Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
Rancid is a "Really Awesome New Cisco confIg Differ" developed to
maintain CVS controlled copies of router configs.

*** The Following Information is Very Important ****
Rancid 2.3 introduces a new directory layout.  It has been changed to more
closely follow the standard path hierarchy, which is defined by the FHS
standard and autoconf, and/or make these locations more easily configurable
within rancid.

The obvious advantage of this is making rancid more easily packagable; i.e.:
NetBSD pkgsrc, FreeBSD port, Linux RPM, etc.

Please please please please read the UPGRADING file for more information.

The following is the packing list for Rancid, excluding files supporting
configure (autoconf) and make.  .in is stripped from the files below by
configure as substitutions are completed:

README		This file.
README.lg	Information about the Looking Glass.
BUGS		Bug list.
CHANGES		List of changes to Rancid.
FAQ		Frequently Asked Questions
Todo		Partial list of what needs to be done.
UPGRADING	Notes on upgrading rancid to a new version.
cloginrc.sample	TCL commands to set passwords, usernames etc. used by clogin
		and jlogin.  See cloginrc(5)
	lg.conf.sample		Sample Looking Glass configuration
	rancid.conf.sample	Sample RANCID configuration
	rancid.types.base	RANCID default device type configuration
	rancid.types.conf	RANCID user-defined device type configuration
bin/	Expect script that logs into routers and either presents
			an interactive shell, runs a set of commands, or runs
			another expect script.  It handles Cisco, Extreme,
			Force10, Juniper E-series, Procket, Redback, Zebra/MRT.
			Builds router list, calls rancid on each router and
			handles cvs routines.
	hpuifilter.c	HP procurve login filter - see hlogin(1).		Parallel processing of commands - any commands.	Creates all of the CVS and config directories.	Script designed to be run from cron.	Chooses between rancid/[abefhjrx]rancid/cat5rancid.	Runs commands on cisco routers and processes the output.	Version of for Cisco Anomaly Guard Module (AGM)	Version of for Arbor Networks appliances.	Version of for Alteon switches.	Version of for baynet/nortel routers.	Version of for Cisco Catalyst switches.	Version of for Cisco CSS switches.	Version of for ADC EZ-T3 muxes.	Version of for Force10 routers.	Version of for F5 BigIPs.	Version of for Fortinet Firewalls.	Version of for Foundry switches.	Version of that is generic w/ specific libs.	Version of for HP Procurve switches.	Version of for Hitatchi routers.	Version of for Juniper E-series routers.	Version of for MRT daemons.	Version of for Microtik routers.	Version of for Netscreen firewalls.	Version of for Netscalars.	Version of for Procket routers.	Version of for Riverstone routers.	Version of for Redback routers.	Version of for SMC switches.	Version of for TNT access servers.	Version of for Xirrus arrays.	Version of for Extreme switches.	Version of for Zebra routers.	Version of for Alteon switches.	Version of for baynet/Nortel routers.	Version of for ADC EZ-T3 muxes.	Version of for Foundry switches.  If foundry
			cleaned-up their bloody UI, clogin should do the job.	Version of for HP procurve switches.	Version of for Hitatchi routers.	Version of for Juniper routers.	Version of for Microtik routers.	Version of for Netscreen firewalls.	Version of for Netscalars.	Version of for Riverstone routers.	Version of for TNT access servers.	Version of for Xirrus arrays.
man/		man pages
share/		Readmes, samples, utilities, contribs, etc
include/	Include files and rancid version.h

Also see rancid_intro(1), rancid(1), and clogin(1).

The following (non-exhaustive list) are included as part of the installation
and configuration tools:	processed by automake to produce	processed by configure to produce Makefile
acinclude.m4	sets some GNU autoconf options
aclocal.m4	Output of GNU autoconf script
configure	GNU autoconf script	Input file for autoconf to procide configure
depcomp		part of GNU autoconf
install-sh	GNU autoconf shell script to simulate BSD style install
missing		part of GNU autoconf
mkinstalldirs	GNU autoconf shell script to make installation directories

rancid will also need to have the following packages:
cvs		Code revision system available from
gnudiff		gnudiff provides the uni-diff (-u) option.  If you do not have
		a diff that supports -u, configure will set-up rancid to use
		'diff -c' or 'diff -C'.
perl5		perl version 5 or greater available from
expect  We highly suggest that you stick to
		expect 5.24.1 (or so).  This seems to work best.  Note that
		you need to have the accompanying tcl &/ tk.
svn		Code revision system, an alternative to cvs.  Available from  Use the configure
		option --with-svn to configure for Subversion.
tcl		Required by expect.

Bill Fenner (now maintained by others) has a cgi script for interacting
with CVS repositories via a web interface.  This provides a great way to
view rancid diffs and full configs, especially for those unfamiliar with
cvs.  The package is not included, but can be found here:

Quick Installation Guide (an example):

1) ./configure [--prefix=<basedir>]
   By default, rancid will be installed under /usr/local/rancid (the default
   "prefix").  This can be overridden with the --prefix option.  E.g.:

	./configure --prefix=/home/rancid

   Rancid uses autoconf's "localstatedir" as the location of it's logs,
   CVS or Subversion respository, and directories where it's groups are
   placed.  The user who will run rancid (from cron, etc) will need write
   access to these directories.  By default, this is <prefix>/var, or
   /home/rancid/var following the example above.

   We realize that this is not optimal, but it follows the standards.  We
   suggest that this be altered to include the package name, like so:

	./configure --prefix=/home/rancid \

   The user who will run rancid must have write permission in "localstatedir".

   See ./configure --help for other configure options.

2) make install

3) Modify <sysconfdir>/rancid.conf (e.g.: <basedir>/etc/rancid.conf).  The
   variable LIST_OF_GROUPS is a space delimited list of router "groups".
	LIST_OF_GROUPS="backbone aggregation switches"

4) Put .cloginrc in the home directory of the user who will run rancid.
   .cloginrc must be not be readable/writable/executable by "others",
   i.e.: .cloginrc must be mode 0600 or 0640.

5) Modify .cloginrc.

   Test to make sure that you can log into every router.

   Note: the juniper user you use *must* log into a cli shell (which
   is the default on a juniper).

   See the file cloginrc.sample, located in <datadir> (<basedir>/share/rancid),
   for examples and good starting point.  Also take a look at the cloginrc
   manual page, 'man -M <basedir>/man cloginrc'.

6) Modify /etc/aliases
   Rancid sends the diffs and other administrative emails to rancid-<GROUP>
   and problems to rancid-admin-<GROUP>, where <GROUP> is the "GROUP" of
   routers.  This way you can separate your backbone routers from your
   access routers or separate based upon network etc...  Different router
   uses forced different people being interested in router "groups" -
   thus this setup.  Make sure email to rancid-<GROUP> works.  /etc/aliases
   can be maintainable by Majordomo stuff, but make sure the user that
   runs rancid can post to the list.

   The Precedence header set to bulk or junk *hopefully* avoids replies from
   auto-responders and vacation type mail filters.

   The --enable-mail-plus option to configure will set each of the "rancid-"
   addresses mentioned above to "rancid+".  See sendmail's operation manual
   for more information on handling of '+'.

   The --enable-adminmail-plus configure option will set each of the
   "rancid-admin-" addresses mentioned above to "rancid-admin+".  If this
   option is not used, the value of --enable-mail-plus is assumed.  That is,
   the addresses will be "rancid+", if it is specified.

7) Run rancid-cvs.
   This creates all of the necessary directories and config files for
   each of the groups in LIST_OF_GROUPS and imports them into CVS (or
   Subversion).  This will also be run each time a new group is added.  Do
   not create the directories or CVS repository manually, allow rancid-cvs
   do it.  Also see 'man -M <basedir>/man rancid-cvs'.

8) For each "group", modify the router.db file in the group directory.
   The file is of the form "router:mfg:state" where "router" is
   the name (we use FQDN) of the router, mfg is the manufacturer
   from the set of (cat5|cisco|juniper) (see router.db.5 for a complete
   list and description), and "state" is either up or down.  Each router
   listed as "up" will have the configuration grabbed.  Note: manufacturer
   cat5 is intended only for cisco catalyst switches running catalyst (not
   IOS) code.

   e.g.: <localstatedir>/<group>/router.db:

9) For first-time users or new installations, run bin/rancid-run (with no
   arguments) and check the resulting log file(s) (in logs/*) for errors.
   Repeat until there are no errors.

10) Put rancid-run in cron to be called however often you want it to
   run for each group (rancid-run [<GROUP>]).  If you run it less
   often than once/hour, check the setting of OLDTIME in etc/rancid.conf.
	# run config differ hourly
	1 * * * * <BASEDIR>/bin/rancid-run
	# clean out config differ logs
	50 23 * * * /usr/bin/find <localstatedir>/logs -type f -mtime +2 -exec rm {} \;

11) Note: If you are using any of these programs (other than
    rancid-run) out of cron, make sure that you set your $PATH
    correctly so that they work.  E.g.: if you are using clogin,
    it can call id, telnet, ssh, and/or rsh.

    configure already makes sure that $PATH is set correctly in
    etc/rancid.conf for rancid-run, so you could use the $PATH from there. e.g.:

	50 23 * * * . <sysconfdir>/rancid.conf; clogin -c 'sh vers' router

12) Send any bugs, suggestions or updates to
    See the web page at  We have
    created the standard mailing lists for those interested; and
    Subscribe by sending an email whose body contains "subscribe
    rancid-<announce or discuss>" to

    If you are reporting problems, please include the version of rancid,
    expect, and your OS in the email.

Problem with clogin/telnet hanging within rancid or scripts?

If you have experienced rancid (or more precisely, telnet) hanging on a
solaris 2.6 box; check to be sure you have the following two o/s patches
installed (see showrev -p).  There may be more recent versions of these
patches and they are likely included with 2.7 and 2.8: 

Patch-ID# 105529-08
Keywords: security tcp rlogin TCP ACK FIN packet listen
Synopsis: SunOS 5.6: /kernel/drv/tcp patch

Patch-ID# 105786-11
Keywords: security ip tcp_priv_stream routing ip_enable_group_ifs ndd
Synopsis: SunOS 5.6: /kernel/drv/ip patch

Another contributor to rancid "hanging", with or without the o/s patches
mentioned above, is a bug in expect/tcl.  We've noticed that expect (from
5.24.1 forward), and whatever tcl happens to compile with it, exhibits a
problem on Linux and Solaris where rancid's scripts hang waiting for input
from the device.  Patches to expect are available on the rancid web page.

Also, for rancid 2.3 and later, changes were made to the login scripts
which use some more elaborate regexes that have failed with expect versions
prior to 5.40.  While 5.40 works, it still seems to need the patch offered
on the rancid web page for Linux and Solaris.

See for additional notes on this.









No releases published


No packages published