Configs¶
netutils.config
¶
Initialization file for config methods.
clean
¶
Functions for working with configuration to clean the config.
clean_config(config, filters)
¶
Given a list of regex patterns, delete those lines that match.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
A string representation of a device configuration. |
required |
filters |
List[Dict[str, str]]
|
A list of regex patterns used to delete remove configuration. |
required |
Returns:
Type | Description |
---|---|
str
|
Stripped down configuration. |
Examples:
>>> from netutils.config.clean import clean_config
>>> config = '''Building configuration...
... Current configuration : 1582 bytes
... !
... version 12.4
... service timestamps debug datetime msec
... service timestamps log datetime msec
... no service password-encryption
... !
... hostname CSR1
... !
... !
... !'''
>>> clean_filters = [
... {"regex": r"^Current\s+configuration.*\n"},
... {"regex": r"^Building\s+configuration.*\n"},
... {"regex": r"^ntp\s+clock-period.*\n"},
... ]
>>> print(clean_config(config, clean_filters))
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CSR1
!
!
!
>>>
Source code in netutils/config/clean.py
sanitize_config(config, filters=None)
¶
Given a dictionary of filters, remove sensitive data from the provided config.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
A string representation of a device configuration. |
required |
filters |
Optional[List[Dict[str, str]]]
|
A list of dictionaries of regex patterns used to sanitize configuration, namely secrets. Defaults to an empty list. |
None
|
Returns:
Name | Type | Description |
---|---|---|
str |
str
|
Sanitized configuration. |
Examples:
>>> from netutils.config.clean import sanitize_config
>>> config = '''enable secret 5 $1$nc08$bizeEFbgCBKjZP4nurNCd.!'''
>>> SANITIZE_FILTERS = [
... {
... "regex": r"^(enable (password|secret)( level \d+)? \d) .+$",
... "replace": r"\1 <removed>",
... }
... ]
>>> sanitize_config(config, SANITIZE_FILTERS)
'enable secret 5 <removed>'
>>>
Source code in netutils/config/clean.py
compliance
¶
Filter Plugins for compliance checks.
compliance(features, backup, intended, network_os, cfg_type='file')
¶
Report compliance for all features provided as input.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
features |
List[Dict[str, Union[str, bool, List[str]]]]
|
List of features for particular network os. |
required |
backup |
str
|
running config or config backup file to compare against intended. |
required |
intended |
str
|
intended config to compare against backup. |
required |
network_os |
str
|
Device network operating system that is in parser_map keys. |
required |
cfg_type |
str
|
A string that is effectively a choice between |
'file'
|
Returns:
Name | Type | Description |
---|---|---|
dict |
Dict[str, Dict[str, Union[str, bool]]]
|
Compliance information per feature. |
Examples:
>>> from netutils.config.compliance import compliance
>>> features = [
... {
... "name": "hostname",
... "ordered": True,
... "section": [
... "hostname"
... ]
... },
... {
... "name": "ntp",
... "ordered": True,
... "section": [
... "ntp"
... ]
... }
... ]
>>> backup = "ntp server 192.168.1.1\nntp server 192.168.1.2 prefer"
>>> intended = "ntp server 192.168.1.1\nntp server 192.168.1.5 prefer"
>>> network_os = "cisco_ios"
>>> from pprint import pprint
>>> compliance(features, backup, intended, network_os, "string") == \
... {'hostname': {'actual': '',
... 'cannot_parse': True,
... 'compliant': True,
... 'extra': '',
... 'intended': '',
... 'missing': '',
... 'ordered_compliant': True,
... 'unordered_compliant': True},
... 'ntp': {'actual': 'ntp server 192.168.1.1\nntp server 192.168.1.2 prefer',
... 'cannot_parse': True,
... 'compliant': False,
... 'extra': 'ntp server 192.168.1.2 prefer',
... 'intended': 'ntp server 192.168.1.1\nntp server 192.168.1.5 prefer',
... 'missing': 'ntp server 192.168.1.5 prefer',
... 'ordered_compliant': False,
... 'unordered_compliant': False}}
True
Source code in netutils/config/compliance.py
121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
|
config_section_not_parsed(features, device_cfg, network_os)
¶
Return device config section that is not checked by compliance.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
features |
List[Dict[str, Union[str, bool, List[str]]]]
|
List of features for particular network os. |
required |
device_cfg |
str
|
Device configuration. |
required |
network_os |
str
|
Device network operating system that is in parser_map keys. |
required |
Returns:
Type | Description |
---|---|
Dict[str, Union[str, List[str]]]
|
Config that was not parsed or section not found. |
Examples:
>>> from netutils.config.compliance import config_section_not_parsed
>>> features = [{
... "name": "BGP",
... "ordered": True,
... "section": [
... "router bgp "
... ]
... }]
>>> network_os = 'cisco_ios'
>>> device_cfg = '''router bgp 100
... bgp router-id 10.6.6.5
... !
... access-list 1 permit 10.10.10.10
... access-list 1 permit 10.10.10.11'''
>>> config_section_not_parsed(features, device_cfg, network_os)
{'remaining_cfg': '!\naccess-list 1 permit 10.10.10.10\naccess-list 1 permit 10.10.10.11', 'section_not_found': []}
Source code in netutils/config/compliance.py
diff_network_config(compare_config, base_config, network_os)
¶
Identify which lines in compare_config are not in base_config.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
compare_config |
str
|
The config to evaluate against base_config. |
required |
base_config |
str
|
The config to compare compare_config against. |
required |
network_os |
str
|
Device network operating system that is in parser_map keys. |
required |
Returns:
Name | Type | Description |
---|---|---|
base_config |
str
|
The string of additional commands in compare_config separated by a newline. |
Examples:
>>> from netutils.config.compliance import diff_network_config
>>> compare_config = '''router bgp 100
... bgp router-id 10.6.6.5
... !
... snmp-server ifindex persist
... snmp-server packetsize 4096
... snmp-server location SFO
... access-list 1 permit 10.15.20.20
... access-list 1 permit 10.15.20.21'''
>>>
>>> base_config = '''router bgp 100
... bgp router-id 10.6.6.5
... !
... snmp-server packetsize 4096
... snmp-server location SFO
... access-list 1 permit 10.15.20.20
... access-list 1 permit 10.15.20.21'''
>>>
>>> network_os = "cisco_ios"
>>> diff_network_config(compare_config, base_config, network_os)
'snmp-server ifindex persist'
>>>
Source code in netutils/config/compliance.py
feature_compliance(feature, backup_cfg, intended_cfg, network_os)
¶
Report compliance for all features provided as input.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
feature |
Dict[str, Union[str, bool, List[str]]]
|
A dictionary with the attributes of the feature check |
required |
backup_cfg |
str
|
running config or config backup of a specific feature to compare. |
required |
intended_cfg |
str
|
intended config of a specific feature to compare. |
required |
network_os |
str
|
Device network operating system that is in parser_map keys. |
required |
Returns:
Name | Type | Description |
---|---|---|
dict |
Dict[str, Union[str, bool]]
|
Compliance information of a single feature. |
Examples:
>>> from netutils.config.compliance import feature_compliance
>>> feature = {
... "name": "ntp",
... "ordered": True,
... "section": [
... "ntp"
... ]
... }
>>> backup = "ntp server 192.168.1.1\nntp server 192.168.1.2 prefer"
>>> intended = "ntp server 192.168.1.1\nntp server 192.168.1.5 prefer"
>>> network_os = "cisco_ios"
>>> from pprint import pprint
>>> feature_compliance(feature, backup, intended, network_os) == \
... {'actual': 'ntp server 192.168.1.1\nntp server 192.168.1.2 prefer',
... 'cannot_parse': True,
... 'compliant': False,
... 'extra': 'ntp server 192.168.1.2 prefer',
... 'intended': 'ntp server 192.168.1.1\nntp server 192.168.1.5 prefer',
... 'missing': 'ntp server 192.168.1.5 prefer',
... 'ordered_compliant': False,
... 'unordered_compliant': False}
True
Source code in netutils/config/compliance.py
find_unordered_cfg_lines(intended_cfg, actual_cfg)
¶
Check if config lines are miss-ordered, i.e in ACL-s.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
intended_cfg |
str
|
Feature intended configuration. |
required |
actual_cfg |
str
|
Feature actual configuration. |
required |
Returns:
Name | Type | Description |
---|---|---|
list |
Tuple[bool, List[Tuple[str, str]]]
|
List of tuples with unordered_compliant cfg lines. |
Examples:
>>> from netutils.config.compliance import find_unordered_cfg_lines
>>> intended_cfg = '''
... ntp server 10.10.10.10
... ntp server 10.10.10.11
... ntp server 10.10.10.12'''
>>>
>>> actual_cfg = '''
... ntp server 10.10.10.12
... ntp server 10.10.10.11
... ntp server 10.10.10.10'''
>>>
>>> find_unordered_cfg_lines(intended_cfg, actual_cfg)
(True, [('ntp server 10.10.10.10', 'ntp server 10.10.10.12'), ('ntp server 10.10.10.12', 'ntp server 10.10.10.10')])
Source code in netutils/config/compliance.py
section_config(feature, device_cfg, network_os)
¶
Parse feature section config from device cfg.
In case section attribute of the the feature is not provided
entire content of the device_cfg is returned.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
feature |
Dict[str, Union[str, bool, List[str]]]
|
Feature name and cfg lines that should be parsed. |
required |
device_cfg |
str
|
Device configuration. |
required |
network_os |
Device network operating system that is in parser_map keys. |
required |
Returns:
Type | Description |
---|---|
str
|
The hash report data mapping file hashes to report data. |
Examples:
>>> from netutils.config.compliance import section_config
>>> feature = {
... "name": "BGP",
... "ordered": False,
... "section": [
... "router bgp "
... ]
... }
>>>
>>> device_cfg = '''router bgp 100
... bgp router-id 10.6.6.5
... !
... snmp-server ifindex persist
... snmp-server packetsize 4096
... snmp-server location SFO
... access-list 1 permit 10.10.15.15
... access-list 1 permit 10.10.20.20'''
>>>
>>> print(section_config(feature, device_cfg, "cisco_ios"))# ==
router bgp 100
bgp router-id 10.6.6.5
Source code in netutils/config/compliance.py
conversion
¶
Configuration conversion methods for different network operating systems.
paloalto_panos_brace_to_set(cfg, cfg_type='file')
¶
Convert Palo Alto Brace format configuration to set format.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
cfg |
str
|
Configuration as a string |
required |
cfg_type |
str
|
A string that is effectively a choice between |
'file'
|
Returns:
Name | Type | Description |
---|---|---|
str |
str
|
Converted configuration as a string. |
Examples:
>>> from netutils.config.conversion import paloalto_panos_brace_to_set
>>> config = '''
... config {
... mgt-config {
... users {
... admin {
... phash *;
... permissions {
... role-based {
... superuser yes;
... }
... }
... public-key thisisasuperduperlongbase64encodedstring;
... }
... panadmin {
... permissions {
... role-based {
... superuser yes;
... }
... }
... phash passwordhash;
... }
... }
... }
... }'''
>>> paloalto_panos_brace_to_set(cfg=config, cfg_type='string') == \
... '''set mgt-config users admin phash *
... set mgt-config users admin permissions role-based superuser yes
... set mgt-config users admin public-key thisisasuperduperlongbase64encodedstring
... set mgt-config users panadmin permissions role-based superuser yes
... set mgt-config users panadmin phash passwordhash'''
True
Source code in netutils/config/conversion.py
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
|
paloalto_panos_clean_newlines(cfg)
¶
Takes in the configuration and replaces any inappropriate newline characters with a space.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
cfg |
str
|
Configuration as a string. |
required |
Returns:
Name | Type | Description |
---|---|---|
str |
str
|
Cleaned configuration as a string |
Examples:
>>> from netutils.config.conversion import paloalto_panos_clean_newlines
>>> config = '''
... config {
... syslog {
... Traffic_Syslog {
... server {
... splunk {
... transport UDP;
... port 514;
... format BSD;
... server 1.1.1.1;
... facility LOG_USER;
... }
... graylog {
... transport UDP;
... port 514;
... format BSD;
... server 2.2.2.2;
... facility LOG_USER;
... }
... }
... format {
... config "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags
... Optional: cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail";
... system "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial cs3Label=Virtual System cs3=$vsys fname=$object flexString2Label=Module flexString2=$module msg=$opaque externalId=$seqno cat=$eventid PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags";
... threat "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid fileId=$pcap_id PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... traffic "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action flexNumber1Label=Total bytes flexNumber1=$bytes in=$bytes_sent out=$bytes_received cn2Label=Packets cn2=$packets PanOSPacketsReceived=$pkts_received PanOSPacketsSent=$pkts_sent start=$cef-formatted-time_generated cn3Label=Elapsed time in seconds cn3=$elapsed cs2Label=URL Category cs2=$category externalId=$seqno reason=$session_end_reason PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cat=$action_source PanOSActionFlags=$actionflags PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel";
... url "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno requestContext=$contenttype cat=$threatid fileId=$pcap_id requestMethod=$http_method requestClientApplication=$user_agent PanOSXForwarderfor=$xff PanOSReferer=$referer PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... data "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid fileId=$pcap_id PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... wildfire "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid filePath=$cloud fileId=$pcap_id fileHash=$filedigest fileType=$filetype suid=$sender msg=$subject duid=$recipient oldFileId=$reportid PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... tunnel "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=Log Action cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action externalId=$seqno PanOSActionFlags=$actionflags PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time cs2Label=Tunnel Type cs2=$tunnel flexNumber1Label=Total bytes flexNumber1=$bytes in=$bytes_sent out=$bytes_received cn2Label=Packets cn2=$packets PanOSPacketsSent=$pkts_sent PanOSPacketsReceived=$pkts_received flexNumber2Label=Maximum Encapsulation flexNumber2=$max_encap cfp1Label=Unknown Protocol cfp1=$unknown_proto cfp2Label=Strict Checking cfp2=$strict_check PanOSTunnelFragment=$tunnel_fragment cfp3Label=Sessions Created cfp3=$sessions_created cfp4Label=Sessions Closed cfp4=$sessions_closed reason=$session_end_reason cat=$action_source start=$cef-formatted-time_generated cn3Label=Elapsed time in seconds cn3=$elapsed";
... auth "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial cs1Label=Server Profile cs1=$serverprofile cs2Label=Normalize User cs2=$normalize_user cs3Label=Virtual System cs3=$vsys cs4Label=Authentication Policy cs4=$authpolicy cs5Label=Client Type cs5=$clienttype cs6Label=Log Action cs6=$logset fname=$object cn1Label=Factor Number cn1=$factorno cn2Label=Authentication ID cn2=$authid src=$ip cnt=$repeatcnt duser=$user flexString2Label=Vendor flexString2=$vendor msg=$event externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags PanOSDesc=$desc
... ";
... userid "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial cs1Label=Factor Type cs1=$factortype cs3Label=Virtual System cs3=$vsys cs4Label=Data Source Name cs4=$datasourcename cs5Label=Data Source cs5=$datasource cs6Label=Data Source Type cs6=$datasourcetype cn1Label=Factor Number cn1=$factorno cn2Label=Virtual System ID cn2=$vsys_id cn3Label=Timeout Threshold cn3=$timeout src=$ip spt=$beginport dpt=$endport cnt=$repeatcnt duser=$user externalId=$seqno cat=$eventid end=$factorcompletiontime PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags";
... hip-match "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$matchtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial suser=$srcuser cs3Label=Virtual System cs3=$vsys shost=$machinename src=$src cnt=$repeatcnt externalId=$seqno cat=$matchname start=$cef-formatted-time_generated cs2Label=Operating System cs2=$os PanOSActionFlags=$actionflags PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cn2Label=Virtual System ID cn2=$vsys_id c6a2Label=IPv6 Source Address c6a2=$srcipv6";
... correlation "CEF:0|Palo Alto Networks|PAN-OS|8.0|$category|$type|$severity|rt=$cef-formatted-receive_time deviceExternalId=$serial start=$cef-formatted-time_generated src=$src suser=$srcuser cs3Label=Virtual System cs3=$vsys severity=$severity PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cn2Label=Virtual System ID cn2=$vsys_id fname=$object_name cn3Label=Object ID cn3=$object_id msg=$evidence";
... escaping {
... escaped-characters \=;
... escape-character \;
... }
... }
... }
... }
... }'''
>>> paloalto_panos_clean_newlines(cfg=config) == \
... '''
... config {
... syslog {
... Traffic_Syslog {
... server {
... splunk {
... transport UDP;
... port 514;
... format BSD;
... server 1.1.1.1;
... facility LOG_USER;
... }
... graylog {
... transport UDP;
... port 514;
... format BSD;
... server 2.2.2.2;
... facility LOG_USER;
... }
... }
... format {
... config "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$result|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial shost=$host cs3Label=Virtual System cs3=$vsys act=$cmd duser=$admin destinationServiceName=$client msg=$path externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags Optional: cs1Label=Before Change Detail cs1=$before-change-detail cs2Label=After Change Detail cs2=$after-change-detail";
... system "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial cs3Label=Virtual System cs3=$vsys fname=$object flexString2Label=Module flexString2=$module msg=$opaque externalId=$seqno cat=$eventid PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags";
... threat "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid fileId=$pcap_id PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... traffic "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action flexNumber1Label=Total bytes flexNumber1=$bytes in=$bytes_sent out=$bytes_received cn2Label=Packets cn2=$packets PanOSPacketsReceived=$pkts_received PanOSPacketsSent=$pkts_sent start=$cef-formatted-time_generated cn3Label=Elapsed time in seconds cn3=$elapsed cs2Label=URL Category cs2=$category externalId=$seqno reason=$session_end_reason PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cat=$action_source PanOSActionFlags=$actionflags PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel";
... url "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno requestContext=$contenttype cat=$threatid fileId=$pcap_id requestMethod=$http_method requestClientApplication=$user_agent PanOSXForwarderfor=$xff PanOSReferer=$referer PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... data "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid fileId=$pcap_id PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... wildfire "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|$number-of-severity|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=LogProfile cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action request=$misc cs2Label=URL Category cs2=$category flexString2Label=Direction flexString2=$direction PanOSActionFlags=$actionflags externalId=$seqno cat=$threatid filePath=$cloud fileId=$pcap_id fileHash=$filedigest fileType=$filetype suid=$sender msg=$subject duid=$recipient oldFileId=$reportid PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSSrcUUID=$src_uuid PanOSDstUUID=$dst_uuid PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time PanOSTunnelType=$tunnel PanOSThreatCategory=$thr_category PanOSContentVer=$contentver";
... tunnel "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial src=$src dst=$dst sourceTranslatedAddress=$natsrc destinationTranslatedAddress=$natdst cs1Label=Rule cs1=$rule suser=$srcuser duser=$dstuser app=$app cs3Label=Virtual System cs3=$vsys cs4Label=Source Zone cs4=$from cs5Label=Destination Zone cs5=$to deviceInboundInterface=$inbound_if deviceOutboundInterface=$outbound_if cs6Label=Log Action cs6=$logset cn1Label=SessionID cn1=$sessionid cnt=$repeatcnt spt=$sport dpt=$dport sourceTranslatedPort=$natsport destinationTranslatedPort=$natdport flexString1Label=Flags flexString1=$flags proto=$proto act=$action externalId=$seqno PanOSActionFlags=$actionflags PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSTunnelID=$tunnelid PanOSMonitorTag=$monitortag PanOSParentSessionID=$parent_session_id PanOSParentStartTime=$parent_start_time cs2Label=Tunnel Type cs2=$tunnel flexNumber1Label=Total bytes flexNumber1=$bytes in=$bytes_sent out=$bytes_received cn2Label=Packets cn2=$packets PanOSPacketsSent=$pkts_sent PanOSPacketsReceived=$pkts_received flexNumber2Label=Maximum Encapsulation flexNumber2=$max_encap cfp1Label=Unknown Protocol cfp1=$unknown_proto cfp2Label=Strict Checking cfp2=$strict_check PanOSTunnelFragment=$tunnel_fragment cfp3Label=Sessions Created cfp3=$sessions_created cfp4Label=Sessions Closed cfp4=$sessions_closed reason=$session_end_reason cat=$action_source start=$cef-formatted-time_generated cn3Label=Elapsed time in seconds cn3=$elapsed";
... auth "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial cs1Label=Server Profile cs1=$serverprofile cs2Label=Normalize User cs2=$normalize_user cs3Label=Virtual System cs3=$vsys cs4Label=Authentication Policy cs4=$authpolicy cs5Label=Client Type cs5=$clienttype cs6Label=Log Action cs6=$logset fname=$object cn1Label=Factor Number cn1=$factorno cn2Label=Authentication ID cn2=$authid src=$ip cnt=$repeatcnt duser=$user flexString2Label=Vendor flexString2=$vendor msg=$event externalId=$seqno PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags PanOSDesc=$desc ";
... userid "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$subtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial cs1Label=Factor Type cs1=$factortype cs3Label=Virtual System cs3=$vsys cs4Label=Data Source Name cs4=$datasourcename cs5Label=Data Source cs5=$datasource cs6Label=Data Source Type cs6=$datasourcetype cn1Label=Factor Number cn1=$factorno cn2Label=Virtual System ID cn2=$vsys_id cn3Label=Timeout Threshold cn3=$timeout src=$ip spt=$beginport dpt=$endport cnt=$repeatcnt duser=$user externalId=$seqno cat=$eventid end=$factorcompletiontime PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name PanOSActionFlags=$actionflags";
... hip-match "CEF:0|Palo Alto Networks|PAN-OS|$sender_sw_version|$matchtype|$type|1|rt=$cef-formatted-receive_time deviceExternalId=$serial suser=$srcuser cs3Label=Virtual System cs3=$vsys shost=$machinename src=$src cnt=$repeatcnt externalId=$seqno cat=$matchname start=$cef-formatted-time_generated cs2Label=Operating System cs2=$os PanOSActionFlags=$actionflags PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cn2Label=Virtual System ID cn2=$vsys_id c6a2Label=IPv6 Source Address c6a2=$srcipv6";
... correlation "CEF:0|Palo Alto Networks|PAN-OS|8.0|$category|$type|$severity|rt=$cef-formatted-receive_time deviceExternalId=$serial start=$cef-formatted-time_generated src=$src suser=$srcuser cs3Label=Virtual System cs3=$vsys severity=$severity PanOSDGl1=$dg_hier_level_1 PanOSDGl2=$dg_hier_level_2 PanOSDGl3=$dg_hier_level_3 PanOSDGl4=$dg_hier_level_4 PanOSVsysName=$vsys_name dvchost=$device_name cn2Label=Virtual System ID cn2=$vsys_id fname=$object_name cn3Label=Object ID cn3=$object_id msg=$evidence";
... escaping {
... escaped-characters \=;
... escape-character \;
... }
... }
... }
... }
... }'''
True
Source code in netutils/config/conversion.py
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
|
parser
¶
Parsers for different network operating systems.
AIREOSConfigParser
¶
Bases: CiscoConfigParser
, BaseSpaceConfigParser
AireOSConfigParser implementation fo ConfigParser Class.
Source code in netutils/config/parser.py
ASAConfigParser
¶
Bases: CiscoConfigParser
Cisco ASA implementation of ConfigParser Class.
Source code in netutils/config/parser.py
915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 |
|
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
Source code in netutils/config/parser.py
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import ASAConfigParser, ConfigLine
>>> config = '''
... interface Management0/0
... management-only
... nameif Management
... security-level 100
... ip address 10.1.1.10 255.255.255.0'''
>>> config_tree = ASAConfigParser(str(config))
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line="interface Management0/0", parents=()),
... ConfigLine(config_line=" management-only", parents=("interface Management0/0",)),
... ConfigLine(config_line=" nameif Management", parents=("interface Management0/0",)),
... ConfigLine(config_line=" security-level 100", parents=("interface Management0/0",)),
... ConfigLine(config_line=" ip address 10.1.1.10 255.255.255.0", parents=("interface Management0/0",)),
... ]
True
Source code in netutils/config/parser.py
is_banner_start(line)
¶
Determine if the line starts a banner config.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
line |
str
|
The current config line in iteration. |
required |
Returns:
Type | Description |
---|---|
bool
|
True if line starts banner, else False. |
Source code in netutils/config/parser.py
ArubaConfigCXParser
¶
ArubaConfigOSParser
¶
ArubaConfigParser
¶
BaseBraceConfigParser
¶
Bases: BaseConfigParser
Base parser class for config syntax that demarcates using braces.
Source code in netutils/config/parser.py
427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 |
|
config_lines_only: str
property
¶
Remove trailing spaces and empty lines from config lines.
Returns:
Type | Description |
---|---|
str
|
The non-space lines from |
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser, ConfigLine
>>> config = '''auth ldap system-auth {
... port ldaps
... servers { ams-lda01.ntc.com }
... }
... auth partition Common {
... description "Repository for system objects and shared objects."
... }
... auth password-policy { }'''
>>> config_tree = BaseBraceConfigParser(config)
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line='auth ldap system-auth {', parents=()),
... ConfigLine(config_line=' port ldaps', parents=('auth ldap system-auth {',)),
... ConfigLine(config_line=' servers { ams-lda01.ntc.com }', parents=('auth ldap system-auth {',)),
... ConfigLine(config_line=' }', parents=('auth ldap system-auth {',)),
... ConfigLine(config_line=' auth partition Common {', parents=()),
... ConfigLine(config_line=' description "Repository for system objects and shared objects."', parents=(' auth partition Common {',)), ConfigLine(config_line=' }', parents=(' auth partition Common {',)),
... ConfigLine(config_line=' auth password-policy { }', parents=())
... ]
True
Source code in netutils/config/parser.py
BaseConfigParser
¶
Base class for parsers.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
config_lines_only: str
property
¶
Remove lines not related to config.
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
Source code in netutils/config/parser.py
BaseSpaceConfigParser
¶
Bases: BaseConfigParser
Base parser class for config syntax that demarcates using spaces/indentation.
Source code in netutils/config/parser.py
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 |
|
config_lines_only: str
property
¶
Remove spaces and comments from config lines.
Returns:
Type | Description |
---|---|
str
|
The non-space and non-comment lines from |
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser
>>> config = '''!
... aaa group server tacacs+ auth
... server 10.1.1.1
... server 10.2.2.2
...
... !
... '''
>>> config_parser = BaseSpaceConfigParser(config)
>>> print(config_parser.config_lines_only)
aaa group server tacacs+ auth
server 10.1.1.1
server 10.2.2.2
>>>
indent_level: int
property
writable
¶
Count the number of spaces a config line is indented.
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser, ConfigLine
>>> config = (
... "interface Ethernet1/1\n"
... " vlan 10\n"
... " no shutdown\n"
... "interface Ethernet1/2\n"
... " shutdown\n"
... )
>>> config_tree = BaseSpaceConfigParser(config)
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line='interface Ethernet1/1', parents=()),
... ConfigLine(config_line=' vlan 10', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line=' no shutdown', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line='interface Ethernet1/2', parents=(),),
... ConfigLine(config_line=' shutdown', parents=('interface Ethernet1/2',))
... ]
True
Source code in netutils/config/parser.py
find_all_children(pattern, match_type='exact')
¶
Returns configuration part for a specific pattern not including parents.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
pattern |
str
|
pattern that describes parent. |
required |
match_type |
optional
|
Exact or regex. Defaults to "exact". |
'exact'
|
Returns:
Type | Description |
---|---|
List[str]
|
configuration under that parent pattern. |
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser
>>> config = '''
... router bgp 45000
... address-family ipv4 unicast
... neighbor 192.168.1.2 activate
... network 172.17.1.0 mask'''
>>> bgp_conf = BaseSpaceConfigParser(str(config)).find_all_children(pattern="router bgp", match_type="startswith")
>>> print(bgp_conf)
['router bgp 45000', ' address-family ipv4 unicast', ' neighbor 192.168.1.2 activate', ' network 172.17.1.0 mask']
Source code in netutils/config/parser.py
find_children_w_parents(parent_pattern, child_pattern, match_type='exact')
¶
Returns configuration part for a specific pattern including parents and children.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
parent_pattern |
str
|
pattern that describes parent. |
required |
child_pattern |
str
|
pattern that describes child. |
required |
match_type |
optional
|
Exact or regex. Defaults to "exact". |
'exact'
|
Returns:
Type | Description |
---|---|
List[str]
|
configuration under that parent pattern. |
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser
>>> config = '''
... router bgp 45000
... address-family ipv4 unicast
... neighbor 192.168.1.2 activate
... network 172.17.1.0 mask'''
>>> bgp_conf = BaseSpaceConfigParser(str(config)).find_children_w_parents(parent_pattern="router bgp", child_pattern=" address-family", match_type="regex")
>>> print(bgp_conf)
[' address-family ipv4 unicast', ' neighbor 192.168.1.2 activate', ' network 172.17.1.0 mask']
Source code in netutils/config/parser.py
get_leading_space_count(config_line)
staticmethod
¶
Determine how many spaces the config_line
is indented.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config_line |
str
|
A line of text in the config. |
required |
Returns:
Type | Description |
---|---|
int
|
The number of leading spaces. |
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser
>>> config = '''interface GigabitEthernet1\n description link to ISP'''
>>> config_line = " description link to ISP"
>>> indent_level = BaseSpaceConfigParser(config).get_leading_space_count(config_line)
>>> indent_level
1
>>>
Source code in netutils/config/parser.py
is_banner_end(line)
¶
Determine if line ends the banner config.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
line |
str
|
The current config line in iteration. |
required |
Returns:
Type | Description |
---|---|
bool
|
True if line ends banner, else False. |
Source code in netutils/config/parser.py
is_banner_start(line)
¶
Determine if the line starts a banner config.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
line |
str
|
The current config line in iteration. |
required |
Returns:
Type | Description |
---|---|
bool
|
True if line starts banner, else False. |
Source code in netutils/config/parser.py
is_comment(line)
¶
Determine if line is a comment.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
line |
str
|
A config line from the device. |
required |
Returns:
Type | Description |
---|---|
bool
|
True if line is a comment, else False. |
Examples:
>>> from netutils.config.parser import BaseSpaceConfigParser
>>> BaseSpaceConfigParser("interface Ethernet1/1").is_comment("interface Ethernet1/1")
False
>>> BaseSpaceConfigParser("!").is_comment("!")
True
>>>
Source code in netutils/config/parser.py
CiscoConfigParser
¶
Bases: BaseSpaceConfigParser
Cisco Implementation of ConfigParser Class.
Source code in netutils/config/parser.py
banner_end: str
property
writable
¶
Demarcate End of Banner char(s).
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
is_banner_one_line(config_line)
staticmethod
¶
Determine if all banner config is on one line.
Source code in netutils/config/parser.py
is_banner_start(line)
¶
Determine if the line starts a banner config.
EOSConfigParser
¶
Bases: BaseSpaceConfigParser
EOSConfigParser implementation fo ConfigParser Class.
Source code in netutils/config/parser.py
F5ConfigParser
¶
Bases: BaseBraceConfigParser
F5ConfigParser implementation for ConfigParser Class.
Source code in netutils/config/parser.py
772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 |
|
banner_end: str
property
¶
Demarcate End of Banner char(s).
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import F5ConfigParser, ConfigLine
>>> config = '''apm resource webtop-link aShare {
... application-uri http://funshare.example.com
... customization-group a_customization_group
... }
... apm sso form-based portal_ext_sso_form_based {
... form-action /Citrix/Example/ExplicitAuth/LoginAttempt
... form-field "LoginBtn Log+On
... StateContext "
... form-password password
... form-username username
... passthru true
... start-uri /Citrix/Example/ExplicitAuth/Login*
... success-match-type cookie
... success-match-value CtxsAuthId
... }
... '''
>>>
>>> config_tree = F5ConfigParser(config)
>>> print(config_tree.build_config_relationship())
[ConfigLine(config_line='apm resource webtop-link aShare {', parents=()), ConfigLine(config_line=' application-uri http://funshare.example.com', parents=('apm resource webtop-link aShare {',)), ConfigLine(config_line=' customization-group a_customization_group', parents=('apm resource webtop-link aShare {',)), ConfigLine(config_line='}', parents=('apm resource webtop-link aShare {',)), ConfigLine(config_line='apm sso form-based portal_ext_sso_form_based {', parents=()), ConfigLine(config_line=' form-action /Citrix/Example/ExplicitAuth/LoginAttempt', parents=('apm sso form-based portal_ext_sso_form_based {',)), ConfigLine(config_line=' form-field "LoginBtn Log+On\nStateContext "', parents=('apm sso form-based portal_ext_sso_form_based {',)), ConfigLine(config_line=' form-password password', parents=()), ConfigLine(config_line=' form-username username', parents=()), ConfigLine(config_line=' passthru true', parents=()), ConfigLine(config_line=' start-uri /Citrix/Example/ExplicitAuth/Login*', parents=()), ConfigLine(config_line=' success-match-type cookie', parents=()), ConfigLine(config_line=' success-match-value CtxsAuthId', parents=()), ConfigLine(config_line='}', parents=())]
Source code in netutils/config/parser.py
FastironConfigParser
¶
Bases: CiscoConfigParser
Ruckus FastIron ICX config parser.
Source code in netutils/config/parser.py
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
FortinetConfigParser
¶
Bases: BaseSpaceConfigParser
Fortinet Fortios config parser.
Source code in netutils/config/parser.py
1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 |
|
banner_end: str
property
¶
Demarcate End of Banner char(s).
config_lines_only: str
property
¶
Remove spaces and comments from config lines.
Returns:
Type | Description |
---|---|
str
|
The non-space and non-comment lines from |
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
is_end_next(line)
¶
Determine if line has 'end' or 'next' in it.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
line |
str
|
A config line from the device. |
required |
Returns:
Type | Description |
---|---|
bool
|
True if line has 'end' or 'next', else False. |
Examples:
>>> from netutils.config.parser import FortinetConfigParser
>>> FortinetConfigParser("config system virtual-switch").is_end_next("config system virtual-switch")
False
>>> FortinetConfigParser("end").is_end_next("end")
True
>>>
Source code in netutils/config/parser.py
HPComwareConfigParser
¶
Bases: HPEConfigParser
, BaseSpaceConfigParser
HP Comware Implementation of ConfigParser Class.
Source code in netutils/config/parser.py
HPEConfigParser
¶
Bases: BaseSpaceConfigParser
HPE Implementation of ConfigParser Class.
Source code in netutils/config/parser.py
1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 |
|
banner_end: str
property
writable
¶
Get the banner end.
__init__(config)
¶
is_banner_one_line(config_line)
¶
Checks if the given configuration line represents a one-line banner.
Source code in netutils/config/parser.py
is_banner_start(line)
¶
Checks if the given line is the start of a banner.
set_delimiter(config_line)
¶
Find delimiter character in banner and set self.delimiter to be it.
Source code in netutils/config/parser.py
IOSConfigParser
¶
Bases: CiscoConfigParser
, BaseSpaceConfigParser
Cisco IOS implementation of ConfigParser Class.
Source code in netutils/config/parser.py
593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 |
|
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
Source code in netutils/config/parser.py
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import IOSConfigParser, ConfigLine
>>> config = '''
... interface Ethernet1/1
... vlan 10
... no shutdown
... interface Ethernet1/2
... shutdown'''
>>> config_tree = IOSConfigParser(str(config))
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line='interface Ethernet1/1', parents=()),
... ConfigLine(config_line=' vlan 10', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line=' no shutdown', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line='interface Ethernet1/2', parents=()),
... ConfigLine(config_line=' shutdown', parents=('interface Ethernet1/2',))
... ]
True
Source code in netutils/config/parser.py
IOSXRConfigParser
¶
Bases: CiscoConfigParser
IOS-XR config parser.
Source code in netutils/config/parser.py
1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 |
|
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
build_config_relationship()
¶
Parse text tree of config lines and their parents.
Examples:
>>> from netutils.config.parser import IOSXRConfigParser, ConfigLine
>>> config = (
... "interface Ethernet1/1\n"
... " vlan 10\n"
... " no shutdown"
... "interface Ethernet1/2\n"
... " shutdown\n"
... )
>>> config_tree = IOSXRConfigParser(config)
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line='interface Ethernet1/1', parents=()),
... ConfigLine(config_line=' vlan 10', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line=' no shutdowninterface Ethernet1/2', parents=('interface Ethernet1/1',)),
... ConfigLine(config_line=' shutdown', parents=('interface Ethernet1/1',))
... ]
True
Source code in netutils/config/parser.py
set_delimiter(config_line)
¶
Find delimiter character in banner and set self.delimiter to be it.
Source code in netutils/config/parser.py
JunosConfigParser
¶
Bases: BaseSpaceConfigParser
Junos config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
LINUXConfigParser
¶
Bases: BaseSpaceConfigParser
Linux config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
NXOSConfigParser
¶
Bases: CiscoConfigParser
, BaseSpaceConfigParser
NXOS implementation of ConfigParser Class.
Source code in netutils/config/parser.py
__init__(config)
¶
Create ConfigParser Object.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
config |
str
|
The config text to parse. |
required |
Source code in netutils/config/parser.py
NetironConfigParser
¶
Bases: BaseSpaceConfigParser
Extreme Netiron config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
NetscalerConfigParser
¶
Bases: BaseSpaceConfigParser
Netscaler config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
NokiaConfigParser
¶
Bases: BaseSpaceConfigParser
Nokia SrOS config parser.
Source code in netutils/config/parser.py
OptiswitchConfigParser
¶
Bases: BaseSpaceConfigParser
MRV Optiswitch config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
PaloAltoNetworksConfigParser
¶
Bases: BaseSpaceConfigParser
Palo Alto Networks config parser.
Source code in netutils/config/parser.py
1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 |
|
build_config_relationship()
¶
Parse text of config lines and find their parents.
Examples:
>>> from netutils.config.parser import PaloAltoNetworksConfigParser, ConfigLine
>>> config = (
... "set deviceconfig system hostname firewall1\n"
... "set deviceconfig system panorama local-panorama panorama-server 10.0.0.1\n"
... "set deviceconfig system panorama local-panorama panorama-server-2 10.0.0.2\n"
... "set deviceconfig setting config rematch yes\n"
... )
>>> config_tree = PaloAltoNetworksConfigParser(config)
>>> config_tree.build_config_relationship() == \
... [
... ConfigLine(config_line="set deviceconfig system hostname firewall1", parents=()),
... ConfigLine(config_line="set deviceconfig system panorama local-panorama panorama-server 10.0.0.1", parents=()),
... ConfigLine(config_line="set deviceconfig system panorama local-panorama panorama-server-2 10.0.0.2", parents=()),
... ConfigLine(config_line="set deviceconfig setting config rematch yes", parents=()),
... ]
True
Source code in netutils/config/parser.py
is_banner_end(line)
¶
Determine if end of banner.
RouterOSConfigParser
¶
Bases: BaseSpaceConfigParser
Mikrotik RouterOS config parser.
Source code in netutils/config/parser.py
banner_end: str
property
¶
Demarcate End of Banner char(s).
UbiquitiAirOSConfigParser
¶
Bases: BaseSpaceConfigParser
Ubiquiti airOS config parser.
Source code in netutils/config/parser.py
utils
¶
Utility functions for working with device configurations.