Hi

I am trying to create a script in order to backup a F5 BigIP.

The scripts runs without issues on the device when i run it on the console(ssh) , but when i use Kiwi Cattools, the script fails.

The reason i''m using variables, is to be able to backup multiple F5 devices into one dir, retaining the ID of the device.

I must be doing something dumb, or i don't get it.

#!/bin/bash

terminal width 120
FTPHOST=[IP]
HOST=$HOSTNAME
USER=F5
PASS=XXXXX
UPATH1=Config'/'Current'/'
UPATH=`date +%Y'/'%m'/'%d`
FPATH="$UPATH1$UPATH"

cd /config
tmsh -c "save sys config base"
cp bigip_base.conf $HOST.conf
ftp -inv << EOF
open $FTPHOST
user $USER $PASS
bin
mkdir $FPATH
put /config/$HOST.conf /$FPATH/$HOST.txt
close
bye
EOF

KiwiCattools fails on reading the variables, i get "waiting for respons to command", waiting for an echo.

I am using Device.CLI.Send Commands.

Question ofcourse is... :how to fix it, how to set specifics for each device using variables ? Am i missing the point completly? Is it even possible what i''d like to achieve.

What am i doing wrong?

If anybody can point me to some docs on how to use bash within scripts for KiwiCatTools, that would be great too.

Thank you in advance.

With kind regards, Thijn

Hello,

I want to use a Windows Server as a hop to connect to a few junipers. If i start the job to backup the device i get the following error message: Failed to determine hostname - no CR or LF. If i connect via Putty to the Windows Server, all works fine and i can Log in and can type some commands. Log in via CatTools works fine but then i get the error message above.

Device Settings:

Device Type: Cisco.Router.General

no variations or prompt settings currently set

Username and Password is set correctly

I can´t customize the prompt from the windows server, so i need to get it work with the normal Windows CMD prompt.

I´ve set a few prompt settings in Kiwi CatTools but nothing works.

I hope you can help me in this Case.

Windows OS: Windows Server 2008 R2

SSH Client/Server: FreeSSHd

Kiwi CatTools Version: 3.10

Thank you for your help.

Hi,

Any chance to have Ruckus ZoneDirector in CatTools devices ?

Or, a special conf with "variation" ?

I made differents tests/setting for that device without suscces.

Please, help !

I am running into an issue and I can quite pin it down. If I try to run a wr mem command to all my devices if I run more than ten threads at a time the whole process drags to a crawl. The network utilization isn't very high and cattools is running on a fairly new dell poweredge. Has anyone else ran into the same issue, or have a possible solution?

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

I'm backing up about 15 Cisco devices using Kiwi CatTools.  It's working perfectly for all of them except the two Firewall Services Modules (FWSM) and the two ASAs.  I get the warning "Failed to enter enable mode" in the Info Log.  I've verified, though, that I can login to the devices successfully from the server that runs CatTools.

I'm using the following settings:

Connect via: Direct connect

Method: SSH2

Port: 22

AAA Username

AAA Password

Initial login requires username/password

Enable mode uses AAA username/password fields

These settings work for the other devices but not the FWSM and ASA.  Any suggestions?

Thanks!

Hi!

I'm trying to backup the config of our new HP (H3C) Switches (5120, 5800, 10500). The script I created out of the Custom.Template is not working. The prompt of the switches is "<SWITCHNAME>", not "SWITCHNAME>" as in Ciscos IOS. So the script returns the error "Did not receive expected prompt when entering Enable mode".

Has anybody managed to create a script that works with the HP H3C switches?

Regards, lls71

Hey guys,

recently, our Kiwi CatTools Service crashes. This occurs randomly, we could not find the reason so far. We did not do any changes, except maybe changing an ip address or stuff.

The Windows Log sais the following:

System: The Kiwi CatTools service terminated unexpectedly.  It has done this 5 time(s).

Applic.: Faulting application CatTools_Service.exe, version 3.3.0.17, faulting module KiwiTFTP.dll, version 2.2.0.0, fault address 0x0000c98c.            or:

            Faulting application CatTools_Service.exe, version 3.3.0.17, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Steps to resolve this issue:

- delete all devices, we don't need anymore (we have more than 100 devices)

- shrink the database

- reinstall kiwi cattools 3.3.17

- check timings of the jobs

- searched google and thwack for known issues

If you guys could help me that would be great, thx for your help. Maybe someone has similar problems. Maybe some recent Windows updates cause this error?

regards,

dash

We're trying out CatTools as a centralized config management solution for a few hundred SonicWALL appliances, and have run into a bit of a problem.

We can add devices to CatTools, and run the Device.Backup.Running Config activity against them, but the file that the activity creates isn't in the format I thought it would be. Our techs will be expecting an encoded .exp file in the event they need to restore a config, not a plaintext file. Are there custom scripts/activities required to back up a config this way? I feel like the answer is probably "yes", but I haven't yet located an example.

Can anyone point me in the right direction for getting this to work?

We have been using Cat Tools to backup and monitor our Network gear configurations for changes.  On 9/20 we started having an issue with our DR Firewall connections.  Nothing has changed that we are aware of however now Cat Tools is failing with the Error description saying Failed to enter enable mode.  We have received this error randomly but usually only on one device and it clears up the next day when it runs again.  It is now happening daily on all 10 of our DR ASA's.  These are all Cisco 5505's. 

I have set the retry to 4 times and it seems that different ones, not always the same or not all of them, are able to eventually get into the enable mode and get a backup.

Here is what a good connection looks like in Cat Tools Info log:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Entering enable mode - sending password:

2017-09-27 11:26:35  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-27 11:26:36  4-Debug         1          MtHome_ASA Sending enable password

2017-09-27 11:26:36  4-Debug          1         MtHome_ASA Entered enable mode OK

And here is what a not good connection looks like:

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login Cisco ASA: MtHome_ASA

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA --> LoginSSH

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Waiting for command prompt

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA Login to MtHome_ASA was successful

2017-09-28 09:01:53  4-Debug         1          MtHome_ASA DeviceHostnameID: MTHOMEASA

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Entering enable mode - sending command enable

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Waiting for enter enable password prompt

2017-09-28 09:01:54   1-Error           1          MtHome_ASA Failed to enter enable mode.

2017-09-28 09:01:54  4-Debug         1          MtHome_ASA Aborting : Unable to enter enable mode

It’s like it doesn’t send the enable password at all.

I have a Palo Alto 3050 running 8.0.6.  I created a job to send some commands to the firewall and write the output to a file.

The test commands I'm sending are:

set cli pager off

set cli scripting-mode on

show system info

It really doesn't matter what command I send I never receive any output.   Here is what is written to the file/the output:

set

fw(active)> set cli [Kjodonnel-adm@NBDCRPIFW1(active)> set cli pager fw(active)> set cli pager off

fw(active)> set

fw(active)> set cli

fw(active)> set cli scripting-mode fw(active)> set cli scripting-mode on

fw(active)> show system info

I can't tell if the firewall isn't interpreting the carriage return of is experiencing an issue with the interactive session.

Wondering if anyone else experienced this issue.  I opened an case with support almost 3 weeks ago.  Uploaded a bunch of debugs and screen shots, but not response from tech support since......

Thanks!

I have a problem with a device in configuration mode.

I try to apply 2 commands and one is applied ok, the 2nd one does not seem to work.

Here's the sequence:

Waiting for command prompt

Waiting for an echo of system-view command

Waiting for an echo of super command

Waiting for an echo of acl number 2003

[Then a 33 second pause]

Stopping Activity.

Here are the 2 commands

acl number 2003

rule 110 permit source 10.209.127.174 0

Here's what it looks like when I paste it into the device

[sysname-1]acl number 2003

Info: When the ACL that is referenced by SACL is modified, the SACL will be dynamically updated. During the update, these SACL will become invalid temporarily.

[sysname-1]rule 110 permit source 10.209.127.174 0

Thanks for your help

Hi guys,

When I try and run cattools I get this error: "you have too many copies of this program already  running on your system or network. you are licensed for only 1  copy/copies at a time"

The strange thing is, I have no other copies of cattools running anywhere, there are no other users on thsi server, and this server has no internet access and is behind a firewall which blocks comms between servers. So even if there was another copy running it wouldn't be able to see it.

The error is persistent. We did recently migrate onto a new server, which i suspect is where it has corrupted the software. We uninstalled and reinstalled v3.5 and immediately the same error came up. It doesn't even give me the option to input a new license key.

This is really annoying and we are out of maintenance support. Are there some logs I can see that will tell me where cattools thinks it can see another copy running.

I am unable to backup our config file using CatTools 3.4. I have attached the debug file.

The details when watching the info log says: VTY password prompt returned, sending password again. then eventually it says: Did not receive expected response to VTY password. I can telnet to it fine. I don't know what I am missing here.

Hi,

since we upgraded to FortiOS 5.2.5 or 5.4 Cattools gives us the error message "Failed to connect to XXX. Reason: No respone from remote host. Will try again."

If we connect to it with Putty we get a session.

Have debugged the SSH from FortiOS but no error messages is shown.

The debug in Cattools doesn´t give any errors either:

<NEWSESSION CatTools 3.10.0 2016-01-15 08:41:31>

<PROTOCOL=SSH2>

<DEVICE TYPE=Fortinet.FortiOS.General>

<ACTIVITY TYPE=Device.Backup.Running Config>

<ACTIVITY SCRIPT=D:\Program Files (x86)\CatTools3\Scripts\Client.Device.Backup.Running Config.txt>

<USERS NAME FOR DEVICE=nbo-osd2fw01>

<D 13:48:31>

<SCRIPT VALUES>

<HOSTNAME="">

<PROMPT VTY="">

<PROMPT ENABLE="">

<PROMPT CONFIG="">

We have tried all different SSH ciphers but with the same result. When we save the ciphers we can see that it sends it to the FortiOS and that it accept it.

Any ideas?

Robin

Using CatTools 3.10 (Enterprise) to backup a Unity Express module from its host router.

I've followed these steps to connect: http://www.kiwisyslog.com/help/cattools/index.html?dev_connectingviaasession.htm

The info log shows the following:

2015-07-14 17:43:58    4-Debug    1    se-10-17-0-10-    Login to rtr2-cla-hq was successful

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    DeviceHostnameID: rtr2-cla-hq

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    ConnectViaDo - Connecting to: se-10-17-0-10-

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Enable mode is needed before command can be issued

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Waiting for an echo of enable command

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Waiting for enter enable password prompt

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Already in enable mode, or no password was set.

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Waiting for an echo of term no mon command

2015-07-14 17:44:03    4-Debug    1    se-10-17-0-10-    Issuing commands to connect from rtr2-cla-hq to se-10-17-0-10- via Session (router)

2015-07-14 17:44:05    4-Debug    1    se-10-17-0-10-    ConnectViaDo - getting all fields se-10-17-0-10-

2015-07-14 17:44:05    4-Debug    1    se-10-17-0-10-    Login Cisco IOS: se-10-17-0-10-

2015-07-14 17:44:35    2-Warning    1    se-10-17-0-10-    Authentication failed - will retry.

2015-07-14 17:45:08    2-Warning    1    se-10-17-0-10-    Specified Username is invalid for device - will retry.

2015-07-14 17:45:42    1-Error    1    se-10-17-0-10-    Specified Username is invalid for device.

2015-07-14 17:45:42    3-Info    0    CatTools Service    Stopping Activity.

I enabled capture mode, and the debug log shows that the session connection works, and prompts for usersname and password which are also entered successfully. This returns "Password OK", but at this point (assuming I'm reading the log correctly) CatTools seems to fail to recognise that the login was successful. Instead it waits around 30 seconds before entering the username again (this time at the enable prompt), which returns the error "Invalid input detected at '^' marker". It tries this once more, before waiting for the connection to timeout. I've attached a copy of the log (usernames, passwords and identifying info changed or removed).

Can anyone shed any light on what I've missed? I'm guessing there must be some way to make it recognise that it's connected, I tried playing with some of the prompts and variations but got nowhere. Any help greatly appreciated!

I have some connection problems with some of my devices in my network. I have about 50 Riverbed 250L cashe boxes that I routinely back up each night with a kiwi script.

Lately I have been getting errors such as:

Connect failed:(30044) No available encryption algorithms match with the server.

I am sure I have my encryption set up right, as I have only about a 15% failure and they are all set up the same.

Any suggestion I could check into?

JT

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

Hi Team,

For specific devices i am getting error "Specified username is invalid for device" eventhough username & password is correct. i have opened putty and tested credentilas and no issue observed.

attached device config & debug logs.

Regards,

Karthik V

0821 - 6649363

Hi All,

We've purchased KiwiCattools to perform regular backups of our Mikrotik Routers.

Logging in and exporting goes without a problem however if we look at the exported files then there's some strange output.

The config file starts with the text below.

[admin@XXXX] >

[admin@XXXX] >                                                                

[admin@XXXX] > export verbose

[admin@XXXX] > export verbose

# dec/28/2017 16:11:14 by RouterOS 6.27

# software id = TI2W-S6JC

#

Is it possilble to remove this text so that the first line in the config starts after the third "#"

Thanks in advanced.