Skip to content

RANCID Integration

Installation

Install RANCID and Subversion:

Text Only
1
apt-get install rancid subversion

We need to add a group for rancid to store configs in:

Text Only
1
nano /etc/rancid/rancid.conf

Add this line:

Text Only
1
LIST_OF_GROUPS="observium"

Change these two lines:

Text Only
1
2
CVSROOT=$BASEDIR/CVS; export CVSROOT
RCSSYS=cvs; export RCSSYS

to:

Text Only
1
2
CVSROOT=$BASEDIR/SVN; export CVSROOT
RCSSYS=svn; export RCSSYS

Run this command to create the folder structure:

Text Only
1
2
su - rancid
/var/lib/rancid/bin/rancid-cvs

Create a .cloginrc file:

Text Only
1
nano /var/lib/rancid/.cloginrc

Here is an example that works for Mikrotik devices:

Text Only
1
2
3
4
5
add user * rancid
add password * password
add identity * /var/lib/rancid/.ssh/id_dsa
add method * ssh
add noenable * {1}

Make sure you have your public key credentials in /var/lib/rancid/.ssh/

Test it out on your router! (In this example, your router is named myrouter)

Text Only
1
/var/lib/rancid/bin/mtlogin myrouter

Add www-data to the rancid group:

Text Only
1
 usermod -a -G rancid www-data

Observium Integration

Configuration

You can either change the below settings in the config.php or via the web-based configuration accessible from the right hand "cog" menu in the Observium web interface.

Update the Observium config so it knows how to use RANCID:

Text Only
1
 nano /opt/observium/config.php

Add these lines:

Text Only
1
2
 $config['rancid_configs'][]              = "/var/lib/rancid/observium/configs/";
 $config['rancid_ignorecomments']        = 0;

If you're running RANCID v3.x, add the following line :

Text Only
1
 $config['rancid_version'] = '3';

Restart apache:

Text Only
1
 /etc/init.d/apache2 restart

You should now see a config tab in Observium, with your configs there!

Observium has a script which can generate the router.db config based on what’s in Observium.

Text Only
1
2
3
4
 rancid@observium:/opt/observium/scripts$ php generate-rancid.php 
 # do not edit file directly!
 #RANCID router.db autogenerated by 
 router:mikrotik:up

Dump it in the RANCID config file with this command:

Text Only
1
 php /opt/observium/scripts/generate-rancid.php > /var/lib/rancid/observium/router.db

RHEL Installation

Minor

There are some minor differences to be aware of when running RANCID on RHEL. Instead of the configuration files being stored in /var/lib/rancid/, RHEL stores them in /var/rancid/. You may also need to change your RequiredRSASize in your /etc/ssh/ssh_config, as it is updated in RHEL 9.2 to 2048 bits.

For RHEL installations it is suggested that you update to RHEL 9.4. Installation instructions have not been tested for other versions!

Install rancid and subversion:

Text Only
1
dnf install rancid subversion

We need to add a group for rancid to store configs in:

Text Only
1
nano /etc/rancid/rancid.conf

Add this line:

Text Only
1
LIST_OF_GROUPS="observium"

Change these two lines:

Text Only
1
2
CVSROOT=$BASEDIR/CVS; export CVSROOT
RCSSYS=cvs; export RCSSYS

to:

Text Only
1
2
CVSROOT=$BASEDIR/SVN; export CVSROOT
RCSSYS=svn; export RCSSYS

Run this command to create the folder structure:

Text Only
1
2
su - rancid
rancid-cvs

Create a .cloginrc file:

Text Only
1
nano /var/rancid/.cloginrc

Here is an example that works for Mikrotik devices:

Text Only
1
2
3
4
5
add user * rancid
add password * password
add identity * /var/lib/rancid/.ssh/id_dsa
add method * ssh
add noenable * {1}

Make sure you have your public key credentials in /var/lib/rancid/.ssh/

Test it out on your router! (In this example, your router is named myrouter)

Text Only
1
/var/lib/rancid/bin/mtlogin myrouter

For RHEL installations, Add apache to the rancid group:

Text Only
1
 usermod -a -G rancid apache

After integration (see "Observium Integration" section), restart apache:

Text Only
1
 systemctl restart httpd

Automation

We can add this in cron to do this automatically.

If you want rancid to back up daily, then add something like this to cron:

Text Only
1
2
3
 0 5 * * * /var/lib/rancid/bin/rancid-run
 #hourly router dump
 50 23 * * * /usr/bin/find /var/lib/rancid/logs -type f -mtime   +2 -exec rm {} \;

The RANCID Config Search page allows you to search across all device configurations using regular expressions. Access it from the main menu under Configs > Config Search.

Permissions

Config Search requires user level 7 or above.

Searching

Enter a PCRE (Perl-Compatible Regular Expression) pattern in the search field and submit. Results are grouped by device, with matching lines highlighted and surrounding context lines shown.

Some example patterns:

Text Only
1
2
3
4
interface.*GigabitEthernet
ip address 10\.1\.
hostname|banner motd
snmp-server community

Search Options

Search Depth controls which config versions are searched:

  • Current Only -- searches the latest config for each device
  • All History -- searches all versions in the repository's history (git or svn)
  • Last 7/30/90/365 Days -- searches history within the specified time period

Context Lines controls how many lines of surrounding context are shown around each match (0--10 lines).

Multiline enables matching patterns that span multiple lines.

Inverse shows lines that do not match the pattern instead.

Case Sensitive makes the pattern match case-sensitively (by default matching is case-insensitive).

Filtering by Device

Use the device filter dropdown to limit the search to specific devices. Multiple devices can be selected.

Saved Patterns

Frequently used patterns can be saved and loaded from the dropdown next to the search field. Use the Save button to save the current pattern with its options, or the Manage button to open the Saved Patterns page.

Exporting Results

Search results can be exported as TXT or CSV using the export buttons in the results header. Exports include all matching devices and lines.