You may think my title is odd. Well there is an explanation. There is an Australian classic movie called ‘The Castle’. It is about an average Australian family who just make do and appreciate their family and lot in life. The lead character, Darryl Kerrigan, is proud of his home and will do anything to defend and protect it. In a scene where the family talks about their day, one of the sons responds to Darryl’s question with “Dale dug a hole”. Darryl is genuinely proud of him even though us the view laugh at the delivery and genuine sincerity Darryl shows. Well, I made a script and this is how I felt. Something quite meaningless but I felt a sense of achievement and accomplishment.
I have had some issues recently with configurations changing without authorization. We have a AAA service happening but extracting the data isn’t nice. I thought that I would start by pulling down configurations and comparing them. This could be done to show differences in proposed configuration to running configurations and make sure scope creep is kept under control.
wget --user=aburke --password=abc123 --no-check-certificate https://192.168.30.4/admin/exec/show%20running-config%20asdm/show%20running-config#
The above file can be copied and pasted around. This works well but is a manual process.
As you can see you are able to connect on 443. As this device is in my lab it is okay that my password is simple – abc123 – though I recommend guarding your scripts as they will contain vital information.
The script outputs the configuration to where the script is run from. In this case, for me it is my user folder. Now it is time to automate this. I am going to add this scripts execution to CentOS crontab file. It will allow automatic execution on a regular basis. So I saved my above script as wget-ASA-config.sh. I used this chart as reference for timing to get my 0200 hours for Sunday.
* * * * * command to be executed ┬ ┬ ┬ ┬ ┬ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └───── day of week (0 - 7) (0 or 7 are Sunday, or use names) │ │ │ └────────── month (1 - 12) │ │ └─────────────── day of month (1 - 31) │ └──────────────────── hour (0 - 23) └───────────────────────── min (0 - 59)
I came up with the following for my crontab entry.
00 2 * * 0 root wget-ASA-config.sh echo "ASA config wget shell run at 0200 every Sunday"
After saving this to the crontab file this will execute when system time reaches the time specified. I currently use the compare plugin for Notepad ++ on my corporate desktop. At home I could use Textwrangler or Textmate on OSX.
Here I have two text files open. Each one is a configuration from each day. The blue column on the right shows where there is a difference in the document. This line is shows where in the document. Note that it is easy to differentiate if something is changed by the natural color scheme. Red subtraction shows something is missing, yellow exclamation mark indicates the line is altered, and a green plus shows addition.
Now my script is simple and rough. I need to alter it to append the system date and if possible put it in a better directory that my home file. That will come as I fiddle around. My thoughts of being able to generate an email when a change is detected via a script opposed to me looking should be feasible too.
I was rather chuffed when I figured that out and thought someone out there might be interested.
8 thoughts on “Dale dug a hole, Anthony made a script”
From memory EEM can generate email etc; may be easier than configuring work station as a mail host
Indeed. It can. Though all I would need to do is sent an event to a mail server and from there it can generate my mail.
It is a start that is for sure. Oh and I believe EEM can generate tweets too!
Rancid and cvsweb.
If you want some fancy email features check rancid-git
I’ve used RANCID before in a previous life. Extremely handy. Thanks for the comment.
You can setup cvs to email you everytime it detects a change
You can also use “archive” :
logging size 1000
notify syslog contenttype plaintext
every change is notified by syslog,
Config is backuped to tftp server every week
That is exceptional. I will try it tonight. Thanks Mehdi!
Personally i use Rancid/CVSWEB.. but also as a backup (so its off the box in case of complete failure i use the following..
set system archival configuration transfer-on-commit
set system archival configuration archive-sites scp://[email protected]/path password **PUT PASSWORD HERE**
Works like a charm.. that way you have a backup and a backup and a backup..