- play_arrow Overview
- play_arrow Junos Automation Scripts Overview
- play_arrow Junos XML Management Protocol and Junos XML API Overview
-
- play_arrow Automation Scripting Using XSLT
- play_arrow XSLT Overview
- play_arrow Standard XPath and XSLT Functions Used in Automation Scripts
- play_arrow Standard XSLT Elements and Attributes Used in Automation Scripts
-
- play_arrow Automation Scripting Using SLAX
- play_arrow SLAX Overview
- SLAX Overview
- SLAX Syntax Rules Overview
- SLAX Elements and Element Attributes Overview
- SLAX Elements as Function Arguments
- Understanding SLAX Default Namespaces
- XPath Expressions Overview for SLAX
- SLAX Templates Overview
- SLAX Functions Overview
- SLAX Parameters Overview
- SLAX Variables Overview
- SLAX Statements Overview
- XSLT Elements Without SLAX Equivalents
- SLAX Operators
- play_arrow SLAX Statements
- append
- apply-imports
- apply-templates
- attribute
- attribute-set
- call
- copy-node
- copy-of
- decimal-format
- element
- else
- else if
- expr
- fallback
- for
- for-each
- function
- if
- import
- key
- match
- message
- mode
- mvar
- number
- output-method
- param
- preserve-space
- priority
- processing-instruction
- result
- set
- sort
- strip-space
- template
- terminate
- trace
- uexpr
- use-attribute-sets
- var
- version
- while
- with
- play_arrow The libslax Distribution for Automation Scripting
- libslax Distribution Overview
- libslax Library and Extension Libraries Overview
- Download and Install the libslax Distribution
- libslax Default Extension Libraries: bit, curl, db, os, and xutil
- Understanding the SLAX Processor (slaxproc)
- How to Use the SLAX Processor (slaxproc)
- SLAX Debugger, Profiler, and callflow
-
- play_arrow Automation Scripting Using Python
- play_arrow Python Overview
- Understanding Python Automation Scripts for Junos Devices
- Requirements for Executing Python Automation Scripts on Junos Devices
- Overview of Python Modules on Junos Devices
- How to Use Python Interactive Mode on Devices Running Junos OS
- How to Use the psutil Module to Retrieve Process and System Information on Devices Running Junos OS
- How to Use the Requests Library for Python on Devices Running Junos OS
- IPv6 Support in Python Automation Scripts
- How to Specify the Routing Instance in Python 3 Applications on Devices Running Junos OS Evolved
-
- play_arrow Automation Script Input
- play_arrow Global Parameters in Automation Scripts
-
- play_arrow Extension Functions and Named Templates for Automation Scripts
- play_arrow Extension Functions for Automation Scripting
- play_arrow Extension Functions in the jcs and slax Namespaces
- base64-decode() Function (SLAX)
- base64-encode() Function (SLAX)
- break-lines() Function (SLAX and XSLT)
- close() Function (SLAX and XSLT)
- dampen() Function (Python, SLAX, and XSLT)
- document() Function (SLAX)
- emit_error() Function (Python)
- emit_snmp_attributes Function (Python)
- emit_warning() Function (Python)
- empty() Function (SLAX and XSLT)
- evaluate() Function (SLAX)
- execute() Function (SLAX and XSLT)
- first-of() Function (SLAX and XSLT)
- get-command() Function (SLAX)
- get-hello() Function (SLAX and XSLT)
- get-input() Function (SLAX and XSLT) and get_input() (Python)
- get-protocol() Function (SLAX and XSLT)
- get-secret() Function (SLAX and XSLT) and get_secret() (Python)
- get_snmp_action() Function (Python)
- get_snmp_oid() Function (Python)
- hostname() Function (Python, SLAX, and XSLT)
- invoke() Function (SLAX and XSLT)
- open() Function (SLAX and XSLT)
- output() Function (Python, SLAX, and XSLT)
- parse-ip() Function (SLAX and XSLT) and parse_ip() (Python)
- printf() Function (Python, SLAX, and XSLT)
- progress() Function (Python, SLAX, and XSLT)
- regex() Function (SLAX and XSLT)
- set_routing_instance() Function (Python)
- sleep() Function (SLAX and XSLT)
- split() Function (SLAX and XSLT)
- sysctl() Function (Python, SLAX, and XSLT)
- syslog() Function (Python, SLAX, and XSLT)
- trace() Function (Python, SLAX, and XSLT)
- play_arrow Named Templates for Automation Scripting
- play_arrow Named Templates in the jcs Namespace
-
- play_arrow Manage Automation Scripts
- play_arrow Store and Enable Scripts
- play_arrow Configure a Remote Source for Scripts
- play_arrow Configure the Session Protocol for Scripts
- play_arrow Control Execution of Scripts
- play_arrow Synchronize Scripts Between Routing Engines
- play_arrow Convert Scripts Between SLAX and XSLT
-
- play_arrow Op Scripts
- play_arrow Op Scripts Overview
- play_arrow Create and Execute Op Scripts
- Required Boilerplate for Op Scripts
- Map Operational Mode Commands and Output Fields to Junos XML Notation
- How to Use RPCs and Operational Mode Commands in Op Scripts
- Declare and Use Command-Line Arguments in Op Scripts
- Configure Help Text for Op Scripts
- Define Operational Mode Commands to Allow in an Op Script
- Enable an Op Script and Define a Script Alias
- Configure Checksum Hashes for an Op Script
- Execute an Op Script on the Local Device
- Execute an Op Script from a Remote Site
- Disable an Op Script
- play_arrow Op Script Examples
- Change the Configuration Using SLAX and XSLT Scripts
- Example: Change the Configuration Using SLAX and XSLT Op Scripts
- Example: Change the Configuration Using Python Op Scripts
- Example: Customize Output of the show interfaces terse Command Using an Op Script
- Example: Display DNS Hostname Information Using an Op Script
- Example: Find LSPs to Multiple Destinations Using an Op Script
- Example: Restart an FPC Using an Op Script
- Example: Export Files Using an Op Script
- Example: Import Files Using an Op Script
- Example: Search Files Using an Op Script
- play_arrow Provision Services Using Service Template Automation
- play_arrow Troubleshoot Op Scripts
-
- play_arrow Event Policies and Event Scripts
- play_arrow Event Policy Overview
- play_arrow Event Policy Triggers
- Use Correlated Events to Trigger an Event Policy
- Trigger an Event Policy Based on Event Count
- Example: Trigger an Event Policy Based on Event Count
- Use Regular Expressions to Refine the Set of Events That Trigger a Policy
- Example: Controlling Event Policy Using a Regular Expression
- Generate Internal Events to Trigger Event Policies
- Use Nonstandard System Log Messages to Trigger Event Policies
- Junos Logger Utility
- play_arrow Event Policy Actions
- Configure an Event Policy to Execute Operational Mode Commands
- Configure an Event Policy to Change the Configuration
- Example: Changing the Configuration Using an Event Policy
- Example: Changing the Interface Configuration in Response to an Event
- Execute Event Scripts in an Event Policy
- Change the Configuration Using an Event Script
- Configuring an Event Policy to Pass Arguments to an Event Script
- Configure Event Policies to Ignore an Event
- Example: Ignore Events Based on Receipt of Other Events
- Overview of Using Event Policies to Raise SNMP Traps
- Example: Raise an SNMP Trap in Response to an Event
- Understanding the Event System Log Priority in an Event Policy
- Example: Configuring the Event System Log Priority in an Event Policy
- Example: Limit Event Script Output Based on a Specific Event Type
- play_arrow Configure Event Policy File Archiving
- play_arrow Configure Event Policy Privileges
- play_arrow Event Scripts Overview
- play_arrow Create and Execute Event Scripts
- play_arrow Troubleshoot Event Policies and Event Scripts
-
- play_arrow SNMP Scripts
- play_arrow SNMP Scripts Overview
- play_arrow Create and Execute SNMP Scripts
- play_arrow SNMP Script Example
- play_arrow Troubleshoot SNMP Scripts
-
- play_arrow Configuration Statements and Operational Commands
Example: Generate a Custom System Log Message
Junos OS commit scripts can generate custom system log messages during a commit operation to alert you when the configuration does not comply with custom configuration rules. The commit process is not affected by generating system log messages. This example creates a commit script that generates a custom system log message when a specific statement is not included in the device configuration.
Overview and Commit Script
Using a commit script, write a custom system log message that
appears when the read-write statement is not included at
the [edit snmp community community-name authorization] hierarchy level.
The script is shown in XSLT, SLAX, and Python.
XSLT Syntax
<?xml version="1.0" standalone="yes"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:junos="http://xml.juniper.net/junos/*/junos"
xmlns:xnm="http://xml.juniper.net/xnm/1.1/xnm"
xmlns:jcs="http://xml.juniper.net/junos/commit-scripts/1.0">
<xsl:import href="../import/junos.xsl"/>
<xsl:template match="configuration">
<xsl:for-each select="snmp/community">
<xsl:if test="not(authorization) or (authorization != 'read-write')">
<xsl:variable name="community">
<xsl:call-template name="jcs:edit-path"/>
</xsl:variable>
<xsl:variable name="message" select="concat('SNMP community does not have read-write access: ', $community)"/>
<syslog>
<message>
<xsl:value-of select="$message"/>
</message>
</syslog>
</xsl:if>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
SLAX Syntax
version 1.2;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match configuration {
for-each (snmp/community) {
if ( not(authorization) or (authorization != "read-write")) {
var $community = call jcs:edit-path();
var $message = "SNMP community does not have read-write access: " _ $community;
<syslog> {
<message> $message;
}
}
}
}
Python Syntax
from junos import Junos_Configuration
import jcs
def main():
root = Junos_Configuration
for element in root.xpath("./snmp/community"):
if element.find("authorization") is None or \
element.find("authorization").text != 'read-write':
jcs.syslog("172", "SNMP community does not have read-write access: "
+ element.find('name').text)
if __name__ == '__main__':
main()
Configuration
Procedure
Step-by-Step Procedure
Download, enable, and test the script. To test that a
commit script generates a system log message correctly, make sure
that the candidate configuration contains the condition that elicits
the system log message. For this example, ensure that the read-write statement is not included at the [edit snmp community community-name authorization] hierarchy level.
To test the example in this topic:
Copy the script into a text file, name the file read-write.xsl, read-write.slax, or read-write.py as appropriate, and copy it to the /var/db/scripts/commit/ directory on the device.
Note:Unsigned Python scripts must be owned by either root or a user in the Junos OS
super-userlogin class, and only the file owner can have write permission for the file.In configuration mode, configure the
filestatement and the script filename at the[edit system scripts commit]hierarchy level.content_copy zoom_out_map[edit] user@host# set system scripts commit file read-write.xsl
If the script is written in Python, enable the execution of unsigned Python scripts.
content_copy zoom_out_map[edit] user@host# set system scripts language python
Note:Configure the
language python3statement to use Python 3 to execute Python scripts, or configure thelanguage pythonstatement to use Python 2.7 to execute Python scripts. For more information, see language.(Optional) To test the condition, if the
read-writestatement is included at the[edit snmp community community-name authorization]hierarchy level for every community, temporarily delete the authorization for an existing SNMP community.content_copy zoom_out_map[edit] user@host# delete snmp community community-name authorization read-write
Issue the following command to verify that system logging is configured to write to a file (a commonly used file name is messages):
content_copy zoom_out_map[edit] user@host# show system syslog
For information about system log configuration, see the System Log Explorer.
Issue the
commitcommand to commit the configuration.content_copy zoom_out_mapuser@host# commit
Verification
Verifying Script Execution
Purpose
Verify the system log message generated by the commit script.
System log messages are generated during a commit operation
for Python, SLAX, and XSLT scripts, but they are only generated during
a commit check operation for Python scripts. This means you cannot
use the commit check | display xml or commit check
| display detail configuration mode commands to verify the output
of system log messages for SLAX and XSLT scripts.
Action
When the commit operation completes, inspect the system
log file. The default directory for log files is /var/log/. View the log file by issuing the show log filename operational mode command. For example, if messages are logged
to the messages file, issue the following
command:
user@host> show log messages | match cscript
System log entries generated by commit scripts have the following format:
timestamp host-name cscript: message
Since the read-write statement was not included
at the [edit snmp community community-name authorization] hierarchy level, the commit script should generate
the “SNMP community does not have read-write access” message
in the system log file.
Jun 3 14:34:37 host-name cscript: SNMP community does not have read-write access: [edit snmp community community-name]
