From bde084a9da917bd338bcd2bb814aa129438f0fee Mon Sep 17 00:00:00 2001 From: pskliarenko <“pskliarenko@bsh.ru”> Date: Sun, 10 Sep 2023 22:33:48 +0400 Subject: [PATCH 1/3] Template + test --- .../fortinet_execute_log_display.textfsm | 19 ++++++ ntc_templates/templates/index | 1 + .../fortinet_execute_log_display.raw | 9 +++ .../fortinet_execute_log_display.yml | 66 +++++++++++++++++++ .../fortinet_execute_log_display_no_logs.raw | 2 + .../fortinet_execute_log_display_no_logs.yml | 13 ++++ 6 files changed, 110 insertions(+) create mode 100644 ntc_templates/templates/fortinet_execute_log_display.textfsm create mode 100644 tests/fortinet/execute_log_display/fortinet_execute_log_display.raw create mode 100644 tests/fortinet/execute_log_display/fortinet_execute_log_display.yml create mode 100644 tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw create mode 100644 tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml diff --git a/ntc_templates/templates/fortinet_execute_log_display.textfsm b/ntc_templates/templates/fortinet_execute_log_display.textfsm new file mode 100644 index 0000000000..6f3279f0e9 --- /dev/null +++ b/ntc_templates/templates/fortinet_execute_log_display.textfsm @@ -0,0 +1,19 @@ +Value LOGS_FOUND (\d+) +Value LOGS_RETURNED (\d+) +Value LOGS_SEARCHED (\d+(?:\.\d+)?) +Value MSG_NUM (\d+) +Value YEAR (\d{4}) +Value MONTH (\d{2}) +Value DAY (\d{2}) +Value HOUR (\d{2}) +Value MINUTE (\d{2}) +Value SECOND (\d{2}) +Value MESSAGE (.+?) + +Start + ^\s*${LOGS_FOUND}\s+logs\s+found\.\s*$$ + ^\s*${LOGS_RETURNED}\s+logs\s+returned\.\s*$$ + ^\s*${LOGS_SEARCHED}%\s+of\s+logs\s+has\s+been\s+searched\.\s*$$ + ^\s*${MSG_NUM}:\s+date=${YEAR}-${MONTH}-${DAY}\s+time=${HOUR}:${MINUTE}:${SECOND}\s+${MESSAGE}\s*$$ -> Record + ^\s*$$ + ^. -> Error diff --git a/ntc_templates/templates/index b/ntc_templates/templates/index index 3a5b516184..0d886e6038 100644 --- a/ntc_templates/templates/index +++ b/ntc_templates/templates/index @@ -485,6 +485,7 @@ fortinet_get_system_interface_physical.textfsm, .*, fortinet, g[[et]] sy[[stem]] fortinet_get_router_info_bgp_summary.textfsm, .*, fortinet, g[[et]] r[[outer]] info bg[[p]] su[[mmary]] fortinet_get_system_ha_status.textfsm, .*, fortinet, g[[et]] sy[[stem]] ha s[[tatus]] fortinet_get_system_interface.textfsm, .*, fortinet, g[[et]] sy[[stem]] in[[terface]] +fortinet_execute_log_display.textfsm, .*, fortinet, exec[[ute]] l[[og]] di[[splay]] fortinet_get_system_status.textfsm, .*, fortinet, g[[et]] sy[[stem]] stat[[us]] fortinet_get_system_arp.textfsm, .*, fortinet, g[[et]] sy[[stem]] arp diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display.raw b/tests/fortinet/execute_log_display/fortinet_execute_log_display.raw new file mode 100644 index 0000000000..e2ae914816 --- /dev/null +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display.raw @@ -0,0 +1,9 @@ +2492 logs found. +10 logs returned. +5.8% of logs has been searched. + +1: date=2023-08-10 time=19:41:18 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685678378886140 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=51753 srcintf="Vlan10" srcintfrole="lan" dstip=192.168.211.2 dstport=69 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=27409697 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="TFTP" trandisp="noop" duration=1805 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0 + +2: date=2023-08-10 time=19:40:47 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685647648897600 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=46212 srcintf="Vlan10" srcintfrole="lan" dstip=192.168.211.2 dstport=69 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=27408109 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="TFTP" trandisp="noop" duration=1804 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0 + +3: date=2023-08-10 time=19:40:28 logid="0000000020" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1691685628534615260 tz="+0300" srcip=10.18.158.26 srcname="SPA112" srcport=5060 srcintf="Vlan10" srcintfrole="lan" dstip=10.18.253.10 dstport=5060 dstintf="Tu-Hub01-Main" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=1920 proto=17 action="accept" policyid=17 policytype="policy" poluuid="764f657a-c0dd-51ec-9d9c-2374a4d1b1d4" policyname="Permit IP-Phones Vlan10 OUT" service="SIP" trandisp="noop" duration=1506311 sentbyte=12959083 rcvdbyte=16082785 sentpkt=27800 rcvdpkt=27778 vpn="Tu-Hub01-Main" vpntype="ipsec-static" appcat="unscanned" sentdelta=890 rcvddelta=1158 srchwvendor="Cisco" devtype="IP Phone" srcfamily="ATA" srchwversion="SPA112" mastersrcmac="50:67:ae:f0:6c:80" srcmac="50:67:ae:f0:6c:80" srcserver=0 diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml new file mode 100644 index 0000000000..436e9bca23 --- /dev/null +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml @@ -0,0 +1,66 @@ +--- +parsed_sample: + - day: "10" + hour: "19" + logs_found: "2492" + logs_returned: "10" + logs_searched: "5.8" + message: "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\ + \ vd=\"root\" eventtime=1691685678378886140 tz=\"+0300\" srcip=10.18.158.26\ + \ srcname=\"SPA112\" srcport=51753 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=192.168.211.2\ + \ dstport=69 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\ + Reserved\" dstcountry=\"Reserved\" sessionid=27409697 proto=17 action=\"accept\"\ + \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\ + \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"TFTP\" trandisp=\"noop\"\ + \ duration=1805 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn=\"Tu-Hub01-Main\"\ + \ vpntype=\"ipsec-static\" appcat=\"unscanned\" srchwvendor=\"Cisco\" devtype=\"\ + IP Phone\" srcfamily=\"ATA\" srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\"\ + \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0" + minute: "41" + month: "08" + msg_num: "1" + second: "18" + year: "2023" + - day: "10" + hour: "19" + logs_found: "" + logs_returned: "" + logs_searched: "" + message: "logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\ + \ vd=\"root\" eventtime=1691685647648897600 tz=\"+0300\" srcip=10.18.158.26\ + \ srcname=\"SPA112\" srcport=46212 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=192.168.211.2\ + \ dstport=69 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\ + Reserved\" dstcountry=\"Reserved\" sessionid=27408109 proto=17 action=\"accept\"\ + \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\ + \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"TFTP\" trandisp=\"noop\"\ + \ duration=1804 sentbyte=66 rcvdbyte=0 sentpkt=1 rcvdpkt=0 vpn=\"Tu-Hub01-Main\"\ + \ vpntype=\"ipsec-static\" appcat=\"unscanned\" srchwvendor=\"Cisco\" devtype=\"\ + IP Phone\" srcfamily=\"ATA\" srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\"\ + \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0" + minute: "40" + month: "08" + msg_num: "2" + second: "47" + year: "2023" + - day: "10" + hour: "19" + logs_found: "" + logs_returned: "" + logs_searched: "" + message: "logid=\"0000000020\" type=\"traffic\" subtype=\"forward\" level=\"notice\"\ + \ vd=\"root\" eventtime=1691685628534615260 tz=\"+0300\" srcip=10.18.158.26\ + \ srcname=\"SPA112\" srcport=5060 srcintf=\"Vlan10\" srcintfrole=\"lan\" dstip=10.18.253.10\ + \ dstport=5060 dstintf=\"Tu-Hub01-Main\" dstintfrole=\"undefined\" srccountry=\"\ + Reserved\" dstcountry=\"Reserved\" sessionid=1920 proto=17 action=\"accept\"\ + \ policyid=17 policytype=\"policy\" poluuid=\"764f657a-c0dd-51ec-9d9c-2374a4d1b1d4\"\ + \ policyname=\"Permit IP-Phones Vlan10 OUT\" service=\"SIP\" trandisp=\"noop\"\ + \ duration=1506311 sentbyte=12959083 rcvdbyte=16082785 sentpkt=27800 rcvdpkt=27778\ + \ vpn=\"Tu-Hub01-Main\" vpntype=\"ipsec-static\" appcat=\"unscanned\" sentdelta=890\ + \ rcvddelta=1158 srchwvendor=\"Cisco\" devtype=\"IP Phone\" srcfamily=\"ATA\"\ + \ srchwversion=\"SPA112\" mastersrcmac=\"50:67:ae:f0:6c:80\" srcmac=\"50:67:ae:f0:6c:80\"\ + \ srcserver=0" + minute: "40" + month: "08" + msg_num: "3" + second: "28" + year: "2023" diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw new file mode 100644 index 0000000000..2db4ba9561 --- /dev/null +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.raw @@ -0,0 +1,2 @@ +0 logs found. +0 logs returned. diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml new file mode 100644 index 0000000000..e71426901f --- /dev/null +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml @@ -0,0 +1,13 @@ +--- +parsed_sample: + - day: "" + hour: "" + logs_found: "0" + logs_returned: "0" + logs_searched: "" + message: "" + minute: "" + month: "" + msg_num: "" + second: "" + year: "" From cde7ecaf6ccf152e21e9b5303a3a5eede92e772e Mon Sep 17 00:00:00 2001 From: Jacob McGill <9847006+jmcgill298@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:29:29 -0400 Subject: [PATCH 2/3] Apply suggestions from code review --- .../templates/fortinet_execute_log_display.textfsm | 4 ++-- .../execute_log_display/fortinet_execute_log_display.yml | 6 +++--- .../fortinet_execute_log_display_no_logs.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ntc_templates/templates/fortinet_execute_log_display.textfsm b/ntc_templates/templates/fortinet_execute_log_display.textfsm index 6f3279f0e9..6899cdd43b 100644 --- a/ntc_templates/templates/fortinet_execute_log_display.textfsm +++ b/ntc_templates/templates/fortinet_execute_log_display.textfsm @@ -1,7 +1,7 @@ Value LOGS_FOUND (\d+) Value LOGS_RETURNED (\d+) Value LOGS_SEARCHED (\d+(?:\.\d+)?) -Value MSG_NUM (\d+) +Value MESSAGE_NUMER (\d+) Value YEAR (\d{4}) Value MONTH (\d{2}) Value DAY (\d{2}) @@ -14,6 +14,6 @@ Start ^\s*${LOGS_FOUND}\s+logs\s+found\.\s*$$ ^\s*${LOGS_RETURNED}\s+logs\s+returned\.\s*$$ ^\s*${LOGS_SEARCHED}%\s+of\s+logs\s+has\s+been\s+searched\.\s*$$ - ^\s*${MSG_NUM}:\s+date=${YEAR}-${MONTH}-${DAY}\s+time=${HOUR}:${MINUTE}:${SECOND}\s+${MESSAGE}\s*$$ -> Record + ^\s*${MESSAGE_NUMBER}:\s+date=${YEAR}-${MONTH}-${DAY}\s+time=${HOUR}:${MINUTE}:${SECOND}\s+${MESSAGE}\s*$$ -> Record ^\s*$$ ^. -> Error diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml index 436e9bca23..828b98dee6 100644 --- a/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display.yml @@ -18,7 +18,7 @@ parsed_sample: \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0" minute: "41" month: "08" - msg_num: "1" + message_number: "1" second: "18" year: "2023" - day: "10" @@ -39,7 +39,7 @@ parsed_sample: \ srcmac=\"50:67:ae:f0:6c:80\" srcserver=0" minute: "40" month: "08" - msg_num: "2" + message_number: "2" second: "47" year: "2023" - day: "10" @@ -61,6 +61,6 @@ parsed_sample: \ srcserver=0" minute: "40" month: "08" - msg_num: "3" + message_number: "3" second: "28" year: "2023" diff --git a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml index e71426901f..634ef9e82c 100644 --- a/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml +++ b/tests/fortinet/execute_log_display/fortinet_execute_log_display_no_logs.yml @@ -8,6 +8,6 @@ parsed_sample: message: "" minute: "" month: "" - msg_num: "" + message_number: "" second: "" year: "" From b6be4f7b973d79d2d8a4fa8b520feb64116bdb53 Mon Sep 17 00:00:00 2001 From: Jacob McGill <9847006+jmcgill298@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:40:03 -0400 Subject: [PATCH 3/3] Update ntc_templates/templates/fortinet_execute_log_display.textfsm --- ntc_templates/templates/fortinet_execute_log_display.textfsm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ntc_templates/templates/fortinet_execute_log_display.textfsm b/ntc_templates/templates/fortinet_execute_log_display.textfsm index 6899cdd43b..267f3ee76f 100644 --- a/ntc_templates/templates/fortinet_execute_log_display.textfsm +++ b/ntc_templates/templates/fortinet_execute_log_display.textfsm @@ -1,7 +1,7 @@ Value LOGS_FOUND (\d+) Value LOGS_RETURNED (\d+) Value LOGS_SEARCHED (\d+(?:\.\d+)?) -Value MESSAGE_NUMER (\d+) +Value MESSAGE_NUMBER (\d+) Value YEAR (\d{4}) Value MONTH (\d{2}) Value DAY (\d{2})