;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Copyright 2003 Routrek Networks,Inc. All rights reserved ; Custom Netscreen Firewall definition. ; Tested on NetScreen5XT. ScreenOS 4.0 ; Version 1.0 ; $RCSfile: TargetNetscreen.txt,v $ ; $Revision: 1.4.2.3 $ $Date: 2004/10/15 07:28:49 $ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; RMC configuration example: ; ; copy terminal running-config (then paste this file.) ; set port comN ; set target-type netscreen [WAN address for ping check] ; set target-login-name ("netscreen" if not set) ; set target-login-password ("netscreen" if not set) ; set target-check 5 (recommended) ; set network-info-time ; set connect-log ; set spy comN tfl0 ml0 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; NOTE: The target-check script clears event log of the NetScreen ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; set user-target-type netscreen ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; set target-filter netscreen tfl0 # All severity # $Revision: 1.4.2.3 $ $Date: 2004/10/15 07:28:49 $ function islog(STRING){ if((3 < NF) && (STRING ~ /^[-0-9]+ [:0-9]+ [a-z]+[- ]+[a-z]+[- ]/)){ return 1 } return 0 } function printlog(STRING){ if((STRING !~ /logged on via console/) && (STRING !~ /logged out via the console/)){ print STRING } } # find "get event" command. /.*-> / { if($0 ~ /get event/){ logtype = "eventlog" } else { # end of "get event" if(logmsg != ""){ printlog(logmst) logmsg = "" } logtype = "" } } logtype != "" { if(logmsg == ""){ if(0 != islog($0)) { # start log message sub(/ \r*\n*$/, "") logmsg = $0 } next } else if(0 != islog($0)){ # next log message printlog(logmsg) sub(/ \r*\n*$/, "") logmsg = $0 next } else { if($0 ~ /^ +[^ ]/){ # continuous log message sub(/^ +/, "") logmsg = logmsg " " $0 } else { # end of log message printlog(logmsg) logmsg = "" } next } } ----END OF FILTER---- ; set target-filter netscreen tfl1 # High severity (0-2) : emergency, alert, critical function islog(STRING){ if((3 < NF) && (STRING ~ /^[-0-9]+ [:0-9]+ [a-z]+[- ]+(emer|alert|crit)/)){ return 1 } return 0 } function printlog(STRING){ if((STRING !~ /logged on via console/) && (STRING !~ /logged out via the console/)){ print STRING } } # find "get event" command. /.*-> / { if($0 ~ /get event/){ logtype = "eventlog" } else { # end of "get event" if(logmsg != ""){ printlog(logmsg) logmsg = "" } logtype = "" } } logtype != "" { if(logmsg == ""){ if(0 != islog($0)) { # start log message sub(/ \r*\n*$/, "") logmsg = $0 } next } else if(0 != islog($0)){ # next log message printlog(logmsg) sub(/ \r*\n*$/, "") logmsg = $0 next } else { if($0 ~ /^ +[^ ]/){ # continuous log message sub(/^ +/, "") logmsg = logmsg " " $0 } else { # end of log message printlog(logmsg) logmsg = "" } next } } ----END OF FILTER---- ; set target-filter netscreen tfl2 # Middle severity (3-5) : error, warning, notification function islog(STRING){ if((3 < NF) && (STRING ~ /^[-0-9]+ [:0-9]+ [a-z]+[- ]+(error|warn|notif)/)){ return 1 } return 0 } function printlog(STRING){ if((STRING !~ /logged on via console/) && (STRING !~ /logged out via the console/)){ print STRING } } # find "get event" command. /.*-> / { if($0 ~ /get event/){ logtype = "eventlog" } else { # end of "get event" if(logmsg != ""){ printlog(logmsg) logmsg = "" } logtype = "" } } logtype != "" { if(logmsg == ""){ if(0 != islog($0)) { # start log message sub(/ \r*\n*$/, "") logmsg = $0 } next } else if(0 != islog($0)){ # next log message printlog(logmsg) sub(/ \r*\n*$/, "") logmsg = $0 next } else { if($0 ~ /^ +[^ ]/){ # continuous log message sub(/^ +/, "") logmsg = logmsg " " $0 } else { # end of log message printlog(logmsg) logmsg = "" } next } } ----END OF FILTER---- ; set target-filter netscreen tfl3 # Low severity (6-7) : information, debugging function islog(STRING){ if((3 < NF) && (STRING ~ /^[-0-9]+ [:0-9]+ [a-z]+[- ]+(info|debug)/)){ return 1 } return 0 } function printlog(STRING){ if((STRING !~ /logged on via console/) && (STRING !~ /logged out via the console/)){ print STRING } } # find "get event" command. /.*-> / { if($0 ~ /get event/){ logtype = "eventlog" } else { # end of "get event" if(logmsg != ""){ printlog(logmsg) logmsg = "" } logtype = "" } } logtype != "" { if(logmsg == ""){ if(0 != islog($0)) { # start log message sub(/ \r*\n*$/, "") logmsg = $0 } next } else if(0 != islog($0)){ # next log message printlog(logmsg) sub(/ \r*\n*$/, "") logmsg = $0 next } else { if($0 ~ /^ +[^ ]/){ # continuous log message sub(/^ +/, "") logmsg = logmsg " " $0 } else { # end of log message printlog(logmsg) logmsg = "" } next } } ----END OF FILTER---- ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; set target-script netscreen login # Login script for Netscreen. # $Revision: 1.4.2.3 $ $Date: 2004/10/15 07:28:49 $ # # Send [enter] and wait prompt. send "" wait_prompt: expect { "-> " exit 0 "--- more ---" goto more "login:" goto login "assword:" goto password "y/[n] " goto confirm "[y]/n " goto confirm "Login failed" goto password_error timeout 60 goto error } # Send login name login: ! test "$TARGET_LOGIN_NAME" if $? = 0 send $(TARGET_LOGIN_NAME) if $? != 0 send "netscreen" expect { "-> " exit 0 "assword:" goto password timeout 10 goto error } # Send password password: ! test "$TARGET_LOGIN_PASSWORD" if $? = 0 send $(TARGET_LOGIN_PASSWORD) if $? != 0 send "netscreen" expect { "-> " exit 0 "Login failed" goto password_error timeout 10 goto error } # quit --More-- prompt more: send "q\c" goto wait_prompt # send enter to confirm yes/no prompt confirm: send "y\c" goto wait_prompt error: send "\003\c" exit 1 password_error: exit 3 ----END OF SCRIPT---- set target-script netscreen command verbose off call login timeout 600 verbose on # if "show version" command then it is for checking target type ! test "`sendcmd -t`" = "show version" if $? != 0 goto loop print "" print "---start command result---" print "---show version---" send "get system" gosub wait_prompt goto quit # Command loop loop: # send a command one by one ! sendcmd if $? != 0 goto quit gosub wait_prompt goto loop wait_prompt: expect { "-> " goto wait_interval "--- more ---" goto more "y/[n] " goto confirm "[y]/n " goto confirm timeout 240 goto error } # seems to be a prompt but check interval to confirm. wait_interval: expect { timeout 2 return } goto wait_interval # --More-- prompt more: send " \c" goto wait_prompt # send enter to confirm yes/no prompt confirm: send "y\c" goto wait_prompt # logout quit: verbose off send "exit" # send "n" to "Configuration modified, save? [y]/n" expect { "-> " goto quit "login:" exit 0 "y/[n] " send "" "save? [y]/n " send "n\c" "[y]/n " send "" timeout 10 goto error } goto quit error: send "\003\c" exit 1 password_error: exit 3 ----END OF SCRIPT---- set target-script netscreen target-check # target-check script for Netscreen # set target-script netscreen target-check # ARG1=WAN address for ping # Warning: The script clears event log verbose off call login timeout 600 set s 0 # get event log send "get event" gosub wait_prompt # clear event log for next "get event" verbose off send "clear event" gosub wait_prompt # ping check ! test "$ARG1" if $? != 0 goto quit verbose on send "ping \c" send $(ARG1) expect { "!" goto gotping "(1/" goto gotping "(2/" goto gotping "(3/" goto gotping "(4/" goto gotping "(5/" goto gotping "(0/" break "-> " goto noping timeout 40 break } gosub wait_prompt noping: set s 1 goto quit gotping: gosub wait_prompt goto quit wait_prompt: expect { "-> " goto wait_interval "--- more ---" goto more "y/[n] " goto confirm "[y]/n " goto confirm timeout 10 goto error } # seems to be a prompt but check interval to confirm. wait_interval: expect { timeout 2 return } goto wait_interval # --More-- prompt more: send " \c" goto wait_prompt # send enter to confirm yes/no prompt confirm: send "y\c" goto wait_prompt # logout quit: verbose off send "exit" # send "n" to "Configuration modified, save? [y]/n" expect { "-> " goto quit "y/[n] " send "" "save? [y]/n " send "n\c" "[y]/n " send "" "login:" goto endscript timeout 10 goto error } goto quit endscript: if s = 0 exit 0 error: send "\003\c" exit 1 password_error: exit 3 ----END OF SCRIPT---- set target-script netscreen network-info # command # Network information command for Netscreen (use command script) get system get config get config saved get address get interface get counter statistics get performance cpu get memory get policy all get route summary get route ----END OF SCRIPT----