Date created: Thursday, September 5, 2013 10:31:12 AM. Last modified: Thursday, April 13, 2023 11:47:25 AM

RANCID Filter

This script filters unwated updates from RANCID emails. It looks though each section within a RANCID update email and removes any that contain update info that is not configuration changes. Section are defined as starting with "=======================================". Within each device section in the update email, if there are the same number of lines starting with "-" and "- !" && "+" and "+ !" then nothing relating to the configuration of the device has changed, but perhaps a hardware change was detected instead, for example. Non-config related changes are still pushed to the CVS repo for storage, just not emailed out.

RANCID update emails change from this; http://pastebin.com/raw.php?i=hJX2mrmX

To this; http://pastebin.com/raw.php?i=FMY5C6dp

rancid-filter.sh

To implement the filter, assuming rancid is installed in to /var/lib/rancid (this was written on RANCID 2.3.2), add in a call to the filter script in control_rancid file;

# control_rancid diff

*** control_rancid_original	2013-09-05 10:48:30.596565993 +0100
--- control_rancid      	2013-09-05 10:41:26.060584671 +0100
***************
*** 459,464 ****
--- 459,470 ----
      svn diff | sed -e '/^+++ /d' -e 's/^\([-+ ]\)/\1 /' >$TMP.diff
  fi
  
+ # If there is diff output to be emailed out, pass it to the filter script.
+ # This script removed unwated sections from update emails to reduce "noise" in my inbox
+ if [ -s $TMP.diff ]; then
+     /var/lib/rancid/bin/filter.sh $TMP.diff
+ fi
+ 
  if [ $alt_mailrcpt -eq 1 ] ; then
      subject="router config diffs - courtesy of $mailrcpt"
  else
***************
*** 475,480 ****
--- 481,515 ----
  # Mail out the diffs (if there are any).
  if [ -s $TMP.diff ] ; then
  
+     # Diffs exist. Lets see if any filtered diffs exist?
+     # This would mean that the output of rancid has been modified becuase it contains  some "noise"
+     # (By "noise" I mean, unwanted information)
+     if [ -f $TMP.diff.filter ]
+     then
+ 
+         # A filtered version of the rancid output does exist, lets see if it is great than 1 line long.
+         # If not, this means the update only contained noise, so after filtering the update will be 1 or less lines long.
+         if [ `grep -c \$ $TMP.diff.filter` -gt 1 ] 
+         then
+ 
+     	    (
+ 	      echo "To: $mailrcpt"
+ 	      echo "Subject: $subject"
+ 	      echo "$MAILHEADERS" | awk '{L = "";LN = $0;while (LN ~ /\\n/) { I = index(LN,"\\n");L = L substr(LN,0,I-1) "\n";LN = substr(LN,I+2,length(LN)-I-1);}print L LN;}'
+ 	      echo ""
+ 	      if which diffstat >/dev/null; then
+ 	          diffstat $TMP.diff
+ 	      fi
+ 	      cat $TMP.diff.filter
+ 	    ) | sendmail -t
+ 
+         fi
+ 
+     # If the rancid update output was more than one line long, there was useful info to email out, so it was sent.
+     # If however, there was no filtered version of the output, then the rancid output was only useful information,
+     # So email it out;
+     else
+ 
          (
            echo "To: $mailrcpt"
            echo "Subject: $subject"
***************
*** 486,491 ****
--- 521,528 ----
            cat $TMP.diff
          ) | sendmail -t
  
+     fi
+ 
  fi
  
  # If any machines have not been reached within the last $OLDTIME


Previous page: Ping Scripts
Next page: Sysgrep (Syslog Alerting)