So this works great on the routers and switches, however I'm having issues with Cisco ASA. Because it requires first a login and then enable. Looks like enable command is not going through. Any one had any luck getting that working?

If a box requires an enable password then you need to configure your getpw.conf file with an 'IOS_ENABLE' keyword with the enable password itself. When the cisco_cfg_expect script runs it will use getpw to look up the enable secret password just like it uses the username to look up its password.

I believe that is all that should be required. You can test manually by executing the cisco_cfg_expect script directly. To be honest I've not used the enable part in quite some time now since we use tacacs which automatically sets the priv level to enable level for us. So, I've not tested it in awhile but it looks like it should work.

Thank you Matt, we use TACACS the same way however when it comes the firewalls TACACS won't put you at enable prompt automatically like routers or switches. So how do you pass those parameters for ASA's? I tried that but here is what I get:

can't read "PROMPT": no such variable
while executing
"expect {
# "denied" {
# send "\r"
# expect -re $PROMPT {send "en\r";continue}
# }
-re "word:" {continue}
-re $PROMPT {send "en\r";expe..."
(procedure "RUN_ENABLE" line 25)
invoked from within
"RUN_ENABLE"
invoked from within
"expect {

# Not enabled, send enable password
-re $PROMPT {
send "en\r"
expect "word:"
RUN_ENABLE
}

# Already enabled, keep going
-re $EP..."
(file "/opt/ona/bin/cisco_cmd" line 338)
May 31 07:17:28 [ONA:cfg_archive]: ERROR => 10.210.210.69: There was an issue co ntacting 10.210.210.69.


well hopefully now that I have the code on github I'll be a little better about applying fixes that have been around for years!.. sheesh.. Yes this was a known issue and I think the fix is all ready to go now in the github archive. Its just a two line addition.. Try refreshing your code from github and see if it fixes the problem.

Thanks

Matt you rock, thank you, yes those two lines fixed it. Just got two minor issues left:

- I think I messed up the link under /opt/bin/cisco_cmd and can't seem to get it fixed I believe it was pointing to /opt/ona/www/local/plugins//cfg_archive/bin/cisco_cfg_expect. However script is running fine so no big deal
- Main issue is that when the config gets downloaded it is only just the first screen seems like screen is not scrolling I'm assuming I'll have to change the pager line settings some where?

You should be able to execute 'ln -s /opt/ona/www/local/plugins/cfg_archive/bin/cisco_cfg_expect /opt/ona/bin/cisco_cmd' to get it fixed. It is just an alternate way to use the expect script logic to execute commands on your devices. It is similar to what some people refer to as 'looking glass'. I have configured a cron job that runs a 'write mem' on all devices once a day. It uses cisco_cmd to send the write mem command. This way I always have a saved configuration, and it will kick off an snmp trap to update the ona archive.

On your second issue, this is strange. The script does a 'term length 0' as its first operation after logging in. This should ensure you get the entire output with no prompts or other strangeness. It may be that the ASA does not support 'term length 0' ?? I've not messed with ASAs yet. I can't imagine why Cisco would change that however.

You should be able to execute 'ln -s /opt/ona/www/local/plugins/cfg_archive/bin/cisco_cfg_expect /opt/ona/bin/cisco_cmd' to get it fixed. It is just an alternate way to use the expect script logic to execute commands on your devices. It is similar to what some people refer to as 'looking glass'. I have configured a cron job that runs a 'write mem' on all devices once a day. It uses cisco_cmd to send the write mem command. This way I always have a saved configuration, and it will kick off an snmp trap to update the ona archive.

On your second issue, this is strange. The script does a 'term length 0' as its first operation after logging in. This should ensure you get the entire output with no prompts or other strangeness. It may be that the ASA does not support 'term length 0' ?? I've not messed with ASAs yet. I can't imagine why Cisco would change that however.

Thank you for the reply back Matt, I thought I tried linking it but it tells me that "file exists". It is not big deal and I have disabled the "wr mem" just the requirements for our network.

For the second issue yes for the ASA it is different, it is "terminal pager 0", so here is what I did to get it working:

send -h "term length 0\r"
send -h "term pager 0\r" (I added this line)


After I added that command in there it works now . Thank you again. Now just waiting on the next update to be able to compare startup with running . Just wanted to tell you again that your software is so much better than rancid. Can't wait to finish writing a blog. I have linked to your website from my blog though.