Neophyte
ExpertBeen a while since I did this but I've had this need in the past & the easiest way is via Config Source indeed. I've done a config source in the past that was working properly with Palo Alto, Cisco ASA, Cisco IOS & NX-OS devices. Not sure what's your requirement, however, I'm leaving my code (might be outdated as it's old) just for you to use it if needed.
import com.santaba.agent.groovyapi.expect.Expect;
import com.santaba.agent.groovyapi.snmp.Snmp;
import com.santaba.agent.groovyapi.http.*;
import com.santaba.agent.groovyapi.jmx.*;
import org.xbill.DNS.*;
//added manually
import java.text.SimpleDateFormat;
import java.io.*;
//retrieve required properties
hostname = hostProps.get("system.displayname"); //Device Hostname
host = hostProps.get("system.hostname"); //Device IP
user = hostProps.get("ssh.user"); //SSH user
pass = hostProps.get("ssh.pass"); //SSH password
enable = hostProps.get("ssh.enable.pass"); //SSH password
systeminfo = hostProps.get("system.sysinfo"); //get the OS running on the box
foundDevice = false; //declaring variable
//login into device (SSH) and wait for the prompt
cli = Expect.open(host, user, pass);
//check device type (to decide which commands will input
if (systeminfo.contains("Cisco Adaptive Security")){ //if it's an ASA
if (enable != null){
//make sure we're connected (in case the expected prompt = true)
cli.expect(">"); //expected prompt (using RegEx due to the special characters)
// enter enable mode
cli.send("enable\n");
cli.expect(":");
cli.send(pass + "\n")
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
}else{
//make sure we're connected (in case the expected prompt = true)
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
}
//ensure the page-by-page view isn't active (same as 'terminal length 0')
cli.send("terminal pager 0\n");
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
//trigger the config backup
cli.send("sh route\n");
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
//retrieve file content
output = cli.before();
//logout from the device
cli.send("exit\n");
//close the ssh connection handle then print the config
cli.expectClose();
//end connection to the device
deviceRecon=true
foundDevice=true //this will lock the deviceRecon == True
}else{deviceRecon=false}
if (foundDevice==false){//only do this if the device type wasn't matched previously
if (systeminfo.contains("Cisco IOS") || systeminfo.contains("Cisco NX-OS") || systeminfo.contains("Cisco Internetwork Operating System")){//if it's a regular IOS/NX-OS
if (enable != null){
//make sure we're connected (in case the expected prompt = true)
cli.expect(">"); //expected prompt (using RegEx due to the special characters)
// enter enable mode
cli.send("enable\n");
cli.expect(":");
cli.send(pass + "\n")
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
}else{
//make sure we're connected (in case the expected prompt = true)
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
}
//ensure the page-by-page view isn't active (same as 'terminal length 0')
cli.send("terminal length 0\n");
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
//trigger the config backup
cli.send("sh ip route\n");
cli.expect(/\#/); //expected prompt (using RegEx due to the special characters)
//retrieve file content
output = cli.before();
//logout from the device
cli.send("exit\n");
//close the ssh connection handle then print the config
cli.expectClose();
//end connection to the device
deviceRecon=true
foundDevice=true
}else{deviceRecon=false}
}
if (foundDevice==false){//only do this if the device type wasn't matched previously
if (systeminfo.contains("Palo Alto")){ //if it's a regular IOS/NX-OS
def prompt = '[>#$]'
//make sure we're connected (in case the expected prompt = true)
cli.expect(prompt); //expected prompt (using RegEx due to the special characters)
cli.send("\n")
cli.expect(prompt)
prompt = "\\Q${cli.before().readLines().last().trim()}\\E${prompt}"
//set terminal paging off
cli.send('set cli pager off\n')
cli.expect("${prompt} set cli pager off")
cli.send("show routing route\n")
cli.expect("${prompt} show routing route")
cli.expect(prompt)
//retrieve file content
output = cli.before();
//set the terminal paging on
cli.send('set cli pager on\n')
cli.expect("${prompt} set cli pager on")
//close the ssh connection handle then print the config
cli.expectClose();
//end connection to the device
deviceRecon=true
foundDevice=true
}else{deviceRecon=false}
}
//only handle the output if the device was recognized
if (deviceRecon==true){
//check which delimeter line needs to be used
if (systeminfo.contains("Cisco NX-OS")){ //NX-OS needs to use a different delimeter line
delimeter_line="0.0.0.0/0"
}else{
delimeter_line="Gateway of last"
}
if (systeminfo.contains("Palo Alto")){ //Palo Alto needs to use a different delimeter line
delimeter_line="===="
}else{
delimeter_line="Gateway of last"
}
printfromhere=false //set this var to false (controls from where it starts the output (of the prev. command)
output.eachLine
{ line ->
if (line.contains(delimeter_line)){
printfromhere=true //set to true (means we reached the point to start the output
}
if (printfromhere==true){
/*filtering unwanted line(s)
- Gateway itself
- Empty lines
- Prompt line (containing the actual device hostname (unwanted)*/
if (line.contains("Gateway of last") || line.contains(/^\s*$/) || line.contains(hostname)){
//DoNothing
}else{
//removing the route time (within the routing table) since that timer is constantly changing (what triggers differences)
// ', ' using the string previously in order to split the line in 2 part (then choosing the first one)
lineOutput= line.minus(line + ",").split(", ")[0]
println lineOutput //output the line
}
}
}
}else{
println "Device OS didnt supported by this script yet!"
}
