Does the software have the ability to include the Crypto keys during a Config backup?

I'm trying to write a script to change password's for Hirschmann RS20 Switch.

Debug:

<W-16:03:06>users passwd user[13]

<R-16:03:06>u

<R-16:03:06>sers passwd user[13][10][13][10]Enter old password:

<W-16:03:06>public[13]

<R-16:03:06>*

<R-16:03:06>**[13][10][13][10]Incorrect Password![13][10][13][10](egvko1swvis6) (Config)#

.... but the password is right.

Script:

     ReDim rgMult(5)

    rgMult(1) = "Enter old password:"

    rgMult(2) = "Enter new password:"

    rgMult(3) = "Confirm new Password:"

    rgMult(4) = "... irgendwas"

    rgMult(5) = "Incorrect Password!"

    cl.Log 4, "SendData '" & sCmd & "'"

    cl.SendData sCmd & vbCr

    iRetValPWD = cl.WaitForMultData(rgMult, , COMMAND_TIMEOUT)

    cl.Log 4, "Buffer '" & cl.RxBuffer & "'"

    Select Case iRetValPWD

     Case 1, 2, 3, 4

           ' Password accepted - a valid device prompt was received back

           iNumSuccess = iNumSuccess + 1

           iChangePWD = iChangePWD + 1

           cl.Log 4, "SendData ok"

     Case 5

           cl.Log 4, "Incorrect Password!"

           SendCommandsMultiple = False

           Exit Do

     Case Else

           ' Unexpected response received back from device

           cl.Log 4, "Did not receive expected response after sending password"

           iNumErrors = iNumErrors + 1

    End Select

    cl.FlushRxBuffer

<NEWSESSION CatTools 3.5.0 5/16/2017 11:06:15 AM>

<PROTOCOL=Telnet>

<DEVICE TYPE=Cisco.Router.General>

<ACTIVITY TYPE=Device.CLI.Send commands>

<ACTIVITY SCRIPT=C:\Program Files (x86)\CatTools3\Scripts\Client.Device.CLI.Send commands.txt>

<USERS NAME FOR DEVICE=ra-sw01-s8300>

<C OK 11:06:15 AM><R-11:06:15 AM>[13][10][13][10]User Access Verification[13][10][13][10]Username:

================================================================================

WFMDRetVal=1 Waiting for: "rockwell"

WFMDRetVal=2 Waiting for: "Password required, but none set"

WFMDRetVal=3 Waiting for: "admin"

WFMDBuffer="[13][10][13][10]user access verification[13][10][13][10]username: "

================================================================================

<R-11:06:46 AM>[13][10]% Username:  timeout expired![13][10]Username:

================================================================================

WFMDRetVal=1 Waiting for: "rockwell"

WFMDRetVal=2 Waiting for: "Password required, but none set"

WFMDRetVal=3 Waiting for: "admin"

WFMDBuffer="[13][10][13][10]user access verification[13][10][13][10]username: [13][10]% username:  timeout expired![13][10]username: "

================================================================================

<R-11:07:16 AM>[13][10]% Username:  timeout expired![13][10]Username: <R-11:07:46 AM>[13][10]% Username:  timeout expired!<D 11:07:48 AM>

<SCRIPT VALUES>

<HOSTNAME="">

<PROMPT VTY="">

<PROMPT ENABLE="">

<PROMPT CONFIG="">

Dear community,

I am currently trying to configure Kiwi Cattools v3.9.1 (no Solarwinds support any more) to back up our Cisco devices' running config. The backup from some devices work without problem, from some other devices Kiwi cannot back up the config (routers and switches).

The network settings (routing, firewall rules etc) are correct because we use an additional type of activity (Device.CLI.Send.commands) with the affected devices which works properly.

When running a Device.Backup.Runinng.Config activity against the devices, two things happen:

- The activity finishes with the following error for all the specified devices and the config is not backed up at all:

     "Unable to log to Debug file. Error: Bad file name or number"

- The activity finishes without error, Kiwi confirms the backup with "Backup Running Config results: OK" for all specified devices, I see in the mail queue that the e-mail has been queued and contains an attachment (HTML report about the activity's result) but not all the configs have been backed up locally into the specified folder (C:/Shares) and the e-mail does not list all the devices as backed up. After enabling debug mode, I can see that Kiwi logs in to all the devices, backs up the configs and disconnects from the devices successfully, so it seems that the activity has been finished successfully but the config files from some of the devices are missing at the end.

At this point, I received the following error message for these devices:

     "Log to file error: Bad file name or numberC:\Program Files(x86)\CatTools3\ClientTemp\RunningConfig.[device_name].temp.txt"                         note: device_name is hidden in the message

The missing files are from the same devices until I change the name of the problematic devices in Kiwi. When that happens, Kiwi does not drop the previous error message any more for the device but does not bac kup the config at all.

I tried to change the hostname on one problematic device as well but it did not help -> no backed up config.

The Kiwi service has also been restarted, it did not help.

By now I could not find any solution on the web nor any reference to any Cattools bug.

Do you have any idea? Maybe some bug in v3.9.1? Do you know any solution?

Thank you for the help in advance.

I get an error did not receive expected prompt when entering enable mode.

Here is some log stuff

<NEWSESSION CatTools 3.6.0 6/11/2013 1:22:43 PM>

<PROTOCOL=SSH2>

<DEVICE TYPE=HP.Switch.2500>

<ACTIVITY TYPE=Device.Backup.Running Config>

<ACTIVITY SCRIPT=C:\Program Files (x86)\CatTools3\Scripts\Client.Device.Backup.Running Config.txt>

<USERS NAME FOR DEVICE=SWITCHNAME-1.redhorn>

<C OK 1:22:43 PM><R-1:22:43 PM>[10]Mellanox MLNX-OS Switch Management[10][10]Last login: Tue Jun 11 06:00:12 2013 from 155.101.3.42[13][13][10][13][10]Mellanox Switch[13][10][13][10]<R-1:22:46 PM>[13]SWITCHNAME-1 [standalone: master] > <W-1:22:47 PM>[13]<R-1:22:47 PM>[13][13][10][13]SWITCHNAME-1 [standalone: master] > <W-1:22:47 PM>enable<R-1:22:47 PM>enable<W-1:22:47 PM>[13]<R-1:22:47 PM>[13][13][10][13]SWITCHNAME-1 [standalone: master] #

================================================================================

WFMDRetVal=1 Waiting for: "SWITCHNAME-1 [standalone: master]#"

WFMDRetVal=2 Waiting for: "SWITCHNAME-1 [standalone: master]>"

WFMDRetVal=3 Waiting for: "Password:"

WFMDRetVal=4 Waiting for: "Username:"

WFMDBuffer="[13][13][10][13]SWITCHNAME-1 [standalone: master] # "

================================================================================

<NEWSESSION CatTools 3.6.0 6/11/2013 1:27:45 PM>

<PROTOCOL=SSH2>

<DEVICE TYPE=HP.Switch.2500>

<ACTIVITY TYPE=Device.Backup.Running Config>

<ACTIVITY SCRIPT=C:\Program Files (x86)\CatTools3\Scripts\Client.Device.Backup.Running Config.txt>

<USERS NAME FOR DEVICE=SWITCHNAME-1.redhorn>

<C OK 1:27:46 PM><R-1:27:46 PM>[10]Mellanox MLNX-OS Switch Management[10][10]Last login: Tue Jun 11 13:22:43 2013 from 155.101.3.42[13][13][10][13][10]Mellanox Switch[13][10][13][10]<R-1:27:48 PM>[13]SWITCHNAME-1 [standalone: master] > <W-1:27:48 PM>[13]<R-1:27:48 PM>[13][13][10][13]SWITCHNAME-1 [standalone: master] > <W-1:27:48 PM>enable<R-1:27:48 PM>enable<W-1:27:48 PM>[13]<R-1:27:48 PM>[13][13][10][13]SWITCHNAME-1 [standalone: master] #

================================================================================

WFMDRetVal=1 Waiting for: "SWITCHNAME-1 [standalone: master]#"

WFMDRetVal=2 Waiting for: "SWITCHNAME-1 [standalone: master]>"

WFMDRetVal=3 Waiting for: "Password:"

WFMDRetVal=4 Waiting for: "Username:"

WFMDBuffer="[13][13][10][13]SWITCHNAME-1 [standalone: master] # "

================================================================================

My problem with Backup the config of the Cisco SG500 is, that I got the error message "Did not receive expected prompt after disable command".

The config was saved but I couldn't solve the error.

I think that they try to open the Enable-Mode, but the SG500 haven't.

I config the "Variations" to Backup the devices but I didn't find where I can disable the "Enable-Mode" calling.

Any ideas where my mistake is?

Hello,

Does anyone know how to fix the below error:

(30016) Invalid username or password reported by server, or bad private key

Much appreciated!!!

Hi Folks,

Title pretty much says it all.  I want my devices to talk to the syslog server with a community string that I've specified on the devices, but the messages are showing enterprise_mib_name=authenticationFailure and I can't see where in the UI to specify allowable community strings.

Geordie

Hi All ,

I am not able to take the backup of Fortigate  which has configured on VDOM environment .

Some Fortigate's I am able to take but Vdom configuration's are missing from the Backup .

Did any one faced this issues and what was the solutions you found on Kiwi Cat tools

Please help thanks in advance

Regards

Vineeth

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

hi,

How do i ignore the below lines/text so that the backup doesn't show the difference in running and startup? i am using kiwi catTools 3.10.

Thanks,

Sridhar

Hello, I want to run an activity from the command line. Is this possible. I'm hoping it's as easy as adding some switches with the activity name to some executable.

Hi,

The description of the CatTools program says "Free Kiwi CatTools can notify you of configuration changes via email and generate basic reports."

What does this mean exactly?

Is this for configuration change made by CatTools' activity script only?

Can CatTool detect a configuration change performed by another user immediately (w/o constantly running the configuration compare activity)?  

Basically, I want to get notified when someone makes a change to the configuration in real-time(and if possible log the user that did it).

I know something similar to this can be achieved with Kiwi Syslog but just wondering if Cattools is capable of doing this also.

Nonetheless, CatTools is an awesome program:)

My favorite is the configuration comparison feature, reminds me of my coding days~

Thanks,

Tony

Hi to all.

Is it possible to run script in cattools in order to read the devices ip address from an externa files.

Thanks, Fabio.

Dear Sir 

I am new to KIWIcat tool, first time I have installed this tool to integarate with cisco asa for backup purpose. We manage around 100 cisco asa firewall and used to take manual backup. So we want to convert this process automatically with the help of kiwicat tool. However I am getting error message while take backup through tool which is listed below.

Reason (30012) Protocol version mismatch error.. Giving up after 3 connection attempts"

Could you please let me know if I have wrongly configured this or having this error due to any other reason.

Version of tool is 3.6.0 which I believe is latest one.

Please let me know if you require any other information to dig out the problem.

Thanks in advance

I am new to CatTools and have created several Devices and Activities (Device.CLI.Send commands) and wondered if CatTools created a script that you can export to maybe a text file for these. I am using CatTools to run some CLI commands to login in to our Citrix Netscaler and execute a failover of several VIPS from our primary site to our Disaster Recovery site and vice versa. We would like to automate this proceedure and so I was wondering if CatTools creates a script for the procedures it executes?

Does anybody know of a way that you can add devices to Kiwi from the command line? I want to write a windows shell script to automate adding devices. 

Thanks

Mark

Hi

I have managed to get a full back of a Fortigate firewall working using TFTP and I thought I would share how I did it with the community.

We have a pair of Fortigates 3600C and we run multiple VDOMs on these, this meant the default script withing Cattools didn't work for us. We also require a keystroke before logging in as well. All this meant I had to use a combination of variations and also the TFTP backup method.

Variations configuration

• Add your devices using the "Generic.Device" type, this will allow you to use "Variations"
• Give them a group name - it is well worth using the same group name for all Fortinets as this will allow you to apply the same variations to all devices within that "Group"
• Fill in the rest of the device info and passwords as you would do normally
• Go to the "variations" tab and click "use variations"
• Go to the "prompts" tab and fill in the information as shown in the "qoutes":-

DEVICE_USERNAMEPROMPT = "login as:"

DEVICE_PASSWORDPROMPT = "password:"

DEVICE_STANDARDPROMPT = "#"

DEVICE_PRIVILEGEDPROMPT = "#"

DEVICE_CONFIGPROMPT = "(global) #"

• Go to the "additional commands" tab and fill in the information as shown in the "qoutes":-

COMMAND_ENTERCONFIG = "configure global"

COMMAND_EXITCONFIG = "end"

• Go to the "pre/post login" tab and fill in the information as shown in the "qoutes":-
• NOTE: you may not need to do this if you aren't asking for a pre login key stroke.

PRE_LOGIN_MESSAGE = "(Press 'a' to accept):"

PRE_LOGIN_KEYSTROKE = "a"

• Then click on the "group save" button as this will then save the changes to the group you specified. This will allow you to add more devices to this group and it will pre-populate the variations for you. This saves a lot of work in the future.

TFTP activity configuration

• Go to activities and click add
• Set Type to "Device.Backup.TFTP"
• Fill in name and description
• Set schedule under the time tab
• Add your devices
• Go to "Options" tab
• Untick the "file to write to tftp server"
• Untick the "enter commands in enable mode"
• In the "optional alternative list of commands" section input the following:-

%ctUM: Timeout 100

%ctUM: EchoOff

config global

%ctUM: EchoOff

execute backup config tftp %ctDeviceName-Running-Config <input your IP Address>

%ctUM: EchoOff

• If your not using the default file locations don't forget to change them, I got caught out on this. Mine look like:-

F:\CatTools2\Configs\%GroupName%\Config.Current.Running.%BaseFile%.txt

F:\CatTools2\Configs\Archives\%GroupName%\Config.Dated.Running.%BaseFile%.%DateISO%-%TimeHHMM%.txt

• Click ok to save

Now run the activity to check it all works. What you will find is there is about a 5 minute delay where it shows as a busy task. Be patient as it will finish. I would recommend running this task outside of any other backups as it does take a bit longer than others.

Hope this helps others getting this working.

EDIT

I have updated this to change from using the command "execute backup full-config" to use "execute backup config". This is because we had an issue recently where we were unable to restore the backup taking using the "execute backup full-config" command.

Fortinet recommend using the "execute backup config" command as this just restores the configuration that has been changed.

I have now tested this on our lab device and I was able to restore the configuration successfully.

Cheers

Jay

Message was edited by: Jaybed --

Hello,

I am not as familiar with cattools so please forgive me if this is an easy one. Was not able to find anything from researching online. I have two sets of firewalls that I sync some configuration between them. (Think active/passive scenario). I have created two activities one that grabs the required commands and the other puts it on our backup device. It works well however errors are appearing on the backup because "bad" commands (the show commands for example) were giving bad responses.

I wrote a powershell script to clean up the dumped config from the first job however cannot figure out an easy way to have CatTools run my script after the first job is completed. Also is it possible to kick off a cattools job from command line? I would love to have the powershell script kick off the second job once it has finished so the chain is all executed in sequence.

Thanks for your help!

Patrick

Hello, I want to run an activity from the command line. Is this possible. I'm hoping it's as easy as adding some switches with the activity name to some executable.