Solved

Perl Script to move cisco 5520 syslog

Posted on 2011-02-28
16
1,297 Views
Last Modified: 2012-05-11
Hi,

I am currently dealing with a situation very similar, I building a script which will login to a cisco 5520 ASA, go into enable mode, config t and execute a command loggin savelog and then execute another command to move the syslogs to a share in the network.

I am using a Linux Debian Lenny VM and I have the following modules installed:

Installed modules are:
   CPAN::Meta::YAML
   Class::Accessor::Fast::Contained
   Class::Data::Inheritable
   Class::Loader
   Convert::ASCII::Armour
   Convert::ASN1
   Convert::PEM
   Crypt::Blowfish
   Crypt::CBC
   Crypt::DES
   Crypt::DES_EDE3
   Crypt::DH
   Crypt::DSA
   Crypt::Primes
   Crypt::RSA
   Crypt::Random
   Data::Buffer
   Data::Dumper
   Data::Phrasebook
   Data::Phrasebook::Loader::YAML
   Devel::StackTrace
   Devel::Symdump
   Digest::BubbleBabble
   Digest::MD2
   Exception::Class
   ExtUtils::CBuilder
   ExtUtils::ParseXS
   File::Which
   IO::Tty
   IPC::Run3
   Math::BigInt
   Math::BigInt::Pari
   Math::Pari
   Module::Metadata
   Net::Appliance::Phrasebook
   Net::Appliance::Session
   Net::SSH::Perl
   Net::Telnet
   Perl
   Perl::OSType
   Pod::Coverage
   Probe::Perl
   Sort::Versions
   String::CRC32
   Sub::Uplevel
   Test::Exception
   Test::Harness
   Test::Pod
   Test::Pod::Coverage
   Test::Script
   Test::Simple
   Tie::EncryptedHash
   UNIVERSAL::require
   version

When I run the script, I get the following error message:

./scripter.pl
Command response matched device error string at /usr/local/share/perl/5.10.0/Net/Appliance/Session/Transport.pm line 51

I look forward to hear from you.

Thanks,

#!/usr/bin/perl

    use strict;
    use warnings;
    use Data::Dumper;

    use Net::Appliance::Session;

    my $ios_device_ip = 'XXX.XXX.XXX.XXX';

    my $ios_username        = 'useraccount';
    my $ios_password        = 'passwd123';
    my $ios_enable_password = 'system123';

    my $session_obj = Net::Appliance::Session->new(

        Host      => $ios_device_ip,
        Transport => 'SSH',

    );

    # create output file for switch changes
    # $session_obj->input_log('Switchchanges.txt');

    # try to login to the ios device, ignoring host check
    $session_obj->connect(Name => $ios_username, Password => $ios_password, SHKC => 0);

    # drop in to enable mode
    $session_obj->begin_privileged($ios_enable_password);

    # enter config mode
    my @output1 = $session_obj->cmd('conf t');
    print @output1;

    # set range of ports to change
    #my @output2 = $session_obj->cmd('int range fa0/5 - 22');
    my @output2 = $session_obj->cmd('show version');
    print @output2;

    # change VLAN
    # my @output3 = $session_obj->cmd('switchport access vlan 99');
    # print @output3;

    # end config mode
    my @output4 = $session_obj->cmd('logout');
    print @output4;

I commented a few lines, because this is my initial test to see How the script behave, I hope that this message reach you or anyone in this question, I already place a question on EE, but it has not been answered.

Link to the question:

http://www.experts-exchange.com/Programming/Languages/Scripting/Perl/Q_26839549.html

Open in new window

0
Comment
Question by:Islandr
  • 10
  • 6
16 Comments
 
LVL 39

Expert Comment

by:noci
ID: 35001876
why not send all log messages as they happen to a syslog server? using some syslog daemon?
that only needs some passive configuration on a syslog server and the switches?
0
 

Author Comment

by:Islandr
ID: 35001919
How can I do that?
0
 
LVL 39

Expert Comment

by:noci
ID: 35002305
You're mentioning debian as your server.
So lets asume you have the standard syslog:

adding the -r option on the command line during start up would enable listening.
in the case of metalog there is not network log access.
syslog-ng needs the right source definition.
Please indicate what syslog you have on your system.

then you need to configure syslog on your cisco...
Here is an example:
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_24385642.html

0
 

Author Comment

by:Islandr
ID: 35003076
Noci,

Thank you for taking the time and effort to reply, let me explain the situation in detail; we currently have a Cisco 5520 for VPN, the company policy is that we need to keep the VPN logs for 7 years, and right now we are moving the logs manually every day (Twice at day), for one, because is getting full and the second because of the policy ( do not ask me why), so I know that using a perl script and placing the script as a cron job this could be accomplished, I do not know any internal commands on the cisco 5520 that could do this automatically:

We need to save the logs into flash and then move the logs to a network share (drive) twice at day.  The perl script posted here using the module Net::Appliance::Session it could do the job of login into the ASA and then enable mode and config terminal and run the commands, but I am unable to run it, because of the error that I am getting:

Command response matched device error string at /usr/local/share/perl/5.10.0/Net/Appliance/Session/Transport.pm line 51

So if there is any other way to accomplish what I am looking for, I'll be more than happy to know.
Look forward to hear from you.
0
 
LVL 39

Expert Comment

by:noci
ID: 35003267
All unix systems do have a service name syslog. The service can be run in two modes (mostly) networked and non-networked.
metalog cannot handle networked mode.
sysklogd (default on many linux distibutions) http://www.infodrom.org/projects/sysklogd/
syslog-ng (much used replacement) http://www.balabit.com/products/syslog_ng/

You can install any of them on your system.
For sysklogd you might also need a tool called log-rotate to rename logfiles every ... time.
syslog-ng can be configured to do this automatically.

Please try to add the standard packages from your distro for them.
(apt get ... etc.) or the tooling you used for that.

A lot of networked devices are capable to send their logging using this same syslog protocol that unix uses.
it's an UDP based protocol that uses port 514. Messages are sent unsing one packet per message.
The syslog daemon can either store it in logfiles and/or relay the message to the next syslog server.
(there are windows versions of this type service too, like kiwi syslog).

You need to decide on the log-server, i do suggest looking into syslog-ng and then it needs to be configured.
For configuring the Cisco device(s) you can follow the link i suggested before.






0
 

Author Comment

by:Islandr
ID: 35003509
Noci,
That sound like a good solution, but honestly I'll need to write a project plan for that and it could take time before approval.
I really need your assistance with the Perl script.

Thanks,
0
 
LVL 39

Expert Comment

by:noci
ID: 35013219
Ok, I installed Net-Appliance-Session-2.110470

I also added some instrumentation:
---8<---
    $session_obj->input_log(*STDOUT);
    eval {
---8<---

right after the connect...

and the next at the end of the script
---8<---
        };
   if ( UNIVERSAL::isa($@,'Net::Appliance::Session::Exception') ) {
        print $@->message, "\n";  # fault description from Net::Appliance::Session
        print $@->errmsg, "\n";   # message from Net::Telnet
        print $@->lastline, "\n"; # last line of output from your appliance
        # perform any other cleanup as necessary
   }
   $session_obj->close;
---8<---

That should print a possibly better error message.
In my case (I have no cisco at hand) I get the logon strings back I get when accessing an ssh based device.
The first should allow you to see where it hangs (setting up an input_log) or what interactions are there until it crashes.
0
 

Author Comment

by:Islandr
ID: 35013503
I'll perform a test tomorrow. Thanks for the input.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Accepted Solution

by:
Islandr earned 0 total points
ID: 35017276
noci,

Thank you for getting back to me, here what I've done, I attached a copy of the current script that I am running for testing before the real one, I commentted some line (because this is a test first, I am getting the same error message like before:
Command response matched device error string at /usr/local/share/perl/5.10.0/Net/Appliance/Session/Transport.pm line 51
Which is related to the Transport.pm, so what I did was I edited the Transport.pm and looked for the line 51 :

    # disable paging... this is undone in our close() method
#    $self->disable_paging if $self->do_paging;

And commented the line " $self->disable_paging if $self->do_paging;" as you can see ran the script and it worked, but I really want to correct this error, because that is part of that module, I would like to make it work without any modifications.  I am going to attach a copy of the current script to this, please let me know, what you can see and find.





#!/usr/bin/perl

    use strict;
    use warnings;

    use Data::Dumper;
    use Net::Appliance::Session;


    my $ios_device_ip = '192.168.1.100';

    my $ios_username        = 'sysadmin';
    my $ios_password        = 'password123';
    my $ios_enable_password = 'system123';

    my $session_obj = Net::Appliance::Session->new(

        Host      => $ios_device_ip,
        Transport => 'SSH',

    );

    # create output file for the ASA
    $session_obj->input_log('Cisco_5520.txt');


    # try to login to the ios device, ignoring host check
    $session_obj->connect(Name => $ios_username, Password => $ios_password, SHKC => 0);
    $session_obj->input_log(*STDOUT);
    eval {

    # drop in to enable mode
    $session_obj->begin_privileged($ios_enable_password);

    # enter config mode

    my @output1 = $session_obj->cmd('conf t');
    print @output1;

    # Save the Syslogs to Flash

#    my @output2 = $session_obj->cmd('logging savelog');
     my @output2 = $session_obj->cmd('show version');
     print @output2;

    # Copy Syslogs from Flash to an FTP Server
    # my @output3 = $session_obj->cmd('copy disk0:/syslog ftp://myserver');
    # print @output3;

 # end config mode
    my @output4 = $session_obj->cmd('logout');
    print @output4;

      };
   if ( UNIVERSAL::isa($@,'Net::Appliance::Session::Exception') ) {
        print $@->message, "\n";  # fault description from Net::Appliance::Session
        print $@->errmsg, "\n";   # message from Net::Telnet
        print $@->lastline, "\n"; # last line of output from your appliance
        # perform any other cleanup as necessary
   }
   $session_obj->close;

Open in new window

0
 

Author Comment

by:Islandr
ID: 35029669
Noci,

Thank you for your assistance and here what I have done, after getting the error message, I contacted the author of the module at CPAN Oliver Gorwits he suggested to place the following line
$session_obj->do_paging(0); after call new but before call connect, I uncommented the line in the module, and it work without a problem, I think that the problem was because of the paging after executing the command.  Besides this script, I am considering the Syslog-NG as you suggested, I am still working on the script, but at the same time, could you guide me throught the installation of Syslog-NG, I got lost.  I am going to paste the code that did the trick.


#!/usr/bin/perl

    use strict;
    use warnings;

    use Data::Dumper;
    use Net::Appliance::Session;


    my $ios_device_ip = '192.168.1.100';

    my $ios_username        = 'ciscoadmin';
    my $ios_password        = 'ciscoadminpasswd';
    my $ios_enable_password = 'system123';

    my $session_obj = Net::Appliance::Session->new(

        Host      => $ios_device_ip,
        Transport => 'SSH',

    );

    # create output file for the ASA
    $session_obj->input_log('Cisco_5520.txt');
    $session_obj->do_paging(0);


    # try to login to the ios device, ignoring host check
    $session_obj->connect(Name => $ios_username, Password => $ios_password, SHKC => 0);
    $session_obj->input_log(*STDOUT);
    eval {

    # drop in to enable mode
    $session_obj->begin_privileged($ios_enable_password);

    # enter config mode

    my @output1 = $session_obj->cmd('conf t');
    print @output1;

    # Save the Syslogs to Flash

#    my @output2 = $session_obj->cmd('logging savelog');
     my @output2 = $session_obj->cmd('show running-config');
     print @output2;

    # Copy Syslogs from Flash to an FTP Server
    # my @output3 = $session_obj->cmd('copy disk0:/syslog ftp://myserver');

 # end config mode
    my @output4 = $session_obj->cmd('logout');
    print @output4;

      };
   if ( UNIVERSAL::isa($@,'Net::Appliance::Session::Exception') ) {
        print $@->message, "\n";  # fault description from Net::Appliance::Session
        print $@->errmsg, "\n";   # message from Net::Telnet
        print $@->lastline, "\n"; # last line of output from your appliance
        # perform any other cleanup as necessary
   }
   $session_obj->close;

Open in new window

0
 

Author Comment

by:Islandr
ID: 35029680
Please let me know if is necessary to open another question for this.

Thanks
0
 
LVL 39

Expert Comment

by:noci
ID: 35148080
A new question would be prudent, as it concerns a different subject.
0
 

Author Comment

by:Islandr
ID: 35148783
Noci,

No problem, I already award you the points from the Perl script question, I'll post another question, I would like to know How may I direct this question to you?

Thanks,
0
 
LVL 39

Expert Comment

by:noci
ID: 35148896
I'll monitor your question for the coming hours.
0
 

Author Comment

by:Islandr
ID: 35148962
Thanks,
0
 

Author Closing Comment

by:Islandr
ID: 35178756
I am going to grant the points to noci, he put me in to the right track from differents perspective, I had to do my own research as well.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
We all know how boring and exhausting it is to transfer huge web projects developed locally to a webserver simply via FTP. The File Transfer Protocol is a really nice solution if you need to transfer small amounts of files, but if you're plannin…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now