def Audit():
## Parse the config
parse = CiscoConfParse('conf.txt')
for i in range(25):
## Add a new switchport at the bottom of the config...
parse.append_line('interface FastEthernet0/' + str(i))
parse.append_line(' switchport')
parse.append_line(' switchport mode access')
parse.append_line('!')
parse.commit() # commit() **must** be called before searching again
## Search and standardize the interfaces...
standardize_intfs(parse)
parse.commit() # commit() **must** be called before searching again
## I'm illustrating regular expression usage in has_line_with()
if not parse.has_line_with(r'^service\stimestamp'):
## prepend_line() adds a line at the top of the configuration
parse.prepend_line(
'service timestamps debug datetime msec localtime show-timezone')
parse.prepend_line(
'service timestamps log datetime msec localtime show-timezone')
## Write the new configuration
parse.save_as('conf3.txt')
has_stormcontrol = intf.has_child_with(r' storm-control broadcast')
is_switchport_access = intf.has_child_with(r'switchport mode access')
is_switchport_trunk = intf.has_child_with(r'switchport mode trunk')
## Add missing features
if is_switchport_access and (not has_stormcontrol):
intf.append_to_family(' storm-control action trap')
intf.append_to_family(' storm-control broadcast level 0.4 0.3')
## Remove dot1q trunk misconfiguration...
elif is_switchport_trunk:
intf.delete_children_matching('port-security')
intf.delete_children_matching('nonegotiate') #cust request 1
## Parse the configs
parse = CiscoConfParse('ios_audit.conf') # this is our input file
## Search and standardize the interfaces...
standardize_intfs(parse)
parse.commit() # commit() **must** be called before searching again
## regular expression usage in has_line_with() to find if the config has a matching line
if not parse.has_line_with(r'^service\stimestamp'):
## prepend_line() adds a line at the top of the configuration
parse.prepend_line('service timestamps debug datetime msec localtime show-timezone')
parse.prepend_line('service timestamps log datetime msec localtime show-timezone')
parse.prepend_line('this config was hacked by Robert')
## Write the new configuration
#customization request: make it output to .conf.new2
parse.save_as('ios_audit.conf.new2')
elif is_switchport_trunk or has_switchport_negotiate:
#use two if statement to only remove the oone it finds
if is_switchport_trunk:
intf.delete_children_matching('port-security')
if has_switchport_negotiate:
intf.delete_children_matching('negotiate')
## Parse the config
parse = CiscoConfParse('ios_audit.conf') # this is our input file
## Search and standardize the interfaces...
standardize_intfs(parse)
parse.commit() # commit() **must** be called before searching again
## regular expression usage in has_line_with() to find if the config has a matching line
if not parse.has_line_with(r'^service\stimestamp'):
## prepend_line() adds a line at the top of the configuration
parse.prepend_line(
'service timestamps debug datetime msec localtime show-timezone')
parse.prepend_line(
'service timestamps log datetime msec localtime show-timezone')
#Add name to the top of the file
if not parse.has_line_with(r'^config by: '):
user = argv[1]
parse.prepend_line('Config by: ' + str(user))
## Write the new configuration
parse.save_as('ios_audit.conf.new2')
## Add missing commands
if is_switchport_access and (not has_stormcontrol):
intf.append_to_family(' storm-control action trap')
intf.append_to_family(' storm-control broadcast level 0.4 0.3')
## remove dot1q trunk misconfiguration
elif is_switchport_trunk:
intf.delete_children_matching('port-security')
## Parse the config
parse = CiscoConfParse('switch.conf')
## Add a new switchport at the bottom of the config...
parse.append_line('interface GigabitEthernet1/0')
parse.append_line(' switchport')
parse.append_line(' switchport mode access')
parse.append_line('!')
parse.commit ()
## Search and standardize the interfaces
standardize_interfaces(parse)
parse.commit()
## Add a line to the top of the config if not already there.
if not parse.has_line_with(r'^service\stimestamp'):
parse.prepend_line('service timestamps debug datetime msec localtime show-timezone')
parse.prepend_line('service timestamps log datetime msec localtime show-timezone')
## Wrtite the config file now...
parse.save_as('switch.conf.new')
def main():
confparse = CiscoConfParse(config.USER_CONFIG)
cfgdiffs = CiscoConfParse([])
for template in config.TEMPLATES:
template_dict = load_template(template)
template_name = template_dict["TEMPLATE_NAME"]
template_type = template_dict["TEMPLATE_TYPE"]
print(f'{Fore.BLUE}VERIFYING TEMPlATE: ' + template_name)
print(f'**************************************{Style.RESET_ALL}')
for template_section in template_dict["SECTIONS"]:
regex_pattern = template_section["SECTION_REGEX"]
sub_regex_patterns = template_section["LINES"]
section_name = template_section["NAME"]
#regex_pattern = template_dict["SECTION_REGEX"]
#sub_regex_patterns = template_dict["LINES"]
print(f'{Fore.GREEN}-VERIFYING SECTION: {Fore.CYAN}' + section_name + f'{Style.RESET_ALL}')
## Find all matching sections (multi line objects)
objects = confparse.find_objects(regex_pattern)
## Verify first if the whole section is missing
if len(objects) == 0:
cfgdiffs.append_line(f'{Fore.RED} -> MISSING WHOLE SECTION:')
cfgdiffs.append_line(f'{Fore.RED} ' + regex_pattern)
for subregex in sub_regex_patterns:
cfgdiffs.append_line(" " + subregex)
is_valid = False
if (is_valid == False):
for line in cfgdiffs.ioscfg:
print(f'{Fore.RED}' + line + f'{Style.RESET_ALL}')
cfgdiffs = CiscoConfParse([])
## If the section is there, verify if some parts are missing
else:
for object in objects:
is_valid = True
## Mark that some lines are missing if we ever have to print that object
cfgdiffs.append_line(f'{Fore.RED} -> MISSING OR DIFFERENTLY CONFIGURED LINES')
cfgdiffs.append_line(f' ' + object.text + f'{Style.RESET_ALL}')
## Search children of the object
for subregex in sub_regex_patterns:
if not (object.re_search_children(subregex)):
cfgdiffs.append_line(" " + subregex)
is_valid = False
if(is_valid==False):
for line in cfgdiffs.ioscfg:
print(f'{Fore.RED}' + line + f'{Style.RESET_ALL}')
else:
print(f'{Fore.GREEN} -> SUCCESS - CONFIG SECTION: ' + template_name + ' FOR OBJECT: ' + object.text + f'{Style.RESET_ALL}')
#Reset cfgdiffs for next object
cfgdiffs = CiscoConfParse([])
## Find all single line objects
if(template_type=='SINGLE_LINE_AND_MULTI_SECTION'):
is_valid = True
print(f'{Fore.GREEN}-VERIFYING GENERAL LINES: {Style.RESET_ALL}')
regex_patterns = template_dict["SINGLE_LINE_REGEXES"]
for line in regex_patterns:
if not confparse.has_line_with(line):
print(f'{Fore.RED} -> MISSING OR DIFFERENTLY CONFIGURED LINES: ' + line + f'{Style.RESET_ALL}')
is_valid = False
if (is_valid==True):
print(f'{Fore.GREEN} -> SUCCESS - GENERAL CONFIG PARTS: ' + template_name + f'{Style.RESET_ALL}')
print(f'{Fore.BLUE}*****************END*********************{Style.RESET_ALL}\n')
from ciscoconfparse.ccp_util import IPv4Obj
if __name__ == "__main__":
# the result dictionary
result = {"features": [], "interfaces": {}}
# create CiscoConfParse object using a configuration file stored in the
# same directory as the script
confparse = CiscoConfParse("example_config.txt")
# check if OSPF is used as the routing protocol
# the following regex_pattern matches only the "router ospf <process-id>" command (no VRFs)
ospf_regex_pattern = r"^router ospf \d+$"
# in this case, we will simply check that the ospf router command is part of the config
is_ospf_in_use = confparse.has_line_with(ospf_regex_pattern)
if is_ospf_in_use:
print("==> OSPF is used in this configuration")
result["features"].append("ospf")
else:
print("==> OSPF is not used in this configuration")
# extract the interface name and description
# first, we get all interface commands from the configuration
interface_cmds = confparse.find_objects(r"^interface ")
# iterate over the resulting IOSCfgLine objects
for interface_cmd in interface_cmds:
# get the interface name (remove the interface command from the configuration line)
intf_name = interface_cmd.text[len("interface "):]
# the result dictionary
result = {
"features": [],
"interfaces": {}
}
# create CiscoConfParse object using a configuration file stored in the
# same directory as the script
confparse = CiscoConfParse("example_config.txt")
# check if OSPF is used as the routing protocol
# the following regex_pattern matches only the "router ospf <process-id>" command (no VRFs)
ospf_regex_pattern = r"^router ospf \d+$"
# in this case, we will simply check that the ospf router command is part of the config
is_ospf_in_use = confparse.has_line_with(ospf_regex_pattern)
if is_ospf_in_use:
print("==> OSPF is used in this configuration")
result["features"].append("ospf")
else:
print("==> OSPF is not used in this configuration")
# extract the interface name and description
# first, we get all interface commands from the configuration
interface_cmds = confparse.find_objects(r"^interface ")
# iterate over the resulting IOSCfgLine objects
for interface_cmd in interface_cmds:
# get the interface name (remove the interface command from the configuration line)
intf_name = interface_cmd.text[len("interface "):]
)
shutdown_intfs = orig_config.find_parents_w_child(parentspec=r"^interface",
childspec='shutdown')
pprint(shutdown_intfs)
# EX2: Does this configuration has a router
from ciscoconfparse import CiscoConfParse
from pprint import pprint
orig_config = CiscoConfParse(
"/media/bassim/DATA/GoogleDrive/Packt/EnterpriseAutomationProject/Chapter5_Extract_useful_data_from_network_devices/Cisco_Config.txt"
)
check_router = orig_config.has_line_with(r"^router")
pprint(check_router)
# --
from ciscoconfparse import CiscoConfParse
orig_config = CiscoConfParse(
"/media/bassim/DATA/GoogleDrive/Packt/EnterpriseAutomationProject/Chapter5_Extract_useful_data_from_network_devices/Cisco_Config.txt"
)
print orig_config.has_line_with("^aaa new-model")
# EX3: Does OSPF enabled? if yes then find advertised networks
from ciscoconfparse import CiscoConfParse
from pprint import pprint
#!/usr/bin/python
__author__ = "Melih TEKE"
__EMAIL__ = "*****@*****.**"
from netmiko import ConnectHandler
from ciscoconfparse import CiscoConfParse
from pprint import pprint
iosv_l2_s1 = {
'device_type': 'cisco_ios',
'ip': '192.168.178.65',
'username': '******',
'password': '******',
}
net_connect = ConnectHandler(**iosv_l2_s1)
output = net_connect.send_command('show runn')
print(output)
with open("output.txt", "w") as f:
f.write(output)
f.close()
parsed_config = CiscoConfParse("output.txt")
if parsed_config.has_line_with(r"^router ospf"):
ospf_config = parsed_config.find_all_children(r"^router ospf")
pprint(ospf_config)
