Comments on: CISCO Router Forensics

By: Nico

Nico — Mon, 02 Mar 2009 12:04:06 +0000

Hm, you only realy need 1 command…

show tech

That should spit it all out…..

By: Alex

Alex — Wed, 07 Jan 2009 15:39:39 +0000

Many people still use RANCID to collect information about their routers (me included), which already does all the expect wizardry required. The commands that are run by rancid should be a good starting point.
On the other hand, you could just pull the files that RANCID stores into Splunk (or go all the way and use Splunk as backend instead of CVS/SVN).

By: Mike

Mike — Wed, 10 Dec 2008 02:49:30 +0000

I’ve found expect to be of more trouble than it’s worth for most scripts anymore, especially something like this. Assuming that the device has SSH enabled you should be able to run these commands directly without much interactivity (as Expect was designed for.)