Not Able to Display Policy Lookup

[manjitlazada]

Hello All

Can somebody Please help in correcting the issue. I am running this below Script but not getting lookup output.

SCRIPT:

---

version 1.0;

ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
ns ext = "http://xmlsoft.org/XSLT/namespace";

match / {

<op-script-results> {

var $cmd = <command> "show security policies detail"; /* get policy hit count */
var $out = jcs:invoke($cmd);
var $totalCharsPerField = 20;


var $formatFields = "%20-s%20-s%20-s%20-s%20-s%20-s%20-s"; /* format for column headers display */
var $formatFieldsData = "%20-s%20-s%20-s%20-s%20-s%28-s%20-s"; /* format for actually data display */

<output> jcs:printf($formatFields,"Policy name","Source Zone","Destination Zone","Source Address",                                  "Destination Address","Application","   Policy Lookups");

for-each($out/security-context/policies/policy-information) { /* get all policy info such as name, source address, destination address, zone, application and * count
*/

    var $sourceZone = context-information/source-zone-name;  
    var $destinationZone = context-information/destination-zone-name;  


    var $sourceAddress := { for-each( source-addresses/source-address) {

            <output> address-name _ " ";

    }}

    var $destinationAddress := { for-each(destination-addresses/destination-address) {

            <output> address-name _ " ";


    }}

    var $application := { for-each(applications/application) {

                            <output> application-name _ " ";

            }}  

    var $pattern = " ";
    var $array;

    /* Create arrays out of all data that can have multiple values */
    var $destinationArray = jcs:split( $pattern , $destinationAddress);         
    var $sourceArray = jcs:split( $pattern , $sourceAddress);           
    var $applicationArray = jcs:split( $pattern , $application);        

    /*Get size of each array */ 
    var $destinationCount = {call returnArrayCount($array = $destinationArray);}
    var $sourceCount = {call returnArrayCount($array = $sourceArray);}
    var $applicationCount = {call returnArrayCount($array = $applicationArray);}
    var $allCounts = $applicationCount _ " " _ $sourceCount _ " " _ $destinationCount;
    var $maxString = $allCounts;

    /*Get the size of the larget array*/
    var $maxOfCounts = {call  returnMax($maxString);}
    var $splitOfAllCounts = jcs:split(" ", $allCounts);

    if ( policy-statistics-information/policy-lookups) { /* iterate through all the policies with count enabled */ 

            <output> jcs:printf ($formatFieldsData,policy-name, $sourceZone,$destinationZone,$sourceArray[1],                                   $destinationArray[1],$applicationArray[1],policy-statistics-information/policy-lookups);

        var $loopCounter := { call create-loop-counter( $counter = $maxOfCounts ); }

            for-each( $loopCounter/counter ) { /*Loop through each array and print out the data*/ 

            var $index = position();

            if ( $index != 1 ) {

                <output> jcs:printf ($formatFieldsData,policy-name, " "," ",$sourceArray[number($index)],                                       $destinationArray[number($index)],$applicationArray[number($index) ]," ");

            }

        }


    }else {

        <output> "Count not enabled for policy: " _ policy-name; 

    }


} /* end of foreach */

} /* End of op script results */

} /* End of match / */

template returnMax ($maxString="Nothing specified") { /* Return the max number in a string of numbers */

<op-script-results> {

    var $splitOfAllCounts = jcs:split(" ", $maxString);

    for-each($splitOfAllCounts) {

                    <xsl:sort select = "." data-type = "number" order = "descending">;

                    if (position() == 1) {
                           <output> .;
                    }

            }
}

}

template returnArrayCount ($array="Nothing defined") { /*return the size of an array */

    if(count($array) > 1) {

        var $count = count($array) - 1;
        <output> $count;

    }else if(count($array) == 0){

        <output> 0;



    }else{

        <output> 1;

    }

}

template create-loop-counter( $counter ) {

if( $counter > 0 ) {

    <counter>; 
    call create-loop-counter( $counter = $counter - 1 );

}

}

[dssatya]

Remove tag before jcs:printf(…)

Thanks,
Satya

From: manjitlazada
Reply-To: Juniper/junoscriptorium
Date: Tuesday, January 19, 2016 at 10:32 AM
To: Juniper/junoscriptorium
Subject: [junoscriptorium] Not Able to Display Policy Lookup (#14)

Hello All

Can somebody Please help in correcting the issue I am running this below Script but not getting lookup output

SCRIPT:

---

version 10;

ns junos = "http://xmljunipernet/junos/*/junos";
ns xnm = "http://xmljunipernet/xnm/11/xnm";
ns jcs = "http://xmljunipernet/junos/commit-scripts/10";
ns ext = "http://xmlsoftorg/XSLT/namespace";

match / {

{

var $cmd = "show security policies detail"; /* get policy hit count */
var $out = jcs:invoke($cmd);
var $totalCharsPerField = 20;

var $formatFields = "%20-s%20-s%20-s%20-s%20-s%20-s%20-s"; /* format for column headers display /
var $formatFieldsData = "%20-s%20-s%20-s%20-s%20-s%28-s%20-s"; / format for actually data display */

jcs:printf($formatFields,"Policy name","Source Zone","Destination Zone","Source Address", "Destination Address","Application"," Policy Lookups");

for-each($out/security-context/policies/policy-information) { /* get all policy info such as name, source address, destination address, zone, application and * count
*/

var $sourceZone = context-information/source-zone-name;
var $destinationZone = context-information/destination-zone-name;


var $sourceAddress := { for-each( source-addresses/source-address) {

        <output> address-name _ " ";

}}

var $destinationAddress := { for-each(destination-addresses/destination-address) {

        <output> address-name _ " ";


}}

var $application := { for-each(applications/application) {

                        <output> application-name _ " ";

        }}

var $pattern = " ";
var $array;

/* Create arrays out of all data that can have multiple values */
var $destinationArray = jcs:split( $pattern , $destinationAddress);
var $sourceArray = jcs:split( $pattern , $sourceAddress);
var $applicationArray = jcs:split( $pattern , $application);

/*Get size of each array */
var $destinationCount = {call returnArrayCount($array = $destinationArray);}
var $sourceCount = {call returnArrayCount($array = $sourceArray);}
var $applicationCount = {call returnArrayCount($array = $applicationArray);}
var $allCounts = $applicationCount _ " " _ $sourceCount _ " " _ $destinationCount;
var $maxString = $allCounts;

/*Get the size of the larget array*/
var $maxOfCounts = {call  returnMax($maxString);}
var $splitOfAllCounts = jcs:split(" ", $allCounts);

if ( policy-statistics-information/policy-lookups) { /* iterate through all the policies with count enabled */

        <output> jcs:printf ($formatFieldsData,policy-name, $sourceZone,$destinationZone,$sourceArray[1],                                   $destinationArray[1],$applicationArray[1],policy-statistics-information/policy-lookups);

    var $loopCounter := { call create-loop-counter( $counter = $maxOfCounts ); }

        for-each( $loopCounter/counter ) { /*Loop through each array and print out the data*/

        var $index = position();

        if ( $index != 1 ) {

            <output> jcs:printf ($formatFieldsData,policy-name, " "," ",$sourceArray[number($index)],                                       $destinationArray[number($index)],$applicationArray[number($index) ]," ");

        }

    }


}else {

    <output> "Count not enabled for policy: " _ policy-name;

}

} /* end of foreach */

} /* End of op script results */

} /* End of match / */

template returnMax ($maxString="Nothing specified") { /* Return the max number in a string of numbers */

{

var $splitOfAllCounts = jcs:split(" ", $maxString);

for-each($splitOfAllCounts) {

                <xsl:sort select = "" data-type = "number" order = "descending">;

                if (position() == 1) {
                       <output> ;
                }

        }

}

}

template returnArrayCount ($array="Nothing defined") { /*return the size of an array */

if(count($array) > 1) {

    var $count = count($array) - 1;
    <output> $count;

}else if(count($array) == 0){

    <output> 0;



}else{

    <output> 1;

}

}

template create-loop-counter( $counter ) {

if( $counter > 0 ) {

<counter>;
call create-loop-counter( $counter = $counter - 1 );

}

}

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/14.

[manjitlazada]

You mean the whole statement ? that will delete the formatting.
And only deleting will throw error.

error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing

error: error reading stylesheet: policylookups.slax

error: /var/db/scripts/op/policylookups.slax:22: error: /var/db/scripts/op/policylookups.slax:21: parse error, unexpected T_FUNCTION_NAME before 'jcs:printf':
error: ^
error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing
error: error reading stylesheet: policylookups.slax

[dssatya]

It will be good if you can share the setup .

Thanks,
Satya

From: manjitlazada
Reply-To: Juniper/junoscriptorium
Date: Tuesday, January 19, 2016 at 11:18 AM
To: Juniper/junoscriptorium
Cc: "D.S.Satya Narsinga Rao"
Subject: Re: [junoscriptorium] Not Able to Display Policy Lookup (#14)

You mean the whole statement ? that will delete the formatting.
And only deleting will throw error.

error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing

error: error reading stylesheet: policylookups.slax

error: /var/db/scripts/op/policylookups.slax:22: error: /var/db/scripts/op/policylookups.slax:21: parse error, unexpected T_FUNCTION_NAME before 'jcs:printf':
error: ^
error: error: /var/db/scripts/op/policylookups.slax: 1 error detected during parsing
error: error reading stylesheet: policylookups.slax

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/14#issuecomment-172748219.

[manjitlazada]

The Setup is simple. I have an SRX on which I have multiple security policies running and I want to collect all policy inofmration/ terms in a one go. If a Security Policy contains multiple policies then that should also be captured.
what all is allowed and in which policy.