftp
Oct 3 09:28:15 netmon tftpd[2806]: tftpd: trying to get file: test_bench.cfg
Oct 3 09:28:15 netmon tftpd[2806]: tftpd: serving file from /usr/share/cacti/site/plugins/configstore/backups
Oct 3 09:47:36 netmon tftpd[5237]: tftpd: trying to get file: office.cfg
Oct 3 09:47:36 netmon tftpd[5237]: tftpd: serving file from /usr/share/cacti/site/plugins/configstore/backups

--- SNMP debug
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a 1.2.3.4 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s office.cfg SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 6 SUCCESS

----- telnet debug
spawn /usr/bin/telnet 192.168.18.23
Trying 192.168.18.23...
Connected to 192.168.18.23.
Escape character is '^]'.


User Access Verification

Username: toe
Password:
TestBenchSwitch>enable
Password:
TestBenchSwitch#copy run tftp://1.2.3.4
Address or name of remote host [1.2.3.4]? 1.2.3.4
Destination filename [testbenchswitch-confg]? test_bench.cfg
!!
5283 bytes copied in 0.688 secs (7679 bytes/sec)
TestBenchSwitch#show version
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(44)SE2, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 01-May-08 15:28 by antonino
Image text-base: 0x00003000, data-base: 0x01600000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

TestBenchSwitch uptime is 6 weeks, 1 day, 3 hours, 47 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipbasek9-mz.122-44.SE2.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560-24TS (PowerPC405) processor (revision E0) with 0K/8184K bytes of memory.
Processor board ID FDO1124Y3PH
Last reset from power-on
3 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1C:57:BB:19:80
Motherboard assembly number : 73-9897-06
Power supply part number : 341-0097-02
Motherboard serial number : FDO11240DQ0
Power supply serial number : AZS111502G8
Model revision number : E0
Motherboard revision number : B0
Model number : WS-C3560-24TS-S
System serial number : FDO1124Y3PH
Top Assembly Part Number : 800-26160-02
Top Assembly Revision Number : E0
Version ID : V02
CLEI Code Number : COMMG00ARB
Hardware Board Revision Number : 0x01


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3560-24TS 12.2(44)SE2 C3560-IPBASEK9-M


Configuration register is 0xF

TestBenchSwitch#
RETURN CODE: 0