...
Code Block |
---|
. . . "opconfig_url_base" : "", "opconfig_disable_ios_ssh_connection_discovery" : "false", "opconfig_parsers" : [ [ "^show full-configuration system netflow$", # Command that we are using to extract the information "config_parsers/fortigate-netflow.pm" # File to parse the command output ] ], "opconfig_queue_expire_after_seconds" : 691200, "opconfig_audit_import" : 1, . . . |
We can check if the syntaxis syntax is is ok using this:
Code Block |
---|
# json_xs < opCommon.json |
...
Code Block |
---|
[root@localhost conf]# /usr/local/omk/bin/opconfig-cli.pl act=export_config_status node=FortinetTest debug=true opconfig-cli.pl Version 3.420.0 Copyright (C) 2015 Opmantek Limited (www.opmantek.com) This program comes with ABSOLUTELY NO WARRANTY; See www.opmantek.com or email contact@opmantek.com opConfig is licensed to Opmantek Internal for 50 Nodes - Expires 15-Aug-2023 [2023-01-20 17:32:28.57037] [8596] [debug] new opConfig: require_db [2023-01-20 17:32:28.71590] [8596] [debug] Creating NMISx { "config_features" : { "netflow" : { "activeFtimeout" : "1800", "collectorip" : "192.168.0.104", "collectorport" : "2055", "inactFtimeout" : "15", "intmethod" : "auto", "sourceip" : "192.168.0.105", "txcounter" : "20", "txtimeout" : "1800" } } } |
Compliance Policy files.
Compliance policy language is very similar to opEvents language.
Here is a quick overview of the structural rules:
- A policy consists of one hash (or "associative array"). All hash keys (=rule numbers) must be numeric, and the keys control the order of rule evaluation.
Rule numbers do not have to be globally unique, just within the enclosing subpolicy. - Each hash element must describe either one IF/THEN clause or one EACH/BLOCK iteration.
- THEN statements can be either a single string (describing the actions to take) or a nested sub-policy (in the form of a nested hash).
- EACH/BLOCK iterations always require a nested sub-policy.
- IF statements are single strings, made up from structure or variable selector expressions and Perl operators and expressions.
- The available actions for THEN statements are
ok()
,exception()
,CONTINUE()
andLAST()
. - EACH statements consist of a variable name (for the iterator variable to be) and a structure selector expression (for the objects to iterate over).
- The policy engine invokes policy rules with a number of pre-defined structure variables, to provide access to the configuration status document, the current node name and a few others
Compliance policy files are installed in the directory /usr/local/omk/conf/compliance_policies and they must have the .json extension.
...
Code Block |
---|
# /usr/local/omk/bin/opconfig-cli.pl act=check_compliance name='netflow' node=FortinetTest debug=9 |
Step 3. View Compliance Status
Now you can check the Complaince Status in the opConfig GUI. Access the opConfig GUI at http://YOUR_SERVERNAME/omk/opConfig, login and then from the Menu Bar "Views -> Compliance Status".
...