Solved

Need Assistance with TCL regular expression in Script run on Fortigate

Posted on 2013-05-28
2
1,076 Views
Last Modified: 2013-05-29
We have 65+ Fortigate branch firewalls that all have unique subnets based on their branch number.

The third octet in the IP address is the only difference.

What I want to do is dynamically get the third octet from the internal1 interface and use that as a variable in the rest of the script.

I have borrowed from here which works, however when I change the regexp to only get the 3rd octet rather than the whole ip address the script it fails at the regular expression.

#!
puts "Script starts ..."

# Create do_cmd procedure to execute CLI commands
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}

# get internal ip
do_cmd "config system interface"
do_cmd "edit internal1"
set query [exec "show\n" "# "]
#puts $query
set output [split $query "\n"]
#Find branch number and puts $ip
regexp {(?<=10.10.)[0-9]{1,3}} $output ip
do_cmd "end"
do_cmd "$ip"

Open in new window


Below is the contents of $query. I have highlighted in bold the data I need.

config system interface
    edit "internal1"
        set vdom "root"
        set ip XXX.XXX.XXX.XXX 255.255.255.0
        set allowaccess ping https
        set dns-query recursive
        set type physical
        set description "X"
        set alias "X"
    next
end

XXXXXX (internal1) #
0
Comment
Question by:Barfoots
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
Barfoots earned 0 total points
ID: 39205771
I have found a way around this but am unsure whether this is the most effective method;

#!
puts "Script starts ..."

# Create do_cmd procedure to execute CLI commands
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}

# get internal ip
do_cmd "config system interface"
do_cmd "edit internal1"
set query [exec "show\n" "# "]
#puts $query
set output [split $query "\n"]
#Find IP address and puts $ip
regexp {(?:\d+\.){3}\d+} $output ip
do_cmd $ip
regexp "(\[0-9]{1,3})\.(\[0-9]{1,3})\.(\[0-9]{1,3})\.(\[0-9]{1,3})" $ip all first second third fourth
do_cmd $third
do_cmd "end"

Open in new window

0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Shell Mail is not working 5 124
WPF issue with Trigger 2 130
looking for unix program to search some keywords in side EAR WAR and JAR files 10 111
Unix Command (AIX) 3 42
Navigation is an important part of web design from a usability perspective. But it is often a pain when it comes to a developer’s perspective. By navigation, it often means menuing. This is less theory and more practical of how to get a specific gro…
Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question