oxidized 0.35.0 → 0.36.0

data/docs/Model-Notes/ExaLink.md

@@ -0,0 +1,43 @@
+# Cisco Nexus 3550-F (ExaLink Fusion)
+
+The Cisco Nexus 3550-F (formerly Exablaze ExaLink Fusion) is an ultra-low-latency
+Layer 1/2 switch platform based on FPGA technology, primarily used in high-frequency
+trading and HPC environments. It runs a custom Linux-based OS with a proprietary CLI
+and JSON RPC API.
+
+## Device Configuration
+
+Create a read-only user for Oxidized on the device:
+
+```
+admin@N3550-F> configure user oxidized password <password>
+admin@N3550-F> configure user oxidized privilege read-only
+```
+
+## Oxidized Configuration
+
+```yaml
+source:
+  default: csv
+  csv:
+    file: "/home/oxidized/.config/oxidized/router.db"
+    delimiter: !ruby/regexp /:/
+    map:
+      name: 0
+      model: 1
+```
+
+Example `router.db` entry:
+
+```bash
+myswitch.example.com:exalink
+```
+
+## Notes
+
+- Both SSH and Telnet are supported. SSH is recommended.
+- The model collects `show version` (excluding uptime to avoid noisy diffs),
+  `show port`, and `show running-config`.
+- Timestamps (`!Time:`) are stripped from the running config to avoid noisy diffs.
+- The device prompt format is `hostname#` or `hostname>`.
+- This model was developed and tested against software version 1.16.0.

data/docs/Model-Notes/Fortinet.md

@@ -0,0 +1,75 @@
+# Fortinet models
+There are two models for Fortinet devices:
+- fortigate: for the FortiGate firewalls
+- fortios: for VM-Based appliances (FortiManager, FortiADC, FortiAnalyzer...)
+
+# Notes for both models
+## Configuration changes / hiding passwords
+Fortigate and Fortios re-encrypt their passwords every time the configuration is shown.
+This results in a lot of apparent configuration changes on every pull.
+
+To avoid this, you have two options:
+- remove secrets
+- save significant changes only
+
+### Remove secrets
+If you don't want to have a new version every time the configuration is
+downloaded, you can hide all secrets. Beware that you won't have a full backup, as all passwords will be replaced with <configuration removed>
+
+```yaml
+models:
+  fortigate:
+    vars:
+      remove_secret: true
+```
+
+### Save significant changes only
+You can [store the configuration only on significant changes](/docs/Configuration.md#store-configuration-only-on-significant-changes)
+by setting the [variable](#options-credentials-vars-etc-precedence)
+`output_store_mode` to `on_significant`. On FortiGate and FortiOS, this
+prevents Oxidized from saving a configuration when there were only changes to
+the encrypted passwords. Beware that you won't have the last backup if you only
+changed a password.
+
+```yaml
+vars:
+  output_store_mode: on_significant
+```
+
+# Notes for the FortiGate model
+## Create user oxidized with ED25519 public key
+You can use a user/password for retrieving the configuration or use a SSH public key:
+
+```text
+config system admin
+edit oxidized
+set trusthost1 192.0.2.1 255.255.255.255
+set accprofile "super_admin_readonly"
+set ssh-public-key1 "ssh-ed25519 AAAAThisIsJustAnExampleKey_UseYourOxidizedPUBLICKEY oxidized@librenms"
+end
+```
+
+## config vs. full config
+On FortiGate, you can get a configuration without default values (`show`) or
+including all default values (`show full-configuration`).
+
+The full configuration can be long and may cause timeouts.
+Starting with with oxidized 0.30.1, the default is to get the short configuration.
+
+If you need the full configuration, you can activate it in oxidized config file:
+```yaml
+models:
+  fortigate:
+    vars:
+      fullconfig: true
+```
+## Autoupdate
+You can get the result of `diagnose autoupdate version` by setting the [variable](#options-credentials-vars-etc-precedence) `fortigate_autoupdate` to `true`:
+
+```yaml
+vars:
+  fortigate_autoupdate: true
+```
+
+Note that the variable `fortios_autoupdate` is deprecated and will be removed
+in a future Version of Oxidized. Use `fortigate_autoupdate` instead.

data/docs/Model-Notes/IvantiConnectSecure.md

@@ -0,0 +1,59 @@
+### Ivanti Connect Secure (ICS)
+
+#### Overview
+
+This model provides support for Ivanti Connect Secure (ICS) appliances using REST API ([official documentation](https://help.ivanti.com/ps/help/en_US/ICS/22.x/22.7R2/22.xICSAG.pdf)).
+ICS stores its configuration as a binary ZIP archive (with `system.cfg` and `user.cfg` files) which is retrieved using the `/api/v1/system/binary-configuration` endpoint.
+
+The model performs an initial authentication against `/api/v1/realm_auth` using Basic Auth (`username`/`password`) and retrieves a temporary `api_key`.
+This key is then used for all further API requests during the Oxidized collection cycle.
+
+The model is designed to work with standard ICS deployments without requiring command-line access to the device.
+
+#### How Configuration Is Retrieved
+
+1. Oxidized authenticates using:
+
+```bash
+POST /api/v1/realm_auth
+```
+
+with:
+- Basic Auth: `username` + `password`
+- JSON body `{"realm": "<realm>"}`
+
+
+2. ICS returns a temporary:
+
+```json
+{ "api_key": "<token>" }
+```
+
+
+3. The configuration is fetched from:
+
+```bash
+GET /api/v1/system/binary-configuration
+```
+
+with:
+- `api_key` as `username`
+- `''` as `password`
+
+ICS responds with a BASE64-encoded ZIP archive containing the device configuration.
+The model stores this BASE64 value as a single uninterrupted line.
+
+
+#### Required Node Configuration
+
+In source (CSV, HTTP, SQL, etc.), simply define:
+
+```yaml
+model: ivanti
+username: <your username>
+password: <your password>
+vars:
+  realm: <your realm>   # Optional, default = "Users"
+```
+
+The model will automatically handle authentication and obtain the API key as stated above.

data/docs/Model-Notes/TrueNAS.md

@@ -0,0 +1,19 @@
+# TrueNAS
+
+This should support both older TrueNAS CORE (FreeBSD-based) and newer
+TrueNAS SCALE (Linux-based) devices.
+
+## Authentication
+
+Ensure that the user configured for oxidized to login to your device has the
+permissions to read the configuration database. On older devices, this would
+just work.
+
+On newer devices, the `/data/freenas-v1.db` file can only be read by the
+root user. You can make sure that the user that oxidized uses to login
+(`oxidized` in this example) can dump the configuration using `sudo` by
+adding something like this to your `/etc/sudoers` file:
+
+```
+oxidized ALL=(ALL) NOPASSWD: /usr/bin/sqlite3 file\:///data/freenas-v1.db?mode\=ro&immutable\=1 .dump
+```

data/docs/ModelUnitTests.md

@@ -4,6 +4,7 @@ effort to use. There are three different default unit tests for models:
 - [Device Simulation](ModelUnitTests.md#device-simulation)
 - [Device Prompt](ModelUnitTests.md#device-prompt)
 - [Secrets](ModelUnitTests.md#secrets)
+- [Significant Changes](ModelUnitTests.md#significant-changes)
 
 You only need to provide test files under [/spec/model/data](/spec/model/data),
 and the tests will be run automatically with `rake test`. See
@@ -187,6 +188,28 @@ pass:
   - 'hash-mgmt-user rocks password hash <secret removed> usertype read-only'
 ```
 
+## Significant Changes
+You can test if the model correctly detects significant changes from a YAML
+simulation file (`#simulation.yaml`) when run with variable
+`output_store_mode` set to `on_significant`.
+
+The output is checked against a file with the same 
+prefix as the yaml simulation file, but with the suffix
+`#significant_changes.yaml`.
+
+The `#significant_changes.yaml` file contains two sections with a list of
+strings or regular expressions to test:
+- pass: the test passes only if the output contains these strings (significant changes).
+- fail: the test fails if the output contain these strings (non-significant changes).
+
+```yaml
+pass:
+ - "! Processor ID: FCL2XXXXXXX"
+fail:
+ - "! Last configuration change at 13:57:08 CET Wed Mar 13 2024"
+ - "! NVRAM config last updated at 15:26:39 CET Wed Mar 13 2024 by oxidized"
+```
+
 ## Custom tests
 When you write custom tests for your models, please do not use the filenames
 mentioned above, as it will interfere with the standard tests. If you need to

data/docs/Outputs.md

@@ -211,9 +211,9 @@ output:
 
 Please note that user list is only updated once at creation.
 
-## Output: Http
+## Output: HTTP
 
-The HTTP output will POST a config to the specified HTTP URL. Basic username/password authentication is supported.
+The HTTP output will POST a config as JSON to the specified HTTP URL. It supports HTTP Basic Authentication, custom headers, and SSL/TLS verification control.
 
 Example HTTP output configuration:
 
@@ -221,11 +221,25 @@ Example HTTP output configuration:
 output:
   default: http
   http:
-    user: admin
-    password: changeit
     url: "http://192.168.162.50:8080/db/coll"
+    user: admin             # Optional - for HTTP basic auth
+    password: changeit      # Optional - for HTTP basic auth
+    ssl_verify: false       # Optional - verify SSL certs (default: false)
+    headers:                # Optional - custom HTTP headers
+      X-Custom-Header: "value"
+      X-API-Key: "secret"
 ```
 
+### Configuration Options
+
+| Option       | Required | Description                                             |
+|--------------|----------|---------------------------------------------------------|
+| `url`        | Yes      | Full HTTP/HTTPS URL to POST the config to               |
+| `user`       | No       | Username for HTTP Basic Authentication                  |
+| `password`   | No       | Password for HTTP Basic Authentication                  |
+| `ssl_verify` | No       | When `true`, verify SSL certificates (default: `false`) |
+| `headers`    | No       | Hash of custom HTTP headers to include in the request   |
+
 ## Output types
 
 If you prefer to have different outputs in different files and/or directories, you can easily do this by modifying the corresponding model. To change the behaviour for IOS, you would edit `lib/oxidized/model/ios.rb` (run `gem contents oxidized` to find out the full file path).

data/docs/Release.md

@@ -61,7 +61,7 @@ They test different ruby versions an run security checks on the code (codeql).
 6. Install an test the gem locally
 ```shell
 gem install --user-install pkg/oxidized-0.xx.yy.gem
-~/.local/share/gem/ruby/3.1.0/bin/oxidized
+~/.local/share/gem/ruby/3.3.0/bin/oxidized
 ```
 
 ## Release in github

data/docs/Ruby-API.md

@@ -10,11 +10,15 @@ The following objects exist in Oxidized.
 - [Model](#model)
   - [At the top level](#at-the-top-level)
     - [cfg](#cfg)
+    - [inputs](#inputs)
     - [cmd](#cmd)
     - [comment](#comment)
     - [prompt](#prompt)
     - [expect](#expect)
     - [pre / post](#pre--post)
+    - [macro :enable](#macro-enable)
+    - [clean :escape_codes](#clean-escape_codes)
+    - [clean :cut](#clean-cut)
   - [At the second level](#at-the-second-level)
     - [comment](#comment-1)
     - [password](#password)
@@ -26,9 +30,11 @@ The following objects exist in Oxidized.
     - [clear: true](#clear-true)
     - [prepend: true](#prepend-true)
   - [Refinements - String Convenience Methods](#refinements)
-    - [cut_tail](#cut_tail)
-    - [cut_head](#cut_head)
-    - [cut_both](#cut_both)
+  - [cut_tail](#cut_tail)
+  - [cut_head](#cut_head)
+  - [cut_both](#cut_both)
+  - [keep_lines](#keep_lines)
+  - [reject_lines](#reject_lines)
 
 ## Input
 
@@ -87,6 +93,40 @@ The block may contain commands to change some behaviour for the given methods
 
 Supports [monkey patching](#monkey-patching).
 
+#### 'inputs'
+`inputs` can be used to specify multiple inputs to be run on the model. It
+takes a list of either input symbols or lists of input symbols:
+```ruby
+  inputs [:ssh, %i[scp ftp]]
+  inputs [:ssh, :scp]
+```
+
+Oxidized will run the model against each item of `inputs`. If an item is a
+list of symbols (`%i[scp ftp]`), it will try each input in the order
+configured in the `input/default` section of the oxidized configuration file.
+
+If `inputs` is not specified, Oxidized will try each input that has a `cfg`
+section in the model, in the order configured in the `input/default` section
+of the oxidized configuration file.
+
+To specify which command is to run against which input, use the `input`
+parameter of the `cmd` configuration:
+```ruby
+  cmd 'upsabout', input: :ssh do |cfg|
+    comment cfg
+  end
+
+  cmd 'config.ini', input: %i[scp ftp] do |cfg|
+    "; ========== config.ini ==========\n" + cfg
+  end
+```
+
+`cmd` without `input` parameter will run against every input.
+
+
+See the [ApcAos model](/lib/oxidized/model/apcaos.rb) for a full example.
+
+
 #### `cmd`
 
 Is used to specify commands that should be executed on a model in order to
@@ -96,6 +136,7 @@ gather its configuration. It can be called with:
 * A string and a block
 * `:all` and a block
 * `:secret` and a block
+* `:significant_changes` and a block
 
 The block takes a single parameter `cfg` containing the output of the command
 being processed.
@@ -116,14 +157,27 @@ given block before emitting it to hide secrets if secret hiding is enabled. The
 block should replace any secrets with `'<hidden>'` and return the resulting
 string.
 
+Calling `cmd` with `:significant_changes` and a block will pass the final
+configuration to the given block. The resulting string should contain
+significant changes only and will be used to
+[decide if the configuration should be stored](Configuration.md#store-configuration-only-on-significant-changes).
+
 Execution order is `:all`, `:secret`, and lastly the command specific block, if
 given.
 
-The `cmd "string"` method for accepts a lambda function via the `:if` argument
+The `cmd "string"` method accepts a lambda function via the `:if` argument
 to execute the command only when the lambda evaluates to true.
 The lambda function is evaluated at runtime in the instance context.
 See [Conditional `cmd`](Creating-Models.md#conditional-cmd) for details.
 
+The `cmd "string"` method accepts a list of supported inputs via the `:input`
+argument to limit this command to specific inputs.
+```ruby
+  cmd 'config.ini', input: %i[scp ftp] do |cfg|
+    "; ========== config.ini ==========\n" + cfg
+  end
+```
+
 Supports [monkey patching](#monkey-patching).
 
 #### pre / post
@@ -167,6 +221,28 @@ it's further processed.
 
 Supports [monkey patching](#monkey-patching).
 
+#### `macro :enable`
+Implements an [handling of enable](Creating-Models.md#handling-enable-mode) for the model.
+
+#### `clean :escape_codes`
+[Remove ANSI escape codes](Creating-Models.md#remove-ansi-escape-codes) from the output.
+
+#### `clean :cut`
+Removes (default) the first and last line of the outputs (most of the time
+command echo and prompt).
+Arguments: head (default: 1), tail (default: 1)
+```ruby
+  clean :cut, head: 2, tail: 0
+```
+
+Equivalent to:
+```ruby
+  cmd :all do |cfg|
+    cfg.cut_both(2, 0)
+  end
+```
+
+
 ### At the second level
 
 The following methods are available:
@@ -223,7 +299,6 @@ This functionality is supported by `cfg`, `cmd`, `pre_*`, `post_*`, and `expect`
 blocks.
 
 #### `clear: true`
-
 Resets the existing block, allowing the user to completely override its contents.
 
 #### `prepend: true`
@@ -253,3 +328,9 @@ single line was present.
 
 Returns a multi-line string without the first and last lines, or an empty string
 if fewer than three lines were present.
+
+#### `keep_lines`
+Returns a multi-line string with only the lines matching any pattern (String or Regexp) given in an array.
+
+#### `reject_lines`
+Returns a multi-line string without the lines matching any pattern (String or Regexp) given in an array.

data/docs/Supported-OS-Types.md

@@ -2,6 +2,7 @@
 
 |Vendor              |OS model                      |oxidized model                                   |model maintainers|comment / model notes|
 |--------------------|------------------------------|-------------------------------------------------|-----------------|---------------------|
+|-generic-           |Cisco-like                    |[defacto](/lib/oxidized/model/defacto.rb)        |@ytti, @robertcheramy|[The defacto model may work on cisco like CLIs](/docs/Creating-Models.md#use-the-defacto-model)|
 |6WIND               |VSR                           |[sixwind](/lib/oxidized/model/sixwind.rb)        |@hcaldicott      |
 |A10 Networks        |ACOS                          |[acos](/lib/oxidized/model/acos.rb)              |                 |
 |Accedian Performance Elements (NIDs)|AEN           |[aen](/lib/oxidized/model/aen.rb)
@@ -17,7 +18,7 @@
 |Allied Telesis      |Alliedware Plus               |[awplus](/lib/oxidized/model/awplus.rb)
 |                    |AT-8000S, AT-8000GS series    |[powerconnect](/lib/oxidized/model/powerconnect.rb)
 |Alvarion            |BreezeACCESS                  |[alvarion](/lib/oxidized/model/alvarion.rb)
-|APC                 |AOS                           |[apc_aos](/lib/oxidized/model/apc_aos.rb)        |@robertcheramy   |[APC AOS](Model-Notes/APC_AOS.md)
+|APC                 |AOS                           |[apcaos](/lib/oxidized/model/apcaos.rb)          |@robertcheramy   |[APC](Model-Notes/APC.md)
 |Arbor Networks      |ArbOS                         |[arbos](/lib/oxidized/model/arbos.rb)            |                 |[ArbOS](Model-Notes/ArbOS.md)
 |Arista              |EOS                           |[eos](/lib/oxidized/model/eos.rb)                |                 |[EOS](Model-Notes/EOS.md)
 |Arris               |C4CMTS                        |[c4cmts](/lib/oxidized/model/c4cmts.rb)
@@ -52,6 +53,7 @@
 |                    |AsyncOS                       |[asyncos](/lib/oxidized/model/asyncos.rb)
 |                    |CatOS                         |[catos](/lib/oxidized/model/catos.rb)
 |                    |Cisco Catalyst Express        |[ciscoce](/lib/oxidized/model/ciscoce.rb)
+|                    |ExaLink Fusion (Nexus 3550-F) |[exalink](/lib/oxidized/model/exalink.rb)        |@obol89          |[ExaLink](Model-Notes/ExaLink.md)
 |                    |FireLinuxOS                   |[firelinuxos](/lib/oxidized/model/firelinuxos.rb)
 |                    |IOS                           |[ios](/lib/oxidized/model/ios.rb)                |@robertcheramy   |[IOS](Model-Notes/IOS.md)
 |                    |IOSXR                         |[iosxr](/lib/oxidized/model/iosxr.rb)
@@ -74,7 +76,7 @@
 |DELL                |PowerConnect                  |[powerconnect](/lib/oxidized/model/powerconnect.rb)
 |                    |AOSW                          |[aosw](/lib/oxidized/model/aosw.rb)              |                 |Same model as Aruba Wireless
 |                    |DellX                         |[dellx](/lib/oxidized/model/dellx.rb)
-|                    |Dell EMC Networking OS6       |[os6](/lib/oxidized/model/os6.rb)              |                 |[Dell EMC Networking OS6](Model-Notes/OS6.md)
+|                    |Dell EMC Networking OS6       |[os6](/lib/oxidized/model/os6.rb)                |                 |[Dell EMC Networking OS6](Model-Notes/OS6.md)
 |                    |Dell EMC Networking OS10      |[os10](/lib/oxidized/model/os10.rb)              |                 |[Dell EMC Networking OS10](Model-Notes/OS10.md)
 |D-Link              |D-Link                        |[dlink](/lib/oxidized/model/dlink.rb)
 |                    |D-Link cisco like CLI         |[dlinknextgen](/lib/oxidized/model/dlinknextgen.rb)
@@ -98,10 +100,12 @@
 |Firebrick           |FBxxxx                        |[firebrick](/lib/oxidized/model/firebrick.rb)
 |Force10             |DNOS                          |[dnos](/lib/oxidized/model/dnos.rb)
 |                    |FTOS                          |[ftos](/lib/oxidized/model/ftos.rb)
-|FortiGate           |FortiOS                       |[fortios](/lib/oxidized/model/fortios.rb)        |                 |[FortiOS](Model-Notes/FortiOS.md)
-|FortiWLC            |FortiWLC                      |[fortiwlc](/lib/oxidized/model/fortiwlc.rb)
+|Fortinet            |FortiGate                     |[fortigate](/lib/oxidized/model/fortigate.rb)    |@robertcheramy   |[Fortinet](Model-Notes/Fortinet.md)
+|                    |FortiOS                       |[fortios](/lib/oxidized/model/fortios.rb)        |@robertcheramy   |[Fortinet](Model-Notes/Fortinet.md)
+|                    |FortiWLC                      |[fortiwlc](/lib/oxidized/model/fortiwlc.rb)
 |Fujitsu             |PRIMERGY Blade switch 1/10Gbe |[fujitsupy](/lib/oxidized/model/fujitsupy.rb)
 |                    |1FINITY Switches              |[onefinity](/lib/oxidized/model/onefinity.rb)
+|[Garderos](https://garderos.com/) |GRS (Garderos Router Software) |[garderos](/lib/oxidized/model/garderos.rb) | @robertcheramy  |Routers for harsh environments
 |GCOM Technologies   |Broadband Network Platform Software|[gcombnps](/lib/oxidized/model/gcombnps.rb)
 |Grandstream Networks|GSX                           |[grandstream](/lib/oxidized/model/grandstream.rb)
 |Hatteras            |Hatteras                      |[hatteras](/lib/oxidized/model/hatteras.rb)
@@ -119,6 +123,7 @@
 |Icotera             |6400 series                   |[icotera](/lib/oxidized/model/icotera.rb)
 |Ingate              |SIParator/Firewalls           |[ingate](/lib/oxidized/model/ingate.rb)          |@thanegill
 |IP Infusion         |OcNOS                         |[ocnos](/lib/oxidized/model/ocnos.rb)
+|Ivanti              |Ivanti Connect Secure (ICS)   |[ivanti](/lib/oxidized/model/ivanti.rb)          |@candleflip      |[ICS](Model-Notes/IvantiConnectSecure.md)
 |Juniper             |JunOS                         |[junos](/lib/oxidized/model/junos.rb)            |                 |[MX/QFX/EX/SRX/J Series](Model-Notes/JunOS.md)
 |                    |ScreenOS (Netscreen)          |[screenos](/lib/oxidized/model/screenos.rb)
 |LANCOM Systems GmbH |LCOS                          |[lancom](/lib/oxidized/model/lancom.rb)
@@ -127,7 +132,7 @@
 |Linuxgeneric        |CentOS                        |[linuxgeneric](/lib/oxidized/model/linuxgeneric.rb)|               |[LinuxGeneric](Model-Notes/LinuxGeneric.md)
 |Mellanox            |MLNX-OS                       |[mlnxos](/lib/oxidized/model/mlnxos.rb)
 |                    |Voltaire                      |[voltaire](/lib/oxidized/model/voltaire.rb)
-|Mikrotik            |RouterOS                      |[routeros](/lib/oxidized/model/routeros.rb)      |  |[RouterOS](Model-Notes/RouterOS.md)
+|Mikrotik            |RouterOS                      |[routeros](/lib/oxidized/model/routeros.rb)      |                 |[RouterOS](Model-Notes/RouterOS.md)
 |                    |SwOS and SwOS Lite            |[swos](/lib/oxidized/model/swos.rb)
 |Mimosa              |Mimosa (B11)                  |[mimosab11](/lib/oxidized/model/mimosab11.rb)
 |Motorola            |RFS                           |[mtrlrfs](/lib/oxidized/model/mtrlrfs.rb)
@@ -138,6 +143,7 @@
 |Netgear             |Netgear switches              |[netgear](/lib/oxidized/model/netgear.rb)        |                 |[Netgear](Model-Notes/Netgear.md)
 |Netonix             |WISP Switch (As Netonix)      |[netonix](/lib/oxidized/model/netonix.rb)
 |Nokia (formerly TiMetra, Alcatel, Alcatel-Lucent)|SR OS (TiMOS)|[sros](/lib/oxidized/model/sros.rb)  |                 |[Nokia ISAM](Model-Notes/Nokia.md)
+|                    |SR OS Model-Driven CLI (7705 SAR, 7210 SAS, 7450 ESS, 7750 SR, 7950 XRS, NSP) |[srosmd](/lib/oxidized/model/srosmd.rb) | |
 |OneAccess           |OneOS                         |[oneos](/lib/oxidized/model/oneos.rb)
 |                    |TDRE                          |[tdre](/lib/oxidized/model/tdre.rb)
 |OpenBSD             |                              |[openbsd](/lib/oxidized/model/openbsd.rb)
@@ -152,13 +158,16 @@
 |Pure Storage        |PurityOS                      |[purityos](/lib/oxidized/model/purityos.rb)
 |Radware             |AlteonOS                      |[alteonos](/lib/oxidized/model/alteonos.rb)
 |Raisecom            |Raisecom                      |[raisecom](/lib/oxidized/model/raisecom.rb)
+|Riverbed            |SteelHead                     |[riverbed](/lib/oxidized/model/riverbed.rb)
 |Ruijie Networks     |RGOS                          |[rgos](/lib/oxidized/model/rgos.rb)
 |QTECH               |QSW-2800, QSW-3400, QSW-3450, QSW-3500|[qtech](/lib/oxidized/model/qtech.rb)
 |Quanta              |Quanta / VxWorks 6.6 (1.1.0.8)|[quantaos](/lib/oxidized/model/quantaos.rb)
 |Siklu               |EtherHaul                     |[siklu](/lib/oxidized/model/siklu.rb)            |@bdg-robert
 |                    |Multihaul TG                  |[siklumhtg](/lib/oxidized/model/siklumhtg.rb)    |@bdg-robert      |[Siklu Multihaul TG](Model-Notes/SikluMHTG.md)
 |Seiko Solutions     |SmartCS, SmartCS mini         |[smartcs](/lib/oxidized/model/smartcs.rb)
+|SmartByte           |LT-S8228G series              |[smartbyte](/lib/oxidized/model/smartbyte.rb)    |@freddy36
 |SonicWALL           |SonicOS                       |[sonicos](/lib/oxidized/model/sonicos.rb)
+|[SONiC](https://sonicfoundation.dev/) |Enterprise SONiC |[enterprise_sonic](/lib/oxidized/model/enterprise_sonic.rb) | |
 |SNR                 |SNR-S300G, S2xxx, S3xxx, S4xxx|[dcnos](/lib/oxidized/model/dcnos.rb)
 |Speedtouch          |Thomson Speedtouch            |[speedtouch](/lib/oxidized/model/speedtouch.rb)
 |Supermicro          |SSE-G2252, G2252P             |[edgecos](/lib/oxidized/model/edgecos.rb)
@@ -176,14 +185,14 @@
 |                    |Edgeos                        |[edgeos](/lib/oxidized/model/edgeos.rb)
 |                    |EdgeSwitch                    |[edgeswitch](/lib/oxidized/model/edgeswitch.rb)
 |                    |AirFiber                      |[airfiber](/lib/oxidized/model/airfiber.rb)
-|                    |UnifiAP                       |[unifiap](/lib/oxidized/model/unifiap.rb)              |@clifcox      |Also suports AirOS, and some Unifi switches
-|Uplink              |EP4440-DP                     |[EP4440](/lib/oxidized/model/uplinkolt.rb)             | |Might support all EP4440 series
+|                    |UnifiAP                       |[unifiap](/lib/oxidized/model/unifiap.rb)        |@clifcox         |Also suports AirOS, and some Unifi switches
+|Uplink              |EP4440-DP                     |[EP4440](/lib/oxidized/model/uplinkolt.rb)       |                 |Might support all EP4440 series
 |VMWare              |NSX Edge (configuration)      |[nsxconfig](/lib/oxidized/model/nsxconfig.rb)
 |                    |NSX Edge (firewall rules)     |[nsxfirewall](/lib/oxidized/model/nsxfirewall.rb)
 |                    |NSX Distributed Firewall      |[nsxdfw](/lib/oxidized/model/nsxdfw.rb)
-|VYOS Networks       |VYOS                          |[vyos](/lib/oxidized/model/vyos.rb)
-|                 |Fork of Vyatta, tracking the supported versions (>= 1.4.x)
+|VYOS Networks       |VYOS                          |[vyos](/lib/oxidized/model/vyos.rb)              |                 |Fork of Vyatta, tracking the supported versions (>= 1.4.x)
 |Watchguard          |Fireware OS                   |[firewareos](/lib/oxidized/model/firewareos.rb)
+|Waystream (PacketFront)|iBOS (Intelligent Broadband OS)|[ibos](/lib/oxidized/model/ibos.rb)
 |Westell             |Westell 8178G, Westell 8266G  |[weos](/lib/oxidized/model/weos.rb)
 |Yadro               |KornfeldOS                    |[kornfeldos](/lib/oxidized/model/kornfeldos.rb) 
 |YAMAHA              |YAMAHA NVR/RTX Series         |[yamaha](/lib/oxidized/model/yamaha.rb)
@@ -193,5 +202,7 @@
 |Zyxel               |ZyNOS                         |[zynos](/lib/oxidized/model/zynos.rb)            |                 |[XGS4600 Series](Model-Notes/XGS4600-Zyxel.md)
 |                    |ZyNOS GS-series variant       |[zynosgs](/lib/oxidized/model/zynosgs.rb)
 |                    |ZyNOS ADSL                    |[zynosadsl](/lib/oxidized/model/zynosadsl.rb)
+|                    |ZyNOS CLI (DSLAMs, e.g. SAM1316)|[zynoscli](/lib/oxidized/model/zynoscli.rb)
+|                    |ZyNOS MGS series              |[zynosmgs](/lib/oxidized/model/zynosmgs.rb)
 |                    |NDMS                          |[ndms](/lib/oxidized/model/ndms.rb)
 |                    |1308                          |[zy1308](/lib/oxidized/model/zy1308.rb)

data/docs/Troubleshooting.md

@@ -86,7 +86,7 @@ ssh-keyscan gitserver.git.com >> ~/.ssh/known_hosts
 
 If you are running oxidized in a container, you need to map /home/oxidized/.ssh in the
 container to a local repository and save the known_hosts in the local repository. You can
-find an example how to do this under [examples/podman-compose](/examples/podman-compose/)
+find an example how to do this under [Docker.md](Docker.md#store-the-ssh-keys-a-remote-git-repository)
 
 ## Oxidized ignores the changes I made to its git repository
 First of all: you shouldn't manipulate the git repository of oxidized. Don't

data/extra/device2yaml.rb

@@ -91,9 +91,8 @@ def yaml_output(prepend = '')
 
   prepend = @sequence_prepend_output + prepend
 
-  # as we want to prepend 'prepend' to each line, we need each_line and chomp
-  # chomp removes the trainling \n
-  @ssh_output.each_line(chomp: true) do |line|
+  # each_line(chomp: true) would remove \r\n, so we prefer split
+  @ssh_output.split("\n", -1).each do |line|
     # encode line and remove the first and the trailing double quote
     line = line.dump[1..-2]
     if firstline

data/extra/hooks/modelrules.rb

@@ -0,0 +1,55 @@
+### script in ~/config/oxidized/hook/modelrules.rb ## or OXDIZED_HOME equivalent
+###
+### router.db:
+### router1:1.1.1.1:routeros::mikrotik
+### router2:2.2.2.2:ios:switch:cisco
+### router3:3.3.3.3:routeros:switch:mikrotik
+###
+### config:
+### source:
+###   default: csv
+###   csv:
+###     file: "/Users/ytti/.config/oxidized/router.db"
+###     delimiter: !ruby/regexp /:/
+###     map:
+###       name: 0
+###       ip: 1
+###       model: 2
+###       group: 3
+### hooks:
+###   somename:
+###     type: modelrules
+###     events: ["source_node_transform"]
+###     rules:
+###        - vendor: mikrotik
+###          group: switch
+###          model: eltex
+###
+### Nodes BEFORE script:
+### {name: "router1", ip: "1.1.1.1", model: "routeros", group: ""}
+### {name: "router2", ip: "2.2.2.2", model: "ios", group: "switch"}
+### {name: "router3", ip: "3.3.3.3", model: "routeros", group: "switch"}
+###
+### Nodes AFTER script:
+### {name: "router1", ip: "1.1.1.1", model: "routeros", group: ""}
+### {name: "router2", ip: "2.2.2.2", model: "ios", group: "switch"}
+### {name: "router3", ip: "3.3.3.3", model: "eltex", group: "switch"}
+class ModelRules < Oxidized::Hook
+  def validate_cfg!
+    raise KeyError, 'hook.rules is required' unless cfg.has_key?('rules')
+  end
+
+  def run_hook(ctx)
+    # node is the node[key] that we'd return without manipulation
+    node = ctx.node ## e.g. node[:ip], node[:model] - what ever config maps
+
+    ## node_raw is source specific, in CSV it is just the field number, in HTTP it is JSON
+    vendor = ctx.node_raw[4]
+
+    cfg.rules.each do |rule|
+      node[:model] = rule['model'] if node[:group] == rule['group'] && vendor == rule['vendor']
+    end
+
+    node
+  end
+end