Add Fortinet execute log display template (#1486)

Co-authored-by: pskliarenko <“[email protected]”>
networktocode · Jul 22, 2024 · a9273b8 · a9273b8
1 parent 5e78684
commit a9273b8
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 0 deletions.
diff --git a/ntc_templates/templates/fortinet_execute_log_display.textfsm b/ntc_templates/templates/fortinet_execute_log_display.textfsm
@@ -0,0 +1,19 @@
+Value LOGS_FOUND (\d+)
+Value LOGS_RETURNED (\d+)
+Value LOGS_SEARCHED (\d+(?:\.\d+)?)
+Value MESSAGE_NUMBER (\d+)
+Value YEAR (\d{4})
+Value MONTH (\d{2})
+Value DAY (\d{2})
+Value HOUR (\d{2})
+Value MINUTE (\d{2})
+Value SECOND (\d{2})
+Value MESSAGE (.+?)
+
+Start
+  ^\s*${LOGS_FOUND}\s+logs\s+found\.\s*$$
+  ^\s*${LOGS_RETURNED}\s+logs\s+returned\.\s*$$
+  ^\s*${LOGS_SEARCHED}%\s+of\s+logs\s+has\s+been\s+searched\.\s*$$
+  ^\s*${MESSAGE_NUMBER}:\s+date=${YEAR}-${MONTH}-${DAY}\s+time=${HOUR}:${MINUTE}:${SECOND}\s+${MESSAGE}\s*$$ -> Record
+  ^\s*$$
+  ^. -> Error
diff --git a/ntc_templates/templates/index b/ntc_templates/templates/index
@@ -584,6 +584,7 @@ fortinet_get_hardware_nic_nic-name.textfsm, .*, fortinet, g[[et]] hard[[ware]] n
 fortinet_execute_dhcp_lease-list.textfsm, .*, fortinet, exec[[ute]] dhcp lease-l[[ist]]
 fortinet_get_system_ha_status.textfsm, .*, fortinet, g[[et]] sy[[stem]] ha s[[tatus]]
 fortinet_get_system_interface.textfsm, .*, fortinet, g[[et]] sy[[stem]] in[[terface]]
+fortinet_execute_log_display.textfsm, .*, fortinet, exec[[ute]] l[[og]] di[[splay]]
 fortinet_fnsysctl_ifconfig.textfsm, .*, fortinet, fnsysctl ifconfig
 fortinet_get_system_status.textfsm, .*, fortinet, g[[et]] sy[[stem]] stat[[us]]
 fortinet_diagnose_sys_top.textfsm, .*, fortinet, d[[iagnose]] sy[[s]] top

diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display.raw b/tests/fortinet/execute_log_display/fortinet_execute_log_display.raw
@@ -0,0 +1,9 @@
+2492 logs found.
+10 logs returned.
+5.8% of logs has been searched.
+
+1: date=2023-08-10 time=19:41:18 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685678378886140 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=51753 srcintf="Vlan10" srcintfrole="lan" dstip=192.168.211.2 dstport=69 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=27409697 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="TFTP" trandisp="noop" duration=1805 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0
+
+2: date=2023-08-10 time=19:40:47 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685647648897600 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=46212 srcintf="Vlan10" srcintfrole="lan" dstip=192.168.211.2 dstport=69 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=27408109 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="TFTP" trandisp="noop" duration=1804 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0
+
+3: date=2023-08-10 time=19:40:28 logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685628534615260 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=5060 srcintf="Vlan10" srcintfrole="lan" dstip=10.18.253.10 dstport=5060 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=1920 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="SIP" trandisp="noop" duration=1506311 sentbyte=12959083 rcvdbyte=16082785 sentpkt=27800 rcvdpkt=27778 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" sentdelta=890 rcvddelta=1158 srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0
diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml
@@ -0,0 +1,66 @@
+---
+parsed_sample:
+  - day: "10"
+    hour: "19"
+    logs_found: "2492"
+    logs_returned: "10"
+    logs_searched: "5.8"
+    message: "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\
+      \ vd=\"root\" eventtime=1691685678378886140 tz=\"+0300\" srcip=10.18.158.26\
+      \ srcname=\"SPA112\" srcport=51753 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=192.168.211.2\
+      \ dstport=69 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\
+      Reserved\" dstcountry=\"Reserved\" sessionid=27409697 proto=17 action=\"accept\"\
+      \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\
+      \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"TFTP\" trandisp=\"noop\"\
+      \ duration=1805 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn=\"Tu-Hub01-Main\"\
+      \ vpntype=\"ipsec-static\" appcat=\"unscanned\" srchwvendor=\"Cisco\" devtype=\"\
+      IP Phone\" srcfamily=\"ATA\" srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\"\
+      \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0"
+    minute: "41"
+    month: "08"
+    message_number: "1"
+    second: "18"
+    year: "2023"
+  - day: "10"
+    hour: "19"
+    logs_found: ""
+    logs_returned: ""
+    logs_searched: ""
+    message: "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\
+      \ vd=\"root\" eventtime=1691685647648897600 tz=\"+0300\" srcip=10.18.158.26\
+      \ srcname=\"SPA112\" srcport=46212 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=192.168.211.2\
+      \ dstport=69 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\
+      Reserved\" dstcountry=\"Reserved\" sessionid=27408109 proto=17 action=\"accept\"\
+      \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\
+      \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"TFTP\" trandisp=\"noop\"\
+      \ duration=1804 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn=\"Tu-Hub01-Main\"\
+      \ vpntype=\"ipsec-static\" appcat=\"unscanned\" srchwvendor=\"Cisco\" devtype=\"\
+      IP Phone\" srcfamily=\"ATA\" srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\"\
+      \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0"
+    minute: "40"
+    month: "08"
+    message_number: "2"
+    second: "47"
+    year: "2023"
+  - day: "10"
+    hour: "19"
+    logs_found: ""
+    logs_returned: ""
+    logs_searched: ""
+    message: "logid=\"0000000020\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\
+      \ vd=\"root\" eventtime=1691685628534615260 tz=\"+0300\" srcip=10.18.158.26\
+      \ srcname=\"SPA112\" srcport=5060 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=10.18.253.10\
+      \ dstport=5060 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\
+      Reserved\" dstcountry=\"Reserved\" sessionid=1920 proto=17 action=\"accept\"\
+      \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\
+      \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"SIP\" trandisp=\"noop\"\
+      \ duration=1506311 sentbyte=12959083 rcvdbyte=16082785 sentpkt=27800 rcvdpkt=27778\
+      \ vpn=\"Tu-Hub01-Main\" vpntype=\"ipsec-static\" appcat=\"unscanned\" sentdelta=890\
+      \ rcvddelta=1158 srchwvendor=\"Cisco\" devtype=\"IP Phone\" srcfamily=\"ATA\"\
+      \ srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\" srcmac=\"50:67:ae:f0:6c:80\"\
+      \ srcserver=0"
+    minute: "40"
+    month: "08"
+    message_number: "3"
+    second: "28"
+    year: "2023"
diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw
@@ -0,0 +1,2 @@
+0 logs found.
+0 logs returned.
diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml
@@ -0,0 +1,13 @@
+---
+parsed_sample:
+  - day: ""
+    hour: ""
+    logs_found: "0"
+    logs_returned: "0"
+    logs_searched: ""
+    message: ""
+    minute: ""
+    month: ""
+    message_number: ""
+    second: ""
+    year: ""