Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
959
Views
0
Helpful
3
Replies

Cisco Tool

saxenanitesh8522
Level 8
Level 8

‎04-08-2018 11:05 PM - edited ‎03-08-2019 02:34 PM

Hi,

 

Is there any tool which we can use for Preventive Maintenance for gather show tech support from all the cisco devices rather than logging to each device for getting the same or gather the information and suggest for the IOS upgrades as well.

Labels:
0 Helpful
3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

‎04-08-2018 11:34 PM

Hi there,

APIC-EM (https://www.cisco.com/c/en/us/products/cloud-systems-management/application-policy-infrastructure-controller-enterprise-module/index.html) when combined with the "image verification" application/ plugin, will provide you a software vulnerability report and provide suggested upgrades.

 

cheers,

Seb.

0 Helpful

saxenanitesh8522
Level 8
Level 8
In response to Seb Rupik

‎04-08-2018 11:48 PM

Hi,

 

as a System integrator we are doing Preventive Maintenance for multiple customer's. hence we looking for a tool which can be used from our laptop or installed so we can run the reports and gather the information.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to saxenanitesh8522

‎04-12-2018 02:18 AM

Hi there,

I've tweaked a script of mine which previously required an APIC-EM instance to make REST calls against to create a device database.

I've changed it now so that you can feed it a CSV file of IP address of the. The CSV has the following format:

 

ip_address
10.1.1.1
10.1.1.2
10.1.1.3

 

The script can be found here:

https://github.com/sebrupik/srupik-apic-em-tools/blob/master/frozenPony/src/inventoryCollect2.py

 

Run the script with -c flag:

 

python3 inventoryCollect2.py -c /tmp/inventory.csv

 

It's a work in progress so currently doesn't like NX-OS, but does like IOS and IOS-XE. It should produce output similar to this:

 

Platforms: 3
Platform C5548UP has 1 models.
  N5K-C5548UP
    None used by 1 devices, dev-dist-sw-1
Platform X has 1 models.
  ASR1001-X
    16.04.02 used by 1 devices, dev-PPP-ROUTER
    16.03.04 used by 1 devices, dev-PPP-ROUTER
Platform C3850 has 1 models.
  WS-C3850-48P
    16.3.3 used by 1 devices, dev-ACCESS-02
Pickle the data!

 

All being well it will pickle the data (serialise it) and write it to a file 'data.dmp'

 

You then need to parse data.dmp with the second script:

https://github.com/sebrupik/srupik-apic-em-tools/blob/master/frozenPony/src/inventoryAnalyse.py

 

Run this script with the command:

python2.7 -W "ignore:Unverified HTTPS:::" inventoryAnalyse.py

(It has to be run in python 2.7 because the cisco openVlunQuery API it written in 2.7)

You will need to register for the openVuln API here: https://apiconsole.cisco.com/

 

This will produce output like:

C5548UP has 1 software versions in use
  None used by 1 devices
    dev-dist-sw-1
    No advisories :)
X has 2 software versions in use
  16.04.02 used by 1 devices
    dev-PPP-ROUTER
    Number of advisories 19
  16.03.04 used by 1 devices
    dev-PPP-ROUTER
    Number of advisories 18
C3850 has 1 software versions in use
  16.3.3 used by 1 devices
    dev-ACCESS-02
    No advisories :)


Worst offenders - Top 2
Advisory count: 18
  16.03.04
  dev-PPP-ROUTER
Advisory count: 19
  16.04.02
  dev-PPP-ROUTER

You can edit the script, line 188 and change it to:

print_dictionary(build_dictionary(ovq_client, platform_ibj_list), brief=False)

To get more verbose output, ie vulnerability ID and titles.

 

https://configif.wordpress.com/2017/07/19/apic-em-inventoryanalyse/

https://configif.wordpress.com/2017/07/14/apic-em-collectinventory/

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents