Skip to content

Latest commit

 

History

History
96 lines (74 loc) · 3.23 KB

README.md

File metadata and controls

96 lines (74 loc) · 3.23 KB

pan-os_cli v1.1

Scripts to repeat CLI commands on PAN-OS over SSH

The latest version 1.1 supports DP plotting. Please check output samples in the folder output_dp_samples.

pan-cli.py will submit a list of CLI (blocks), each repeated for a different number of times:

In the following example, c0 and c1 will not be repeated (once only) and c1 will be repeated 5 times.

cli = [c0, (c1, 5), c2]

Each of these CLI blocks has a similar structure. For example, c1 contains the list of command lines, each repeated for a different number of times:

For example, show session all will list sessions in pages, so there needs a space for the next page or q to stop.

The last tuple member in ('q', 1, 0) is 0. Any non-positive value will cause it not wait for the prompt.

c1 = [
    'show session info',
    'set cli pager on',
    'show session all',
    (' ', 2, 0),  # space for the next page, totally 3 pages
    ('q', 1, 0),  # q to stop
    'set cli pager off',
    'show running resource-monitor second last 30',
    'show system resources | match ": "',
    'show interface ethernet1/1 | match "bytes received"',
    'show vpn ipsec-sa summary | match "tunnels found"',
    'show global-protect-gateway statistics',
    'debug dataplane show ssl-decrypt ssl-stats',
    ('show clock',),
]

If you use an IDE for the scripts, configure the command line and environment variables accordingly.

Here is an example for PyCharm.

  • Script path: pan-os_cli\pan-cli.py
  • Parameters: -c conf/cli.py -v 192.168.1.254
  • Environment variables: PAPASS=pass123

If you use shell like bash, just run the main script per the following usage.

[terence@centos-1 pan-os_cli]$ python3 pan-cli.py -c conf/cli-86.py -v 192.168.1.86
usage: pan-cli.py [-h] [-c [CONF]] [-v] [target]

Script to repeat PAN-OS CLI over SSH.

positional arguments:
  target                IP of target device

optional arguments:
  -h, --help            show this help message and exit
  -c [CONF], --conf [CONF]
                        config file
  -v, --verbose         verbose mode

Namespace(conf='conf/cli-86.py', target='192.168.1.86', verbose=True) 

-- initialize the environment..
-- connect to 192.168.1.86 as admin..
-- sleep for 30 seconds..
-- submit CLI set #0..
-- submit CLI set #1..
-- sleep for 20 seconds..
-- sleep for 20 seconds..
-- sleep for 20 seconds..
-- sleep for 20 seconds..
-- sleep for 20 seconds..
-- submit CLI set #2..
-- analyze data..
-- generate output at job-241054/..
[terence@centos-1 pan-os_cli]$ cd job-241054/
[terence@centos-1 job-241054]$ ls -la 
total 120
drwxrwxr-x 2 terence terence     96 Apr 24 10:57 .
drwxrwxr-x 6 terence terence    117 Apr 24 10:54 ..
-rw-rw-r-- 1 terence terence 103360 Apr 24 10:57 cli-241054.log
-rw-rw-r-- 1 terence terence   2083 Apr 24 10:57 cnf-241054.json
-rw-rw-r-- 1 terence terence   5888 Apr 24 10:57 job-241054.log
-rw-rw-r-- 1 terence terence    855 Apr 24 10:57 sta-241054.json
[terence@centos-1 job-241054]$

Finally, these parameters can be overriden in some ways.

  • cf['hostname']: overriden by "target" on command line
  • cf['username']: if empty, "admin" is assumed
  • cf['password']: if empty, specified through the environment variable from cf['passenv'] (initially PAPASS)
  • cf['verbose']: overriden by "-v" on command line