ConfigStore Plugin

[chadd]

Must be missing something simple here...

Cacti 0.8.8a on Ubuntu 10.04.4 LTS
Plugins mactrack discovery aggregate configstore

configstore looks like it's working.. debug shows appropriate info, tftp server shows that the file was transferred, but backup fails, and there is no file in the directory or database. SNMP type debug also shows success for the commands, again tftp logs show transfer, but no file and backup fails.

Thoughts????
--- syslog - tftp
Oct 3 09:28:15 netmon tftpd[2806]: tftpd: trying to get file: test_bench.cfg
Oct 3 09:28:15 netmon tftpd[2806]: tftpd: serving file from /usr/share/cacti/site/plugins/configstore/backups
Oct 3 09:47:36 netmon tftpd[5237]: tftpd: trying to get file: office.cfg
Oct 3 09:47:36 netmon tftpd[5237]: tftpd: serving file from /usr/share/cacti/site/plugins/configstore/backups

--- SNMP debug
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.2.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.3.111 i 4 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.4.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.5.111 a 1.2.3.4 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.6.111 s office.cfg SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 1 SUCCESS
/usr/bin/snmpset -r 3 -t 500 -Oqv -v 2c -c <rwcommunity> 10.6.10.4:161 1.3.6.1.4.1.9.9.96.1.1.1.1.14.111 i 6 SUCCESS

----- telnet debug
spawn /usr/bin/telnet 192.168.18.23
Trying 192.168.18.23...
Connected to 192.168.18.23.
Escape character is '^]'.


User Access Verification

Username: toe
Password:
TestBenchSwitch>enable
Password:
TestBenchSwitch#copy run tftp://1.2.3.4
Address or name of remote host [1.2.3.4]? 1.2.3.4
Destination filename [testbenchswitch-confg]? test_bench.cfg
!!
5283 bytes copied in 0.688 secs (7679 bytes/sec)
TestBenchSwitch#show version
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(44)SE2, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 01-May-08 15:28 by antonino
Image text-base: 0x00003000, data-base: 0x01600000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)

TestBenchSwitch uptime is 6 weeks, 1 day, 3 hours, 47 minutes
System returned to ROM by power-on
System image file is "flash:c3560-ipbasek9-mz.122-44.SE2.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560-24TS (PowerPC405) processor (revision E0) with 0K/8184K bytes of memory.
Processor board ID FDO1124Y3PH
Last reset from power-on
3 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:1C:57:BB:19:80
Motherboard assembly number : 73-9897-06
Power supply part number : 341-0097-02
Motherboard serial number : FDO11240DQ0
Power supply serial number : AZS111502G8
Model revision number : E0
Motherboard revision number : B0
Model number : WS-C3560-24TS-S
System serial number : FDO1124Y3PH
Top Assembly Part Number : 800-26160-02
Top Assembly Revision Number : E0
Version ID : V02
CLEI Code Number : COMMG00ARB
Hardware Board Revision Number : 0x01


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3560-24TS 12.2(44)SE2 C3560-IPBASEK9-M


Configuration register is 0xF

TestBenchSwitch#
RETURN CODE: 0

My first guess would be a permissions problem. If the user running the ConfigStore poller process does not have access to write to the directory that the TFTP server is putting the files in, then this kind of thing could happen. My next guess would be that the TFTP root is not where you have it configured in the ConfigStore settings. Please check those things and let me know what you find.

-chadd.

[redneckgeek]

GOT IT... Definitly permissions,

tftpd running as nobody.nogroup, creating files with 002 umask. no amount of futzing with the umask in xinitd seems to fix it, so just running tfptd as same user as apache, and is happy now. If someone wants to point out the more secure way, I'd appreciate it. Tried umask = 002 in tftpd.conf, changing umask on directory etc. etc.

/rh

[grekocr]

Hi All,

Just my two cents into this issue.

Given that you have already successfully connect thru SSH to the routers.

Wouldnt it be simplier to execute a show run command, and capture the output, and write it directly on the Cacti server backup folders?

Actually, you could enhance the script, so that I can also accept commands from the user, and collect all the output to files on the Cacti server as well.

I wish I do had the development skills required to implement it myself, but Im sure it wont be hard for you guys.

[andrewpaulb84]

Is it possible to backup Cisco Load Balancer ASA & Cisco FWSM Firewall ? What settings to use and what should i enable from the devices ?

Regards
Andrew

[chadd]

Hi All,

Just my two cents into this issue.

Given that you have already successfully connect thru SSH to the routers.

Wouldnt it be simplier to execute a show run command, and capture the output, and write it directly on the Cacti server backup folders?

Actually, you could enhance the script, so that I can also accept commands from the user, and collect all the output to files on the Cacti server as well.

I wish I do had the development skills required to implement it myself, but Im sure it wont be hard for you guys.

I am busy trying to get a working copy of the next version into production right now, but if you have more details about what you are trying to accomplish, I could take a look and see what I can do. As far as your stated method for backing up the config, yes it is easy to do it that way, but far slower then transferring the config via a file transfer protocol (which is an issue if like me you are backing up over 700 devices). Also, you run into issues, especially with Cisco devices, where the config in a show run is not complete. For example, with an ASA, the password and keys will show up as '******'. Try to put this on a new device, and you'll have issues (this actually happened with another group where I work now - not pretty...). Anyway, if there is some functionality that you would like added, just explain on this thread, or in a PM, and I will investigate. Thanks,

-chadd.

[chadd]

Is it possible to backup Cisco Load Balancer ASA & Cisco FWSM Firewall ? What settings to use and what should i enable from the devices ?

Regards
Andrew

Yes. You should be able to use the Cisco-ASA backup method. If that doesn't work for some reason, provide the login and backup procedure, and I'll try and investigate why it isn't working. If your problem is that you have to send the config to a different "backup server", or from a different "context", those issues will be resolved in the next version - although, the next version will be MUCH different then the current one. It is now more of a CMDB with the current functionality of ConfigStore in a module called Backupmanager. Anyway, let me know what you find out.

-chadd.

[willieb]

Is this still being actively developed? Does it work good with telnet/ssh? What about Cisco IOS XR? Thanks.

[chadd]

Is this still being actively developed? Does it work good with telnet/ssh? What about Cisco IOS XR? Thanks.

Hello Willie, and sorry for the late response. No, this is no longer being actively developed, but yes, the version on the site does support telnet/ssh/snmp/etc - and yes, Cisco IOS is supported.

If anyone is interested, they are welcome to take over the project. I just do not have time right now.

-chadd.

[evaldez]

Hi chadd,

Your plugin is very nice, I can make backup for Cisco Routers and Switches but I want to add a Cisco SG500 Backup, I add another php script but I cannot see the Backup from configstore, I can see the backup under /configstore/backups and the debug from the new script say the following:

spawn /usr/bin/telnet 10.10.1.1
Trying 10.10.1.1...
Connected to 10.10.1.1.
Escape character is '^]'.


User Name:Administrator

Password:************


sg500#copy flash://startup-config tftp://10.10.1.249/backup-date

21-Apr-2014 19:09:07 %COPY-I-FILECPY: Files Copy - source URL flash://startup-config destination URL tftp://10.10.1.249/backup-date
!!!!21-Apr-2014 19:09:25 %COPY-N-TRAP: The copy operation was completed successfully
!
Copy: 24594 bytes copied in 00:00:17 [hh:mm:ss]

sg500#show version

SW version 1.3.7.18 ( date 12-Jan-2014 time 18:04:29 )
Boot version 1.2.0.12 ( date 23-Nov-2011 time 08:31:59 )
HW version V02
sg500#

Can you help me please?

I attached both config files that I created.

Best regards.

[Atreides]

Hello,
I'm trying to use this plugin and I'm a bit stuck, here is the debug :

spawn /usr/bin/telnet 172.25.232.33
Trying 172.25.232.33...
Connected to 172.25.232.33.
Escape character is '^]'.


| |
||| |||
.:|||||:..:|||||:.



This is a secured device.
Unauthorized use is prohibited by law.
If you are not authorized to access this device please disconnect.


Username: test
Password:

cisco6500#enable
cisco6500#RETURN CODE: 1


It seems that the server is logged on cisco, but after that nothing happens. I tried manually to copy the conf from cisco to the tftp server, its working so its not a problem of firewall, permissions, etc. Any ideas?

[mmartens]

Hi,

I'm very interested in the Juniper code. So we can create proper backups of our Junipers.
Can somebody add thoose to this post?

Many thanks in advance!

Marcel

[Atreides]

Hello,
I'm trying to use this plugin and I'm a bit stuck, here is the debug :

spawn /usr/bin/telnet 172.25.232.33
Trying 172.25.232.33...
Connected to 172.25.232.33.
Escape character is '^]'.


| |
||| |||
.:|||||:..:|||||:.



This is a secured device.
Unauthorized use is prohibited by law.
If you are not authorized to access this device please disconnect.


Username: test
Password:

cisco6500#enable
cisco6500#RETURN CODE: 1


It seems that the server is logged on cisco, but after that nothing happens. I tried manually to copy the conf from cisco to the tftp server, its working so its not a problem of firewall, permissions, etc. Any ideas?

Hello,
Anyone with a hint? Maybe I need to "disable" the check for enable? I tried to search where that RETURN CODE:1 came, but no luck.

EDIT: Managed to make it work(partially), by commenting the lines that are trying to use "enable" found in cisco_ios-telnet.exp file. The files are copied but the plugin report a "failed backup" with red icon and I cant see the backup files in cacti interface('tho they are in the tftp server).

spawn /usr/bin/telnet 172.25.232.42
Trying 172.25.232.42...
Connected to 172.25.232.42.
Escape character is '^]'.

| |
||| |||
.:|||||:..:|||||:.
gi06-servers.cat2950G.
Username: test
Password:

gi06-servers-cat2950#copy run tftp://192.168.1.1
Address or name of remote host [192.168.1.1]? 192.168.1.1
Destination filename [gi06-servers-cat2950-confg]? gi6.cfg
!!!!
10784 bytes copied in 1.464 secs (7366 bytes/sec)
gi06-servers-cat2950#show version
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sun 07-Nov-04 23:14 by antonino
Image text-base: 0x80010000, data-base: 0x8055E000

ROM: Bootstrap program is C2950 boot loader

gi06-servers-cat2950 uptime is 1 year, 2 weeks, 2 days, 6 hours, 14 minutes
System returned to ROM by power-on
System restarted at 09:48:28 EET Sat Nov 2 2013
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA2.bin"

cisco WS-C2950G-24-EI (RC32300) processor (revision L0) with 21055K bytes of memory.
Processor board ID FCZ0907Y1A3
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:13:1A:F1:00:80
Motherboard assembly number: 73-7280-05
Power supply part number: 34-0965-01
Motherboard serial number: FOC09043UNG
Power supply serial number: DAB0849MQ7J
Model revision number: L0
Motherboard revision number: A0
Model number: WS-C2950G-24-EI
System serial number: FCZ0907Y1A3
Configuration register is 0xF

gi06-servers-cat2950#
RETURN CODE: 0

FINAL EDIT : Seems that its working(after I waited for the poller to run automatically).

[dogs1005]

Hello Willie, and sorry for the late response. No, this is no longer being actively developed, but yes, the version on the site does support telnet/ssh/snmp/etc - and yes, Cisco IOS is supported.

If anyone is interested, they are welcome to take over the project. I just do not have time right now.

this is really bad news as this plugin seems better than teh original routerconfigs plugin.

I have an issue if anyone else has come across it and knows how to fix it.

In the original routerconfigs, when it does a backup it also shows the last change date and changed by fields, but in configstore these fields are never populated as shown below:

[dogs1005]

I know this project is dead in the water but it still seems to work and hopefully some kind person will come along and answer my question.
For some reason the checkboxes in the accounts page of routerconfigs plugin has somewhat disappeared.
Anyone got a clue on how to get them back again. Also when I make changes to any of the accounts and save, the changes don't take affect.

EDIT: oops my bad, I had this line commented out in configstore-accounts.php: form_checkbox_cell($row["name"], $row["id"]);

[pizu]

Hi,

I have a problem, When checking the Debug.. i am having the below :

spawn /usr/bin/ssh backdoor@x.x.x.x

only and it is not trying the passwords that i have set.