Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2471
Views
0
Helpful
1
Replies

ASA Python Automation: Find for a specific IP, the object, the object-group and ACL lines were it is used

shabuboy
Level 1
Level 1

‎09-09-2020 03:18 PM

Can anyone point to a python sample script where this can be achieved? or at least part of it, just need something to get me started.

Via the CLI on the ASA there are multiple ways to go about it. I usually do:

1 - sh access-list <name> | I 1.2.3.4

2 - if actual line # has an object or group as name, then I go and search for that object/group and show its contents

 

For automation, the following can be used as well:

sh run object in-line | i1.2.3.4

I can then split the output line using python and get the object name.

 

However, for the following, I would need a way to read the previous line to where the string is found.

sh run object-group network | i object-group|<object-name>

 

Any ideas anyone? Or knows a better way to achieve it?

I've seen some scripts using "ciscoconfparse" but it seems to work only with downloaded config txt files and not on actual devices via ssh/telnet/etc.

 

Regards

 

 

 

0 Helpful
1 Reply 1

Ruben Cocheno
Spotlight
Spotlight

‎09-10-2020 07:38 AM

@shabuboy 

 

i've been doing some automation but requires as well some manual parsing, not yet fully automated but getting there at some point.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card