Supported Platforms
Related Documentation
Example: Generating a Custom System Log Message
This example commit script generates a custom system log message when a specific statement is not included in the device configuration.
Requirements
This example uses a device running Junos OS.
Overview and Commit Script
Using a commit script, write a custom system log message that appears when the read-write statement is not included at the [edit snmp community community-name authorization] hierarchy level.
The script is shown in both XSLT and SLAX syntax.
XSLT Syntax
<?xml version="1.0" standalone="yes"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:junos="http://xml.juniper.net/junos/*/junos"
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
<xsl:import href="../import/junos.xsl"/>
<xsl:template match="configuration">
<xsl:for-each select="snmp/community">
<xsl:if test="not(authorization/read-write)">
<syslog>
<message>SNMP community does not have read-write access.
</message>
</syslog>
</xsl:if>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
SLAX Syntax
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
for-each (snmp/community) {
if (not(authorization/read-write)) {
<syslog> {
<message> "SNMP community does not have read-write access.";
}
}
}
}
Configuration
Step-by-Step Procedure
Download, enable, and test the script. To test that a commit script generates a system log message correctly, make sure that the candidate configuration contains the condition that elicits the system log message. For this example, ensure that the read-write statement is not included at the [edit snmp community community-name authorization] hierarchy level.
To test the example in this topic, perform the following steps:
- Copy the XSLT or SLAX script into a text file, name the
file
read-write.xslorread-write.slaxas appropriate, and copy it to the/var/db/scripts/commit/directory on the device. In configuration mode, include the file statement at the [edit system scripts commit] hierarchy level and
read-write.xslorread-write.slaxas appropriate.[edit]user@host# set system scripts commit file read-write.xslIf the read-write statement is included at the [edit snmp community community-name authorization] hierarchy level, issue the following configuration mode command:
[edit]user@host# delete snmp community community-name authorization read-write- For information about system log configuration, see the Junos OS System Log Messages Reference.
Issue the following command to verify that system logging is configured to write to a file (a commonly used file name is
messages):[edit]user@host# show system syslog Issue the commit command to commit the configuration.
user@host# commit
Verification
Verifying Script Execution
Purpose
Verify the system log message generated by the commit script.
Action
System log messages are generated during a commit operation
but not during a commit check operation. This means you cannot use
the commit check | display xml or commit check | display detail configuration mode commands to verify the output of system
log messages. When the commit operation completes, inspect the system
log file. The default directory for log files is /var/log/. View the log file by issuing the show log filename operational mode command. For example, if messages are logged
to the messages file, issue the following
command:
System log entries generated by commit scripts have the following format:
timestamp host-name cscript: message
Since the read-write statement was not included at the [edit snmp community community-name authorization] hierarchy level, the commit script should generate the “SNMP community does not have read-write access” message in the system log file.
Jun 3 14:34:37 host-name cscript: SNMP community does not have read-write access
