Comments (6)
Hi Josh!
Have you tried applying the oxidized debug configuration?
debug: true
This way we can better analyze what is happening when oxidized tries to connect to your Fortigate.
from oxidized.
Thanks for the quick response!
I have done so, I can see that the SSH appears to get in and sends through the commands to get the configs out. But after that there are just loads of "2 jobs running in parallel", obviously thats the two fortigates that haven't yet succeeded.
Nov 23 13:24:53 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:53.396631 #2017283] DEBUG -- : resolving DNS for FORTIGATE...
Nov 23 13:24:57 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:57.251800 #2017283] DEBUG -- : lib/oxidized/model/model.rb Executing show inventory | no-more
Nov 23 13:24:59 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:59.765683 #2017283] DEBUG -- : lib/oxidized/worker.rb: Added /FORTIGATE to the job queue
Nov 23 13:24:59 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:59.766136 #2017283] DEBUG -- : lib/oxidized/job.rb: Starting fetching process for FORTIGATE at 2023-11-23 13:24:59 UTC
Nov 23 13:24:59 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:59.767265 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: Connecting to FORTIGATE
Nov 23 13:24:59 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:24:59.912108 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:00 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:00.730706 #2017283] DEBUG -- : lib/oxidized/input/cli.rb: Running post_login commands at FORTIGATE
Nov 23 13:25:00 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:00.730926 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb get system status @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:00 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:00.731222 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.148704 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb config global @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.148895 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.551642 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb get system ha status @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.551898 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.957126 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb get hardware status @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:01 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:01.957359 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:02 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:02.362177 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb end @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:02 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:02.362567 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Nov 23 13:25:02 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:02.796538 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb show full-configuration | grep . @ FORTIGATE with expect: /^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/
Nov 23 13:25:02 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:25:02.796691 #2017283] DEBUG -- : lib/oxidized/input/ssh.rb: expecting [/^([-\w.]+(\s[(\w-.)]+)??\s?[#>$]\s?)$/] at FORTIGATE
Is there perhaps a better spot in the config to put the debug that would give me a better idea of what is failing, because this seems to suggest the login is working and its simply not reading the returned data.
I have also tested the regex and it seems to be fine as well.
Nov 23 13:35:02 dc1-oxidized oxidized[2017283]: D, [2023-11-23T13:35:02.972196 #2017283] DEBUG -- : lib/oxidized/node.rb: Oxidized::SSH failed for FORTIGATE
The above would seem to suggest that its SSH related. But I have tested SSH using the creds in the configs as well as the fortigates that are working have the same creds configured. Is it timing out perhaps because it cannot get the expected data back in time?
EDIT: in the .config/oxidized/logs/ dir I can see the IP of the fortigates with configs in them. Is this perhaps something else?
Thanks in advance.
from oxidized.
If you open the file located at .config/oxidized/logs/{Fortigate-IP}-ssh
you can see where exactly oxidized is "hanging". In my opinion, it presents a better visualization than the oxidized service logs.
If possible, could you share the result here? Of course, not displaying your Fortigate's settings, only the commands executed, and error messages, if any.
from oxidized.
So I have actually had this in my first deployment as well, in that case I removed the file, removed the device in Libre and readded everything and thats when it started to work (in my testing I mean). So I removed the files this time again to try that again, unfortunately no such luck this time.
I did get an output of the files before I removed them though. It appears that its getting to the last command and exiting.
Last entry in the log file is:
FORTIGATE $ exit
Currently trying to get it to regenerate the files, but yet to have any luck. Do you think its worth making the timeout something silly high like 20-30 mins?
from oxidized.
So I suspect I have semi figured out the issue but some clarification for it would be nice.
Essentially what seems to be the issue is that each of the larger config dumps takes roughly 6 minutes to be processed.
I have been testing with two Fortigates configured and when I set it down to just the one it work and the configs are taken (as I mentioned the completion for the Fortigate is normally 6 minutes into the run).
I increased the overall timeout for run to 960 seconds and added the second Fortigate back. As expected at roughly 12 minutes, both Fortigates configs complete successfully. I tried changing the threads to 60 from 30 assuming that perhaps it was taking to long to run each scan. Is there another setting I should be looking to change to get this down? I have more Fortigates that have about the same amount of lines in config, so making the timeout close to 30 minutes seems a little high. Unless this is expected behaviour?
Any info to clarify would be great!
from oxidized.
Possible duplicate of #1699, fixed should come with PR #2935.
from oxidized.
Related Issues (20)
- backups through ipsec tunnel not working after upgrade deb11 -> deb12 HOT 5
- Mikrotik backup issue HOT 5
- Cisco SmallBusiness is not working HOT 6
- Opnsense OPNsense 23.10.1_2-amd64 HOT 2
- Configuration commands in the tmos.rb module without a comment return nothing.
- Using oxidized to backup Cloudflare DNS records HOT 2
- oxidized-web error :: Puma caught this error: wrong number of arguments (given 3, expected 1..2) (ArgumentError) HOT 4
- Oxidized 0.29.1 with rvm - oxidized.service: Failed with result 'exit-code' HOT 1
- Mikrotik SwOS unathorized file... HOT 3
- Monkey-patching `post` section doesn't seem to work
- Oxidized gets stuck in pushing githubrepo
- Aruba Instant Access Points always generating new configs HOT 1
- Model settings preferred over group settings
- HP J4813A ProCurve Switch 2524 - Telnet using variables. HOT 1
- Issue with new model --> catching command-output with a Prompt-line HOT 1
- Unsupported HMAC algorithms - could not settle on hmac_client algorithm HOT 1
- Oxidized can't connect to FirewareOS device after Fireware v12.8.2 Update 1 - could not settle on kex algorithm [email protected] HOT 9
- Documentation lack of docker users when creating new config
- Issues regarding secret removal on NXOS
- Debian 12 Gem install fails HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oxidized.