Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not Able to Display Policy Lookup #14

Open
manjitlazada opened this issue Jan 19, 2016 · 4 comments
Open

Not Able to Display Policy Lookup #14

manjitlazada opened this issue Jan 19, 2016 · 4 comments

Comments

@manjitlazada
Copy link

Hello All

Can somebody Please help in correcting the issue. I am running this below Script but not getting lookup output.

SCRIPT:

version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
ns ext = "http://xmlsoft.org/XSLT/namespace";

match / {

<op-script-results> {

var $cmd = <command> "show security policies detail"; /* get policy hit count */
var $out = jcs:invoke($cmd);
var $totalCharsPerField = 20;


var $formatFields = "%20-s%20-s%20-s%20-s%20-s%20-s%20-s"; /* format for column headers display */
var $formatFieldsData = "%20-s%20-s%20-s%20-s%20-s%28-s%20-s"; /* format for actually data display */

<output> jcs:printf($formatFields,"Policy name","Source Zone","Destination Zone","Source Address",                                  "Destination Address","Application","   Policy Lookups");

for-each($out/security-context/policies/policy-information) { /* get all policy info such as name, source address, destination address, zone, application and * count
*/

    var $sourceZone = context-information/source-zone-name;  
    var $destinationZone = context-information/destination-zone-name;  


    var $sourceAddress := { for-each( source-addresses/source-address) {

            <output> address-name _ " ";

    }}

    var $destinationAddress := { for-each(destination-addresses/destination-address) {

            <output> address-name _ " ";


    }}

    var $application := { for-each(applications/application) {

                            <output> application-name _ " ";

            }}  

    var $pattern = " ";
    var $array;

    /* Create arrays out of all data that can have multiple values */
    var $destinationArray = jcs:split( $pattern , $destinationAddress);         
    var $sourceArray = jcs:split( $pattern , $sourceAddress);           
    var $applicationArray = jcs:split( $pattern , $application);        

    /*Get size of each array */ 
    var $destinationCount = {call returnArrayCount($array = $destinationArray);}
    var $sourceCount = {call returnArrayCount($array = $sourceArray);}
    var $applicationCount = {call returnArrayCount($array = $applicationArray);}
    var $allCounts = $applicationCount _ " " _ $sourceCount _ " " _ $destinationCount;
    var $maxString = $allCounts;

    /*Get the size of the larget array*/
    var $maxOfCounts = {call  returnMax($maxString);}
    var $splitOfAllCounts = jcs:split(" ", $allCounts);

    if ( policy-statistics-information/policy-lookups) { /* iterate through all the policies with count enabled */ 

            <output> jcs:printf ($formatFieldsData,policy-name, $sourceZone,$destinationZone,$sourceArray[1],                                   $destinationArray[1],$applicationArray[1],policy-statistics-information/policy-lookups);

        var $loopCounter := { call create-loop-counter( $counter = $maxOfCounts ); }

            for-each( $loopCounter/counter ) { /*Loop through each array and print out the data*/ 

            var $index = position();

            if ( $index != 1 ) {

                <output> jcs:printf ($formatFieldsData,policy-name, " "," ",$sourceArray[number($index)],                                       $destinationArray[number($index)],$applicationArray[number($index) ]," ");

            }

        }


    }else {

        <output> "Count not enabled for policy: " _ policy-name; 

    }


} /* end of foreach */

} /* End of op script results */

} /* End of match / */

template returnMax ($maxString="Nothing specified") { /* Return the max number in a string of numbers */

<op-script-results> {

    var $splitOfAllCounts = jcs:split(" ", $maxString);

    for-each($splitOfAllCounts) {

                    <xsl:sort select = "." data-type = "number" order = "descending">;

                    if (position() == 1) {
                           <output> .;
                    }

            }
}

}

template returnArrayCount ($array="Nothing defined") { /*return the size of an array */

    if(count($array) > 1) {

        var $count = count($array) - 1;
        <output> $count;

    }else if(count($array) == 0){

        <output> 0;



    }else{

        <output> 1;

    }

}

template create-loop-counter( $counter ) {

if( $counter > 0 ) {

    <counter>; 
    call create-loop-counter( $counter = $counter - 1 );

}

}
@dssatya
Copy link
Contributor

dssatya commented Jan 19, 2016

Remove tag before jcs:printf(…)

Thanks,
Satya

From: manjitlazada
Reply-To: Juniper/junoscriptorium
Date: Tuesday, January 19, 2016 at 10:32 AM
To: Juniper/junoscriptorium
Subject: [junoscriptorium] Not Able to Display Policy Lookup (#14)

Hello All

Can somebody Please help in correcting the issue I am running this below Script but not getting lookup output

SCRIPT:

version 10;

ns junos = "http://xmljunipernet/junos/*/junos";
ns xnm = "http://xmljunipernet/xnm/11/xnm";
ns jcs = "http://xmljunipernet/junos/commit-scripts/10";
ns ext = "http://xmlsoftorg/XSLT/namespace";

match / {

{

var $cmd = "show security policies detail"; /* get policy hit count */
var $out = jcs:invoke($cmd);
var $totalCharsPerField = 20;

var $formatFields = "%20-s%20-s%20-s%20-s%20-s%20-s%20-s"; /* format for column headers display /
var $formatFieldsData = "%20-s%20-s%20-s%20-s%20-s%28-s%20-s"; / format for actually data display */

jcs:printf($formatFields,"Policy name","Source Zone","Destination Zone","Source Address", "Destination Address","Application"," Policy Lookups");

for-each($out/security-context/policies/policy-information) { /* get all policy info such as name, source address, destination address, zone, application and * count
*/

var $sourceZone = context-information/source-zone-name;
var $destinationZone = context-information/destination-zone-name;


var $sourceAddress := { for-each( source-addresses/source-address) {

        <output> address-name _ " ";

}}

var $destinationAddress := { for-each(destination-addresses/destination-address) {

        <output> address-name _ " ";


}}

var $application := { for-each(applications/application) {

                        <output> application-name _ " ";

        }}

var $pattern = " ";
var $array;

/* Create arrays out of all data that can have multiple values */
var $destinationArray = jcs:split( $pattern , $destinationAddress);
var $sourceArray = jcs:split( $pattern , $sourceAddress);
var $applicationArray = jcs:split( $pattern , $application);

/*Get size of each array */
var $destinationCount = {call returnArrayCount($array = $destinationArray);}
var $sourceCount = {call returnArrayCount($array = $sourceArray);}
var $applicationCount = {call returnArrayCount($array = $applicationArray);}
var $allCounts = $applicationCount _ " " _ $sourceCount _ " " _ $destinationCount;
var $maxString = $allCounts;

/*Get the size of the larget array*/
var $maxOfCounts = {call  returnMax($maxString);}
var $splitOfAllCounts = jcs:split(" ", $allCounts);

if ( policy-statistics-information/policy-lookups) { /* iterate through all the policies with count enabled */

        <output> jcs:printf ($formatFieldsData,policy-name, $sourceZone,$destinationZone,$sourceArray[1],                                   $destinationArray[1],$applicationArray[1],policy-statistics-information/policy-lookups);

    var $loopCounter := { call create-loop-counter( $counter = $maxOfCounts ); }

        for-each( $loopCounter/counter ) { /*Loop through each array and print out the data*/

        var $index = position();

        if ( $index != 1 ) {

            <output> jcs:printf ($formatFieldsData,policy-name, " "," ",$sourceArray[number($index)],                                       $destinationArray[number($index)],$applicationArray[number($index) ]," ");

        }

    }


}else {

    <output> "Count not enabled for policy: " _ policy-name;

}

} /* end of foreach */

} /* End of op script results */

} /* End of match / */

template returnMax ($maxString="Nothing specified") { /* Return the max number in a string of numbers */

{

var $splitOfAllCounts = jcs:split(" ", $maxString);

for-each($splitOfAllCounts) {

                <xsl:sort select = "" data-type = "number" order = "descending">;

                if (position() == 1) {
                       <output> ;
                }

        }

}

}

template returnArrayCount ($array="Nothing defined") { /*return the size of an array */

if(count($array) > 1) {

    var $count = count($array) - 1;
    <output> $count;

}else if(count($array) == 0){

    <output> 0;



}else{

    <output> 1;

}

}

template create-loop-counter( $counter ) {

if( $counter > 0 ) {

<counter>;
call create-loop-counter( $counter = $counter - 1 );

}

}


Reply to this email directly or view it on GitHubhttps://github.com//issues/14.

@manjitlazada
Copy link
Author

You mean the whole statement ? that will delete the formatting.
And only deleting will throw error.

error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing

error: error reading stylesheet: policylookups.slax

error: /var/db/scripts/op/policylookups.slax:22: error: /var/db/scripts/op/policylookups.slax:21: parse error, unexpected T_FUNCTION_NAME before 'jcs:printf':
error: ^
error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing
error: error reading stylesheet: policylookups.slax

@dssatya
Copy link
Contributor

dssatya commented Jan 19, 2016

It will be good if you can share the setup .

Thanks,
Satya

From: manjitlazada
Reply-To: Juniper/junoscriptorium
Date: Tuesday, January 19, 2016 at 11:18 AM
To: Juniper/junoscriptorium
Cc: "D.S.Satya Narsinga Rao"
Subject: Re: [junoscriptorium] Not Able to Display Policy Lookup (#14)

You mean the whole statement ? that will delete the formatting.
And only deleting will throw error.

error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing

error: error reading stylesheet: policylookups.slax

error: /var/db/scripts/op/policylookups.slax:22: error: /var/db/scripts/op/policylookups.slax:21: parse error, unexpected T_FUNCTION_NAME before 'jcs:printf':
error: ^
error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing
error: error reading stylesheet: policylookups.slax


Reply to this email directly or view it on GitHubhttps://github.com//issues/14#issuecomment-172748219.

@manjitlazada
Copy link
Author

The Setup is simple. I have an SRX on which I have multiple security policies running and I want to collect all policy inofmration/ terms in a one go. If a Security Policy contains multiple policies then that should also be captured.
what all is allowed and in which policy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dssatya @manjitlazada