Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Network Change & Configuration Management

Reply

Simple NetMRI script to get Cisco ASA configs

superwave33
Techie
Posts: 4
5299     0

Hi,

 

   I would like to create a simple script that connects to a Cisco ASA via SSH to download the output of a "sh ver" command for example. Although not necessary, I would like it to get the info from the enable mode.

 

Can anyone help please?

 

Thank you

Re: Simple NetMRI script to get Cisco ASA configs

Adviser
Posts: 408
5300     0

Action:

Get Show Ver

 

Action-Commands:

ARCHIVE ($ipaddress-sh-ver): show ver

 

 

The ARCHIVE directive is used to save the output of a script command to a file which can later be retrieved, either for archiving or for external processing.  To do this, just put ARCHIVE: in front of any line from your script’s Action-Commands or Trigger-Commands section:
 
Action-Commands:

ARCHIVE: sh ver

The default filename is <DeviceID>-<Index>.log.  If ARCHIVE is used more than once in the same script (as in a Trigger that gets executed multiple times), the <Index> value will be incremented so each command gets logged to a separate file. 

When the job has completed, the log file(s) for a given device can be retrieved from the GUI by going to the “Files” tab in the Job Details Viewer

 

 

https://community.infoblox.com/t5/Network-Change-Configuration/Export-logfile-at-the-end-of-script/m...

 

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Simple NetMRI script to get Cisco ASA configs

Authority
Posts: 21
5300     0

Hi Sif,

Is any chance to put archived (ARCHIVE ($ipaddress-sh-ver): show ver) configuration in script to place where are stored all configuration collected by NetMRI? I'd like to use script to collect configuration for ASA context (without direct access to it - using changto and show run command), next archive this configuration and next allow standard users to see it via device viewer-> configuration management - >config explorer?

Thank You for any tips

Dariusz

 

 

 

 

Re: Simple NetMRI script to get Cisco ASA configs

Adviser
Posts: 408
5300     0

Open a case with Support the NetMRI supports Virtual Context might be a bug.  Are you using a management IP address that has access to all the Virtual Context?

 

Sif


Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

Re: Simple NetMRI script to get Cisco ASA configs

Authority
Posts: 21
5300     0

Hi,

The response from the case is that every context has to have its independend management interface. My client uses only one mgmt interface to log in to admin context and next uses "change to " command to switch between other contexts (Many products for fw management use this scenario). I know that creating independend interfaces for mgmt for each individual context is not realistic scenario in client company. I'm looking for workaround how to backup config for all contexts. The best sollution will be when NetMRI will start to use "change to" command but there are no will for it. The second option is CCS script but config files are not accessible via config explorer and policy checks are not performed after change detection. Maybe is way to collect config via CCS and put it into standard place ?

Thank You

Dariusz

Re: Simple NetMRI script to get Cisco ASA configs

Posts: 75
5300     0

You could just add on to what Sif recommeded.  First show a list of all the contexts.  Then from there save the list in a trigger template.  You may need to test the trigger template to make sure you are getting the match you want.  (There is a Regular Expression Text link at the top of your script window) Once you have the list of all the contexts, the trigger will switch to each context, do a sh run and then archive the information.  Then will switch back to the admin context.  Finally I would then export these files in the API to a secondary server where you are also storing the configuration archives.  Then it will be easily searchable.

 

Something like this: 

 

Action Commands:

conf t

show context

 

Output-Triggers:
Get Config

 

Trigger:
Get Config

 

Trigger-Variables:
$contextname word

Trigger-Template:
[[$contextname]] .* 

 

Trigger-Commands: 
switchto [[$contextname]]

ARCHIVE ($ipaddressshowversion.txt): sh ver

ARCHIVE ($ipaddressshowrunning.txt): show run

switchto admin

 

 

Re: Simple NetMRI script to get Cisco ASA configs

Authority
Posts: 21
5300     0

Susan,

Thank You for answer. I understand what you propose (this is the solution which is working now) but I need a little bit more. When configs are stored in external place then automatic compliance check aainst policy is not possible. Additionaly operations have to use two places for searching configs.

I'd like to check if is possible to import to NetMRI config file and store it as config revision.

Thank You

Dariusz

Re: Simple NetMRI script to get Cisco ASA configs

Posts: 75
5300     0

I see what you mean.  I haven't hear of NetMRI being able to import configuration files.

Re: Simple NetMRI script to get Cisco ASA configs

Adviser
Posts: 408
5300     0

We can do that now!

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh
Showing results for 
Search instead for 
Do you mean 

Recommended for You