Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

Network Change & Configuration Management

Reply
Highlighted

Some basic Scripting help please (for triggered events)

Techie
Posts: 13
2888     0

I am reading the NetMRI User Documentation (the online help on the appliance) and also the "NetMRI CCS supplement" which I find most useful, however I would really appreciate a small piece of help with triggering corrective action.  So far my attempts to do this have been unsuccessful and I believe that I would understand it more easily if I could have a small example from which to work.  Would anybody be able to kindly provide this?

For example:
The script should be able to log in to our Cisco devices (we'll stick to one vendor as multi-vendor script should be easy to derive once I have a working example!) then check the output of "show run" to see if "service password-encryption" is set.  If it is not set it should report or list the exception (maybe using the ARCHIVE keyword) and then take corrective action by executing the cli commands:


conf t
service password-encryption
exit
wr mem

Thanks in advance of any help / pointers!

- Daren

Highlighted

Re: Some basic Scripting help

Authority
Posts: 39
2888     0

If you are going to check a configuration, might I suggest using policies instead of a CCS script?

I'll explain both methods.

But first the CCS script that will correct the configuration as both methods can use that script.

Script-Filter:
    $vendor eq "Cisco"
    and $sysDescr like /IOS/

###############################    
Action:
    Correct encryption

Action-Commands:
    conf t
    service password-encryption
    end
    wr mem

If you want to check via a CSS script you'll first have to create a custom issue with some columns.

Then you can create the CSS script that will verify the config and raise an issue if the encryption is not OK :

Script-Filter:
    $Vendor eq "Cisco"

################################
Action:
    Init

Action-Commands:
    SET: $encryptionOK = "off"

################################

Action:
    Detect password encryption

Action-commands:
    sh run | include service password-encryption

Output-Triggers:
    Set Encryption
    Encryption Issue
###############################
Trigger:
    Set Encryption

Trigger-Variables:
    $Temp    /service/

Trigger-Template:
    (^)[[$Temp]] password-encryption

Trigger-Commands:
    SET: $encryptionOK = "on"

###########################################
Issue:
    Encryption Issue

Issue-ID:
    someIssue

Issue-Severity:
    Info

Issue-Filter:
    $encryptionOK eq "off"

Issue-Details:
    Host                $IPAddress
    Name                $Name

Then you can create a triggered job that will launch the first script whenever the issue is raised.

 

If you want to use policies to regularly check the config and correct it, you have to create a simple rule that will check if the line exists.

Connect that rule to a policy and define a triggered job that will launch the first script whenever the policy rule fails.

 

Highlighted

Re: Some basic Scripting help

Techie
Posts: 13
2888     0

Thank you StefNighthawk - I think I nearly get this but after two days it remains a struggle I have to say.

Having this a Policy would be good but my attempts at that failed.  So I tried the CCS script method that you kindly provided - where the second script checks for the presence of service password-encryption - then calls the first script if it is not set.  (see scripts in the txt file attached)

I tried to "glue" them together (I think) with a Custom Issue but I wan't at all sure whether I was doing this correctly.  I could see what the "Detail Columns" (IPAddress, string) were doing.

I presevered but I'm afraid I haven't got this to work yet.  I'm sure that more experience users wold find this simple but I am struggling to understand it myself so I appreciate any help!
 

Showing results for 
Search instead for 
Do you mean 

Recommended for You