Backing up Alcatel OmniSwitch with CatTools

April 19, 2013, 2:33 am

≫ Next: CatTools and Fortigate Firewalls

HI guys,

I have been trying to backup up my OmniSwitches (6850 p48 variants) with CatTools.

The built in device is for omnistacks which doesn't work (Omniswitches don't have an enable mode) so I started to write my own template.

I can get CatTools to log in and dump the config, however only half the config is dumped.

Initially it appeared it was because CatTools was seeing the session prompt command in the config and flushed everything after it because of bCleanBuffer option in the SendCommandSingle() function.

I changed the GetConfig() function so that it when it calls the SendCommandSingle() function it is passing false to the bCleanBuffer to try and stop the above, however this only gave me a few extra lines of the config and it is still missing most of the config.

Now I am pretty much stuck!

Any pointers as to why this might be happening?

Edit: Ok, setting the bCleanBuffer helps (stops it clearing everything after the session prompt) but another part of the function s seeing it and then runs the exit command which is why I get a few more lines. Investigation

↧

CatTools and Fortigate Firewalls

April 3, 2009, 3:14 am

≫ Next: Backing up a PFSense Firewall over SSH using Generic.Device

≪ Previous: Backing up Alcatel OmniSwitch with CatTools

Hi All,

I see that CatTools can backup Fortigate OS devices. I have 10 or so Fortigate Firewalls which I'd like to backup. But before I set this up I was trying to find out what commands CatTools issues to get the configuration just to check I'm not going to do any damage to my devices as they are hunreds of miles away from me. I'm running ver 3.2.19. Anyone have any idea or can point me in the right dorection to find out.

Thanks

Jimbo

↧

Backing up a PFSense Firewall over SSH using Generic.Device

January 6, 2015, 3:19 am

≫ Next: Fortigate With Vdom backup is not happening

≪ Previous: CatTools and Fortigate Firewalls

Hi chaps,

I'm struggling a little to get the Generic.Device with Variations to work correctly when trying to back up my PFSense Firewall.

Here is the contents of my variations file:

DEVICE_PRIVILEGEDPROMPT = "):"

DEVICE_INVALIDCOMMAND = "% Command not found."

COMMAND_DISABLEPAGING = ""

COMMAND_ENABLEPAGING = ""

COMMAND_RUNNINGCONFIG = "cat /conf/config.xml"

COMMAND_STARTUPCONFIG = "cat /conf/config.xml"

COMMAND_DISCONNECT = "exit"

RESPONSE_STRIP_VT100ESC = "1"

RESPONSE_STRIP_ANSICHARS = "1"

RESPONSE_STRIP_NULLS = "1"

Sanitised Info Log:

2015-01-06 10:58:54 3-Info 0 CatTools Service Performing activity - Run Now

2015-01-06 10:58:54 3-Info 0 CatTools Service Loading activity: Device.Backup.Running Config - MT PFSense. Schd: 4

2015-01-06 10:58:54 4-Debug 0 CatTools Service Marshaller - Running script. Device: Firewall

2015-01-06 10:58:54 3-Info 1 Firewall Loading variations for C:\Program Files (x86)\CatTools3\Variations\C4L_Management_FW.txt

2015-01-06 10:58:54 3-Info 1 Firewall Variations function found

2015-01-06 10:58:54 4-Debug 1 Firewall SSH Fingerprint: ################################

2015-01-06 10:58:55 4-Debug 1 Firewall Connected to 192.168.1.254

2015-01-06 10:58:55 4-Debug 1 Firewall Login Generic Device: Firewall

2015-01-06 10:58:55 4-Debug 1 Firewall Waiting for command prompt

2015-01-06 10:58:55 4-Debug 1 Firewall DeviceHostnameID: [2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1

2015-01-06 10:58:55 4-Debug 1 Firewall Login to Firewall was successful

2015-01-06 10:58:55 4-Debug 1 Firewall Skipping enter enable mode as we are already in enable mode

2015-01-06 10:58:55 4-Debug 1 Firewall Waiting for an echo of cat /conf/config.xml command

2015-01-06 10:59:25 1-Error 1 Firewall Did not receive echo of cat /conf/config.xml command

2015-01-06 10:59:25 4-Debug 1 Firewall Did not receive echo of cat /conf/config.xml

2015-01-06 10:59:25 3-Info 1 Firewall Backup Running Config results: Failed

2015-01-06 11:00:26 4-Debug 1 Firewall Disconnecting from Firewall

2015-01-06 11:00:26 4-Debug 1 Firewall Disconnected from 192.168.1.254

2015-01-06 11:00:26 3-Info 0 CatTools Service Stopping Activity.

2015-01-06 11:00:26 3-Info 0 CatTools Service All threads have finished. Now processing results...

2015-01-06 11:00:26 3-Info 0 CatTools Service Run Now activity has completed

Debug:

I've snipped the output of the config on line 21 to remove anything sensitive but you get the idea.

<PROTOCOL=SSH2>

<R-10:58:55>Last login: Tue Jan 6 10:51:12 2015 from 192.168.10.35[13][13][10]Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994[13][10][09]The Regents of the University of California. All rights reserved.[13][10][13][10][2.1.5-RELEASE][cattools@bgmcfw2.bchosting.co.uk]/home/cattools(1):

<W-10:58:55>[13]

<R-10:58:55>[13][13][10][2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1):

<W-10:58:55>[13]

<R-10:58:55>[13][13][10][2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1):

<W-10:58:55>cat /conf/config.xml

<R-10:58:55>cat /conf/co [08]nfig.xml

================================================================================

WFDRetVal=0. Waiting for: "cat /conf/config.xml"

WFDBuffer="cat /conf/co [08]nfig.xml"

================================================================================

<W-10:59:25>[13]

<R-10:59:25>[13][13][10]<?xml version="1.0"?>[13][10]<pfsense>[13][10][09]<version>10.1</version>[13][10][09]<lastchange/>[13][10][09]<theme>pfsense_ng</theme>[13][10][09]<sysctl>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Enable mounting the FS read only with more checks.]]></descr>[13][10][09][09][09]<tunable>vfs.forcesync</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>[13][10][09][09][09]<tunable>debug.pfftpproxy</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>[13][10][09][09][09]<tunable>vfs.read_max</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>[13][10][09][09][09]<tunable>net.inet.ip.portrange.first</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>[13][10][09][09][09]<tunable>net.inet.tcp.blackhole</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>[13][10][09][09][09]<tunable>net.inet.udp.blackhole</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>[13][10][09][09][09]<tunable>net.inet.ip.random_id</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>[13][10][09][09][09]<tunable>net.inet.tcp.drop_synfin</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Enable sending IPv4 redirects]]></descr>[13][10][09][09][09]<tunable>net.inet.ip.redirect</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Enable sending IPv6 redirects]]></descr>[13][10][09][09][09]<tunable>net.inet6.ip6.redirect</tunable>[13][10][09][09][09]<value>default</value>[13][10][09][09]</item>[13][10][09][09]<item>[13][10][09][09][09]<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>[13][10][09][09][09]

<snip>
</pfsense>[13][10][2.1.5-release][cattools@firewall.local]/home/cattools(2): "

================================================================================

WFMDRetVal=1 Waiting for: "[2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1>"

WFMDRetVal=2 Waiting for: "[2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1):"

WFMDRetVal=3 Waiting for: "[2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1("

WFMDRetVal=4 Waiting for: "(config)"

WFMDBuffer="[13][13][10][2.1.5-release][cattools@firewall.local]/home/cattools(2): "

================================================================================

<W-11:00:26>exit[13]

<HOSTNAME="[2.1.5-RELEASE][cattools@firewall.local]/home/cattools(1">

Any thoughts how I can clean up the output so the output/config is retrieved correctly?

Thanks,

Martyn

↧

Fortigate With Vdom backup is not happening

March 31, 2010, 3:50 am

≫ Next: CatTools: No Results From Device.CLI.Send.commands script against Palo Alto 3050 firewall

≪ Previous: Backing up a PFSense Firewall over SSH using Generic.Device

Hi All ,

I am not able to take the backup of Fortigate which has configured on VDOM environment .

Some Fortigate's I am able to take but Vdom configuration's are missing from the Backup .

Did any one faced this issues and what was the solutions you found on Kiwi Cat tools

Please help thanks in advance

Regards

Vineeth

↧

CatTools: No Results From Device.CLI.Send.commands script against Palo Alto 3050 firewall

December 13, 2017, 2:13 pm

≫ Next: Cattools hangs with busy

≪ Previous: Fortigate With Vdom backup is not happening

I have a Palo Alto 3050 running 8.0.6. I created a job to send some commands to the firewall and write the output to a file.

The test commands I'm sending are:

set cli pager off

set cli scripting-mode on

show system info

It really doesn't matter what command I send I never receive any output. Here is what is written to the file/the output:

set

fw(active)> set cli [Kjodonnel-adm@NBDCRPIFW1(active)> set cli pager fw(active)> set cli pager off

fw(active)> set

fw(active)> set cli

fw(active)> set cli scripting-mode fw(active)> set cli scripting-mode on

fw(active)> show system info

I can't tell if the firewall isn't interpreting the carriage return of is experiencing an issue with the interactive session.

Wondering if anyone else experienced this issue. I opened an case with support almost 3 weeks ago. Uploaded a bunch of debugs and screen shots, but not response from tech support since......

Thanks!

↧

Cattools hangs with busy

September 25, 2018, 2:01 pm

≫ Next: Disable paging on a Cisco ASA

≪ Previous: CatTools: No Results From Device.CLI.Send.commands script against Palo Alto 3050 firewall

After a failed activity it hangs with busy

↧

Disable paging on a Cisco ASA

September 18, 2014, 12:52 pm

≫ Next: Telnet Username

≪ Previous: Cattools hangs with busy

To disable paging, you can use Variations, and the following command:

Terminal pager 0

This works on an ASA 5520

↧

Telnet Username

December 21, 2009, 6:36 am

≫ Next: Device.CLI.Modify.Config problem - Did not receive expected response to command: system-view

≪ Previous: Disable paging on a Cisco ASA

Hi ,

I am trying to use Cattools to back up some Cisco Switches and Routers.

The problem I am having is that the devices are set up for login local and therefore require a Username and a password. I can't seem to find anywhere in the device setup to add the username and when I run the backup job I get

"Specified Username is invaid for device (prompt: Username:)"

This is the same with both the Cisco.Router.General and the Cisco.Switch.IOS types.

Help please !

Nigel

↧

Device.CLI.Modify.Config problem - Did not receive expected response to command: system-view

April 3, 2017, 6:36 pm

≫ Next: Connect failed:(-32534) Disconnect : Protocol error

≪ Previous: Telnet Username

I have a device that will not enter "configuration mode" because CatTools is not receiving "expected response"

The device type is "Huawei.General"

There are 2 different devices, one returns

<sysname-1>system-view

Enter system view, return user view with Ctrl+Z.

[sysname-1]

The other returns

<sysname-2>system-view

Enter system view, return user view with return command.

[sysname-2]

Is there a simple way to solve this problem?

↧

Connect failed:(-32534) Disconnect : Protocol error

July 28, 2016, 12:05 am

≫ Next: Disable paging on a Cisco ASA

≪ Previous: Device.CLI.Modify.Config problem - Did not receive expected response to command: system-view

Hi,

I'm trying to run commands on Redback.router but i get this error :

Connect failed:(-32534) Disconnect : Protocol error

I use SSH2 Method and when i click Telnet/SSH from the device, it open the connection corectly with Secure-CRT (with SSH2..)

I'm running 3.10 version of the cattools.

do you know what could be the problem ?

thanks

↧

Disable paging on a Cisco ASA

September 18, 2014, 12:52 pm

≫ Next: Trigger external powershell script

≪ Previous: Connect failed:(-32534) Disconnect : Protocol error

To disable paging, you can use Variations, and the following command:

Terminal pager 0

This works on an ASA 5520

↧

Trigger external powershell script

September 21, 2018, 7:31 am

≫ Next: Juniper MX 800 Wireless Controller Backups

≪ Previous: Disable paging on a Cisco ASA

Hello,

I am not as familiar with cattools so please forgive me if this is an easy one. Was not able to find anything from researching online. I have two sets of firewalls that I sync some configuration between them. (Think active/passive scenario). I have created two activities one that grabs the required commands and the other puts it on our backup device. It works well however errors are appearing on the backup because "bad" commands (the show commands for example) were giving bad responses.

I wrote a powershell script to clean up the dumped config from the first job however cannot figure out an easy way to have CatTools run my script after the first job is completed. Also is it possible to kick off a cattools job from command line? I would love to have the powershell script kick off the second job once it has finished so the chain is all executed in sequence.

Thanks for your help!

Patrick

↧

Juniper MX 800 Wireless Controller Backups

September 26, 2018, 1:19 pm

≫ Next: Trigger external powershell script

≪ Previous: Trigger external powershell script

Has anybody had any luck backing up the Juniper MX-800 wireless controlller? I am able to log into the device, but I get this error - "Did not receive VTY entry prompt from Trapeze.Wireless.Lan"

I am not sure what to do next. I know if I am access the wireless controller from terminal, I log in normally, but then I need to type "enable" to see the configuration.

I would appreciate any help you can provide me. Thank you!

↧

Trigger external powershell script

September 21, 2018, 7:31 am

≫ Next: HP Procurve configuration backup using SSH problem

≪ Previous: Juniper MX 800 Wireless Controller Backups

Hello,

Thanks for your help!

Patrick

↧

HP Procurve configuration backup using SSH problem

September 10, 2009, 6:49 am

≫ Next: Backup of NetScaler Config Terminating Unexpectedly

≪ Previous: Trigger external powershell script

Hello,

We have an HP Procurve J4903A Switch 2824 and it is integrated with RADIUS Server for authentication.
We are using Cat Tools 3.4 demo version and tried to configure the switch for configuraton backup using Method SSH2.
And using Device.Backup.Running Config Type and SSH Username/Password are supplied. When Run the backup it shows the errors:
"Did not receive expected prompt when entering enable mode", and "Aborting: Unable to enter enable mode".

Do anybody faced this issue with SSH? Please help me to solve this problem.

Regards,

Achu

↧

Backup of NetScaler Config Terminating Unexpectedly

June 29, 2017, 5:04 am

≫ Next: Cisco SF-300 Backup Problem- Did not receive command prompt after connecting via SSH

≪ Previous: HP Procurve configuration backup using SSH problem

I've suspected for a while that my NetScaler backup has been erroring out prematurely. I actually had some time to deal with it recent and upon review it looks like a special character or something is causing cattools to fail. As far as I can tell when I run the "show command" from Netscaler (v11.0) and compare it to the CatTools backup it appears like a the CatTools back up is choking on a regex line. The last character recorded on CatTools config backup is a "^". The next character after that is a "]" according to a "show config" command. Any ideas about this?

↧