Network Change & Configuration Management

Reply

Script for change syslog don't work - cisco

BBarbosa
Techie
Posts: 13
2472     0

Gentlemen,

I made a script with CCS to check if there is already the configuration of syslog in cisco equipment, if you do not have to enter the configuration lines,
but I encounter a problem in the following part of the script:

Action-Commands: {$enable_changes eq "on"}
config t

the top is the last applied, soon after the timeout exists !!!
Below are the commands that should be applied:

 

Action-Commands: { $have_server1 ne "yes" and $do_server1 ne ""}
logging $do_server1
Action-Commands: { $have_server2 ne "yes" and $do_server2 ne ""}
logging $do_server2
Action-Commands: { $have_server3 ne "yes" and $do_server3 ne ""}
logging $do_server3

 

 

All Script:

Script-Filter:
    $vendor eq "Cisco" and $sysdescr like /IOS/
######################
Script-Variables:
	$add_server1		boolean		on
	$syslog_server1		string		"Entre com IP do syslog aqui"
	$add_server2		boolean		on
	$syslog_server2		string		"Entre com IP do syslog aqui"
	$add_server3		boolean		on
	$syslog_server3		string		"Entre com IP do syslog aqui"
	$disable_issues		boolean
	$enable_changes		boolean

#########################################################################
Action:
	Determine Changes To Make

Action-Description:
	If one of these	are not set the script will not do anything. 

Action-Commands:
	SET: $runscript = "no"
	SET: $nofireissue = "no"
	SET: $do_server1 = ""
	SET: $do_server2 = ""
	SET: $do_server3 = ""

Action-Commands: { $disable_issues eq "on" }
	SET: $nofireissue = "yes"

Action-Commands: { $add_server1 eq "on" and $syslog_server1 not like /Entre com IP do syslog aqui/ }
	SET: $do_server1 = $syslog_server1
	SET: $runscript = "yes"

Action-Commands: { $add_server2 eq "on" and $syslog_server2 not like /Entre com IP do syslog aqui/ }
	SET: $do_server2 = $syslog_server2
	SET: $runscript = "yes"

Action-Commands: { $add_server3 eq "on" and $syslog_server3 not like /Entre com IP do syslog aqui/ }
	SET: $do_server3 = $syslog_server3
	SET: $runscript = "yes"
#########################################################################
Action:
	Set Have Server

Action-Description:
	Only set haveserver


Action-Commands:
	SET: $have_server1 = ""
	SET: $have_server2 = ""
	SET: $have_server3 = ""

#########################################################################
Action:
	Check Initial Config

Action-Description:
	If have loggin, check it here

Action-Filter:
	$runscript ne "no"

Action-Commands:
	terminal length 0
	show run | include logging

Output-Triggers:
	Find Log Server initial
#########################################################################
Trigger:
	Find Log Server initial

Trigger-Description:
	This trigger matches initial logging servers

Trigger-Variables:
	$serverinitial		/\S+/

Trigger-Template:
	logging [[$serverinitial]]

Trigger-Commands: { $serverinitial eq $do_server1 }
	SET: $have_server1 = "yes"

Trigger-Commands: { $serverinitial eq $do_server2 }
	SET: $have_server2 = "yes"

Trigger-Commands: { $serverinitial eq $do_server3 }
	SET: $have_server3 = "yes"
#########################################################################
Action:
    Add SYSLOG to Routers and Switches

Action-Filter:
	$runscript ne "no" and 
	($have_server1 eq "" or $have_server2 eq "" or $have_server3 eq "")

Action-Commands: {$enable_changes eq "on"}
    config t

Action-Commands: { $have_server1 ne "yes" and $do_server1 ne ""}
	logging $do_server1

Action-Commands: { $have_server2 ne "yes" and $do_server2 ne ""}
	logging $do_server2

Action-Commands: { $have_server3 ne "yes" and $do_server3 ne ""}
	logging $do_server3

Action-Commands: 
    end
    SET: $config_changed = "yes"
#########################################################################
Action:
	Check Settings

Action-Description:
	If config was changed, check it here.

Action-Filter:
	$runscript ne "no" and $config_changed eq "yes"

Action-Commands:
	terminal length 0
	show run | include logging

Output-Triggers:
	Find Log Servers
	Failed To Update Log Settings
#########################################################################
Trigger:
	Find Log Servers

Trigger-Description:
	This trigger matches logging servers

Trigger-Variables:
	$server		/\S+/
	
Trigger-Template:
	logging [[$server]]

Trigger-Commands: { $server eq $do_server1 }
	SET: $have_server1 = "yes"

Trigger-Commands: { $server eq $do_server2 }
	SET: $have_server2 = "yes"

Trigger-Commands: { $server eq $do_server3 }
	SET: $have_server3 = "yes"
#########################################################################
Issue:
	Failed To Update Log Settings

Issue-ID:
	IOSLogSettingsFail

Issue-Severity:
	Error

Issue-Description:
	Updated logging settings not found in the running config.

Issue-Filter:
	$nofireissue ne "yes" and
	($do_server1 ne "" and $have_server1 ne "yes") or
	($do_server2 ne "" and $have_server2 ne "yes") or
	($do_server3 ne "" and $have_server3 ne "yes")

Issue-Details:
	Host		$IPAddress
	Name		$Name

#########################################################################
Action:
	Save Changes

Action-Description:
	If any changes were made, write to NVRAM.

Action-Filter:
	$runscript ne "no" and $config_changed eq "yes" and
	($do_server1 ne "" and $have_server1 eq "yes") or
	($do_server2 ne "" and $have_server2 eq "yes") or
	($do_server3 ne "" and $have_server3 eq "yes")

Action-Commands: { $enable_changes eq "on" }
	write memory
	SET: $saved_changes = "yes"
	
Action-Commands: { $enable_changes eq "off" }
	DEBUG:write memory
	SET: $saved_changes = "yes"
	
Output-Triggers:
	Log Settings Update Succeeded

#########################################################################
#########################################################################
Issue:
	Log Settings Update Succeeded

Issue-ID:
	IOSLogSettingsSuccess

Issue-Severity:
	Info

Issue-Description:
	Log settings were updated and configuration saved.

Issue-Filter:
	$saved_changes eq "yes" and $nofireissue ne "yes" and
	($do_server1 ne "" and $have_server1 eq "yes") or
	($do_server2 ne "" and $have_server2 eq "yes") or
	($do_server3 ne "" and $have_server3 eq "yes")

Issue-Details:
	Host		$IPAddress
	Name		$Name

#########################################################################
##                            End of Script                            ##
#########################################################################

 

here a image:

messagem

Re: Script for change syslog don't work - cisco

Adviser
Posts: 373
2473     0

Check this CCS script out

###########################################################################
## Export of Script: Fix Logging
## Script-Level: 3
## Script-Category: 
###########################################################################

Script:
        Fix Logging

Script-Description:
	Fix policy violations in the the logging section

Script-Filter:
$Vendor eq "Cisco" and $SysDescr like /IOS/

Script-Variables:

# NOTE - Enter the required data data first.

$Required_Trap_Level string "Enter the required logging trap level here"
$Required_Buffer_Size string "Enter the required size of the logging buffer here"
$Required_Buffered_Level string "Enter the required logging buffered level here"
$Required_History_Level string "Enter the required logging history level here"

# NOTE - Optionally fix one or both logging and trap sections and optionally remove non-standard logging statements

# Remove unauthorized logging statements
$Remove_Logging boolean 

# Fix the logging trap section
$Fix_Logging_Trap_Section boolean 

# Fix the logging buffered section
$Fix_Logging_Buffered_Section boolean

#Fix the logging history section
$Fix_Logging_History_Section boolean


#######################
 
Action:
Get Logging
 
Action-Description:
This first action gathers up the list of current logging statements in the running config and initialized variables to be used in the script. 
 
Action-Commands:
SET: $UpdateMade = "no"
SET: $LogRemoved = "no"
SET: $GotLog1 = "no"
SET: $GotLog2 = "no"
SET: $GotLog3 = "no"
SET: $GotTrap = "no"
SET: $GotHistory = "no"
SET: $GotLogBuff = "no"
SET: $Update_Logging_Trap_Required = "no"
SET: $Update_Logging_Buffered_Required = "no"
SET: $Update_Logging_History_Required = "no"
 
sho run | inc logging
 
Output-Triggers:
Check Trap
Check Buffered
Check History
Check Log1
Check Log2
Check Log3
Remove Logging

########################
 
Trigger:
Check Trap

Trigger-Variables:
$Trap_Level string

Trigger-Template:
logging trap [[$Trap_Level]]
 
Trigger-Commands:
SET: $GotTrap = "yes"
 
#########################

Trigger:
Check Buffered

Trigger-Variables:
$Buffer_Size integer
$Buffered_Level string

Trigger-Template:
logging buffered [[$Buffer_size]] [[$Buffered_Level]]
 
Trigger-Commands:
SET: $GotLogBuff = "yes"

############################
 
Trigger:
Check History

Trigger-Variables:
$History_Level string

Trigger-Template:
logging history [[$History_Level]]
 
Trigger-Commands:
SET: $GotHistory = "yes"

############################
Trigger:
Check Log1
 
Trigger-Description:
This section looks for the existence of the required logging statements that belong in each config. One Trigger for each.
 
 
Trigger-Template:
logging 10.132.200.20
 
Trigger-Commands:
SET: $GotLog1 = "yes"
 
############################
 
Trigger:
Check Log2
 
Trigger-Description:
This section looks for the existence of the required logging statements that belong in each config. One Trigger for each.
 
 
Trigger-Template:
logging 10.132.200.32
 
Trigger-Commands:
SET: $GotLog2 = "yes"

############################

Trigger:
Check Log3
 
Trigger-Description:
This section looks for the existence of the required logging statements that belong in each config. One Trigger for each.
 
 
Trigger-Template:
logging 10.99.8.32
 
Trigger-Commands:
SET: $GotLog3 = "yes"

############################

Trigger:
Remove Logging

Trigger-Description:
This section will remove any logging destinations that are not the three standard destinations.

Trigger-Filter:
$Remove_Logging eq "on"
 
Trigger-Variables:
$Logaddr ipaddress
 
Trigger-Template:
logging [[$Logaddr]]

# Remove any logging destinations that are not part of the customer policy.
 
Trigger-Commands: {$Logaddr not in ["10.132.200.32","10.132.200.20","10.99.8.32"] and $UpdateMade eq "no"}
 
config t
 
Trigger-Commands: {$Logaddr not in ["10.132.200.32","10.132.200.20","10.99.8.32"]}
no logging $Logaddr
SET: $UpdateMade = "yes"
SET: $LogRemoved = "yes"
 
###########################

Action:
Determine Changes

Action-Description:
This section will set variables used in the Add Missing Data Action to determine if anything needs to be changed.  

# This sets a variable if current trap level doesn't match the required variable set in the script filter.
  
Action-Commands: {($Required_Trap_Level ne $Trap_Level) and ($Fix_Logging_Trap_Section eq "on")}
SET: $Update_Trap_Required = "yes" 

Action-Commands: {($Required_History_Level ne $History_Level) and ($Fix_Logging_History_Section eq "on")}
SET: $Update_Logging_History_Required = "yes" 

Action-Commands: {(($Required_Buffered_Level ne $Buffered_Level) or ($Required_Buffer_Size ne $Buffer_Size)) and ($Fix_Logging_Buffered_Section eq "on")}
SET: $Update_Logging_Buffered_Required = "yes" 


##########################
Action:
Add missing data

# If any of the checks above have not matched and changed their variable to "yes", we will enter config mode to add missing statements.

Action-Commands:{$UpdateMade eq "no" and ($Update_Trap_Required eq "yes" or $Update_Logging_History_Required eq "yes" or $Update_Logging_Buffered_Required = "yes" or $GotLog1 eq "no" or $GotLog2 eq "no" or $GotLog3 eq "no")}
config t

# Each action statement below is filtered and will only run if the "fix" is selected in the script 
# and the check for the existence of the line wasn't successful. 

Action-Commands:{$Update_Trap_Required eq "yes" and $Fix_Logging_Trap_Section eq "on"}
logging trap $Required_Trap_Level
SET: $UpdateMade = "yes"

Action-Commands:{$Update_Logging_Buffered_Required eq "yes" and $Fix_Logging_Buffered_Section eq "on"}
logging buffered $Required_Buffer_Size $Required_Buffered_Level
SET: $UpdateMade = "yes"

Action-Commands:{$Update_Logging_History_Required eq "yes" and $Fix_Logging_History_Section eq "on"}
logging history $Required_History_Level
SET: $UpdateMade = "yes"

Action-Commands:{$GotLog1 eq "no"}
logging 10.132.200.20
SET: $UpdateMade = "yes"
 
Action-Commands:{$GotLog2 eq "no"}
logging 10.132.200.32
SET: $UpdateMade = "yes"

Action-Commands:{$GotLog3 eq "no"}
logging 10.99.8.32
SET: $UpdateMade = "yes"

# Update other Customer-Specific Logging sections that do not need to be checked before entering them. These will only run if other changes on the box are required.

Action-Commands:{$UpdateMade eq "yes"}
logging console critical
SET: $UpdateMade = "yes"
 
##########################
 

Action:
End and Write Memory
 
Action-Commands:{$UpdateMade eq "yes"}
End
Write Mem

This one we wrote a few years ago Smiley Happy  It still works, I haven't had time to run or test yours myself figured I would share this one for you.

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Script for change syslog don't work - cisco

Expert
Posts: 228
2473     0

One thing to keep in mind is that the IOS syntax has changed over time.  So a logging server may be entered as:

  logging 1.2.3.4

    or

  logging host 1.2.3.4 <optional arguments>

 

Matching on "logging (host )? 1.2.3.4" will cover both.

Re: Script for change syslog don't work - cisco

BBarbosa
Techie
Posts: 13
2473     0

In case I'm testing, yes, it will cover all equipment.

However as can be seen in the image of the first POST, the "script" is stopping right after the "conf t"

Re: Script for change syslog don't work - cisco

Expert
Posts: 228
2473     0

The Process output doesn't look like it could have been produced by the script source above it.  The output shows an "exit" statement sent to the device but the script source shows an "end" command.  The word "exit" does not appear anywhere in the source.

What is shown in the Session Log?

 

Re: Script for change syslog don't work - cisco

BBarbosa
Techie
Posts: 13
2473     0

script.png

 

The netMRI does not send the logging <IP> command, it could not identify the reason!

Showing results for 
Search instead for 
Do you mean 

Recommended for You