search

networktocode / ntc-templates

TextFSM templates for parsing show commands of network devices
https://ntc-templates.readthedocs.io/
Other
1.11k stars 723 forks source link

cisco_asa_show_vpn-sessiondb_detail_l2l.template not parsing #231

Closed murrad01 closed 5 years ago

murrad01 commented 6 years ago
ISSUE TYPE
TEMPLATE USING
cisco_asa_show_vpn-sessiondb_detail_l2l.template
SAMPLE COMMAND OUTPUT
'\nSession Type: LAN-to-LAN Detailed\n\nConnection   : p.p.p.p\nIndex        : 508                    IP Addr      : p.p.p.p\nProtocol     : IKE IPsec\nEncryption   : 3DES                   Hashing      : SHA1\nBytes Tx     : 0                      Bytes Rx     : 12360\nLogin Time   : 06:59:55 PDT Sat Jul 21 2018\nDuration     : 3h:33m:32s\nIKE Tunnels: 1\nIPsec Tunnels: 1\n\nIKE:\n  Tunnel ID    : 508.1\n  UDP Src Port : 500                    UDP Dst Port : 500\n  IKE Neg Mode : Main                   Auth Mode    : preSharedKeys\n  Encryption   : 3DES                   Hashing      : SHA1\n  Rekey Int (T): 28800 Seconds          Rekey Left(T): 15987 Seconds\n  D/H Group    : 2\n  Filter Name  : acl_Tarzana\n  IPv6 Filter  : \n\nIPsec:\n  Tunnel ID    : 508.2\n  Local Addr   : x.x.x.x.0/255.255.252.0/0/0\n  Remote Addr  : y.y.y.y/255.255.255.255/0/0\n  Encryption   : 3DES                   Hashing      : SHA1                   \n  Encapsulation: Tunnel                 \n  Rekey Int (T): 28800 Seconds          Rekey Left(T): 15987 Seconds          \n  Idle Time Out: 30 Minutes             Idle TO Left : 29 Minutes             \n  Bytes Tx     : 0                      Bytes Rx     : 12360                  \n  Pkts Tx      : 0                      Pkts Rx      : 206                    \n  \nNAC:\n  Reval Int (T): 0 Seconds              Reval Left(T): 0 Seconds\n  SQ Int (T)   : 0 Seconds              EoU Age(T)   : 12813 Seconds\n  Hold Left (T): 0 Seconds              Posture Token: \n  Redirect URL : \n\nConnection
SUMMARY

Not getting formatted data back, only a long string

STEPS TO REPRODUCE
output = net_conn.send_command("show vpn-sessiondb detail l2l", use_textfsm=True)
EXPECTED RESULTS

expected formatted data like I get from the following command output = net_conn.send_command("show running-config tunnel-group", use_textfsm=True)

[{'name': 'x.x.x.x', 'type': 'ipsec-l2l', 'dhcp_selection': [], 'dhcp_server': [], 'authorization': '', 'authorization_intfc': '', 'authorization_grp': '', 'accounting_grp': '', 'ipv4_pool_intfc': '', 'ipv4_pool_name': '', 'authentication_intfc': '', 'authentication_pri_grp': '', 'authentication_sec_grp': '', 'authentication_svr': '', 'authenticated_user': '', 'group_policy': 'gp-lab1', 'ipv6_pool_intfc': '', 'ipv6_pool_name': '', 'nat_intfc': '', 'scep_enroll': '', 'sec_authentication_grp_intfc': '', 'sec_authentication_pri_grp': '', 'sec_authentication_sec_grp': '', 'sec_authentication_use_pri_user': '', 'sec_cert_codes': '', 'sec_cert_fallback': '', 'pri_cert_codes': '', 'pri_cert_fallback': '', 'strip_grp': '', 'strip_realm': '', 'ikev1_psk': '', 'chain': '', 'client_os': [], 'update_url': [], 'revs': [], 'trust_point': '', 'ikev1_user_auth_intfc': [], 'ikev1_user_auth_type': [], 'ikev2_local_auth_cert': '', 'ikev2_remote_auth_type': [], 'peer_id_validate': '', 'radius_with_expiry': '', 'ppp_auth_type': [], 'webvpn_auth': '', 'webvpn_custom': '', 'dns_grp': '', 'webvpn_grp_alias': [], 'webvpn_grp_alias_state': [], 'webvpn_grp_url': [], 'webvpn_grp_url_state': [], 'nbns_svr': [], 'nbns_master': [], 'nbns_timeout': [], 'nbns_retry': [], 'override_svc_download': '', 'pri_prefill_user_type': [], 'sec_prefill_user_type': [], 'proxy_auth': '', 'radius_reject_msg': '', 'saml_id_provider': '', 'without_csd': ''},

ACTUAL RESULTS
'\nSession Type: LAN-to-LAN Detailed\n\nConnection   : 69.238.162.252\nIndex        : 508                    IP Addr      : 69.238.162.252\nProtocol     : IKE IPsec\nEncryption   : 3DES                   Hashing      : SHA1\nBytes Tx     : 0                      Bytes Rx     : 12360\nLogin Time   : 06:59:55 PDT Sat Jul 21 2018\nDuration     : 3h:33m:32s\nIKE Tunnels: 1\nIPsec Tunnels: 1\n\nIKE:\n  Tunnel ID    : 508.1\n  UDP Src Port : 500                    UDP Dst Port : 500\n  IKE Neg Mode : Main                   Auth Mode    : preSharedKeys\n  Encryption   : 3DES                   Hashing      : SHA1\n  Rekey Int (T): 28800 Seconds          Rekey Left(T): 15987 Seconds\n  D/H Group    : 2\n  Filter Name  : acl_Tarzana\n  IPv6 Filter  : \n\nIPsec:\n  Tunnel ID    : 508.2\n  Local Addr   : 166.124.120.0/255.255.252.0/0/0\n  Remote Addr  : 170.220.248.71/255.255.255.255/0/0\n  Encryption   : 3DES                   Hashing      : SHA1                   \n  Encapsulation: Tunnel                 \n  Rekey Int (T): 28800 Seconds          Rekey Left(T): 15987 Seconds          \n  Idle Time Out: 30 Minutes             Idle TO Left : 29 Minutes             \n  Bytes Tx     : 0                      Bytes Rx     : 12360                  \n  Pkts Tx      : 0                      Pkts Rx      : 206                    \n  \nNAC:\n  Reval Int (T): 0 Seconds              Reval Left(T): 0 Seconds\n  SQ Int (T)   : 0 Seconds              EoU Age(T)   : 12813 Seconds\n  Hold Left (T): 0 Seconds              Posture Token: \n  Redirect URL : \n\nConnection
FragmentedPacket commented 6 years ago

Did you follow the step in this article for setting it up? https://pynet.twb-tech.com/blog/automation/netmiko-textfsm.html

Did you put the templates in your home directory or set an environment variable for the location of the templates? Typically, when you get unstructured data, it is due to it not being able to find the templates.

I can test this at work as well, but figured I'd at least have you check some of the basics prior to that.

murrad01 commented 6 years ago

Yes, the templates are in my home directory. Other templates are working fine.

Thanks!

On Wed, Jul 25, 2018 at 7:19 AM, FragmentedPacket notifications@github.com wrote:

Did you follow the step in this article for setting it up? https://pynet.twb-tech.com/blog/automation/netmiko-textfsm.html

Did you put the templates in your home directory or set an environment variable for the location of the templates? Typically, when you get unstructured data, it is due to it not being able to find the templates.

I can test this at work as well, but figured I'd at least have you check some of the basics prior to that.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/networktocode/ntc-templates/issues/231#issuecomment-407770752, or mute the thread https://github.com/notifications/unsubscribe-auth/AdekIEkNMJxKqyWm0CuSmaHYQnqjczAEks5uKH5WgaJpZM4VZtFR .

FragmentedPacket commented 6 years ago

Looks like I'm able to reproduce the issue as well. I'll try and work on it over the next few days, but someone else might possibly chime in before.

murrad01 commented 6 years ago

Thanks for checking this out, really appreciate it.

BTW, I wanted to take a stab a creating my own templates. Any recommendations for resource material?

Thanks!

On Wed, Jul 25, 2018 at 2:05 PM, FragmentedPacket notifications@github.com wrote:

Looks like I'm able to reproduce the issue as well. I'll try and work on it over the next few days, but someone else might possibly chime in before.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/networktocode/ntc-templates/issues/231#issuecomment-407895396, or mute the thread https://github.com/notifications/unsubscribe-auth/AdekIDn75NFSv3bZRfClavBLD_UdcJoeks5uKN2MgaJpZM4VZtFR .

FragmentedPacket commented 6 years ago

I just kind of jumped in and helped people, I believe. The TextFSM templates I first worked on were way less convoluted than this one.

You may want to read a blog post Jason has in regards to this: http://jedelman.com/home/programmatic-access-to-cli-devices-with-textfsm/

Jason's blog has a link to a regex parser online that I use as well when troubleshooting/creating templates.

I've used this site as well: https://github.com/google/textfsm/wiki/TextFSM

You're also more than welcome to join NetworkToCode Slack. The feedback loop is much faster and short as well: https://networktocode.slack.com/

murrad01 commented 6 years ago

Not sure how I request an account for networktocode.slack.com

Sign in to networktocode

networktocode.slack.com

Don't have an account on this workspace yet?Contact the workspace administrator for an invitation

On Wed, Jul 25, 2018 at 4:05 PM, FragmentedPacket notifications@github.com wrote:

I just kind of jumped in and helped people, I believe. The TextFSM templates I first worked on were way less convoluted than this one.

You may want to read a blog post Jason has in regards to this: http://jedelman.com/home/programmatic-access-to-cli-devices-with-textfsm/

Jason's blog has a link to a regex parser online that I use as well when troubleshooting/creating templates.

I've used this site as well: https://github.com/google/textfsm/wiki/TextFSM

You're also more than welcome to join NetworkToCode Slack. The feedback loop is much faster and short as well: https://networktocode.slack.com/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/networktocode/ntc-templates/issues/231#issuecomment-407924125, or mute the thread https://github.com/notifications/unsubscribe-auth/AdekIOww3c0Ilm-npvvDMUjT_mu3eE11ks5uKPnSgaJpZM4VZtFR .

FragmentedPacket commented 6 years ago

Here it is: http://slack.networktocode.com/

murrad01 commented 6 years ago

thanks!

On Wed, Jul 25, 2018 at 6:45 PM, FragmentedPacket notifications@github.com wrote:

Here it is: http://slack.networktocode.com/

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/networktocode/ntc-templates/issues/231#issuecomment-407949479, or mute the thread https://github.com/notifications/unsubscribe-auth/AdekIDQvh4GlYzWfAzKU38tXzXWChitUks5uKR8pgaJpZM4VZtFR .

jmcgill298 commented 6 years ago

@murrad01 when you run that command on the ASA, do you not have a section that looks like this?

Session Type: LAN-to-LAN Detailed
 Connection   : 172.16.0.1
 Index        : 1                      IP Addr      : 172.16.0.1
 Protocol     : IPSecLAN2LAN           Encryption   : AES256
 Bytes Tx     : 48484156               Bytes Rx     : 875049248
 Login Time   : 09:32:03 est Mon Aug 2 2004
 Duration     : 6:16:26
 Filter Name  :

 IKE Sessions: 1 IPSec Sessions: 2

Session Type: LAN-to-LAN Detailed is being required, and since the output you provided does not have that line, it is not recording anything. I also see that you have a NAC section which is not accounted for in the current template.

murrad01 commented 6 years ago

Here's a section of my submitted output. Shouldn't this work? Wouldn't the NAC section just be ignored?

'\nSession Type: LAN-to-LAN Detailed\n\nConnection

jmcgill298 commented 6 years ago

ya, I think I chopped that off when I was reformatting the \n to be newlines. I think the NAC is causing the issue b/c of the EOF in the template. I can get some data to record by removing that, but then there are other issues with the Record, so this template really needs more work than I have time for at this moment

FragmentedPacket commented 6 years ago

https://github.com/networktocode/ntc-templates/pull/237

I think I have it figured out, but feedback is welcomed.