Skip to main content

NQE

Find answers to your NQE questions and share NQEs you've developed.

  • 119 Topics
  • 263 Replies
119 Topics
V
Spotter
VarunS
asked in NQE
Syslog Enabled devices list

Hi Team,I need to obtain a list of devices that have syslog enabled as well as those that do not. I have checked the Forward Library and the community but could not find any relevant queries for this purpose. Could you please assist me in generating the list of devices with syslog enabled and those without it? Thank you!

555
Mullers
Employee
1 day ago
G
Employee
GaryBEmployee
posted in NQE
How to check for unique values in NQE and how to share a query with the community

One of my customers came to me with a problem.Given a list of servers, how to determine if the keys applied are unique.Took some overnight thinking on this but using a simple approach with our group qualifier we can restructure the output in a way we can make the evaluation.The first thing we need to do is provide the input data.You should always have data that will represent a pass and a failure scenario. This way when posting here on the community, others can replicate the query and have a firm understanding of the outcome testpass = """set system ntp server 1.1.1.1 key 1set system ntp server 2.2.2.2 key 2set system ntp server 3.3.3.3 key 3""";testfail = """set system ntp server 1.1.1.1 key 2set system ntp server 2.2.2.2 key 2set system ntp server 3.3.3.3 key 3""";So we need to ensure that for the list of servers that each key is unique i.e. there are no servers that are using the same key. We also want to be able to identify the offenders so they can be remediatedThe expression be

170
G
Employee
5 days ago
Tyson Henrie
Employee
Tyson HenrieEmployee
asked in NQE
List with double quoted items in the list

I had to change a lot, but this keeps the intent.  This is from a PANOS firewall.  The problem is that I am trying to find the objects in this list.  However, some objects have double quotes to show there are spaces in the name of the object and some do not.  I’m not sure how to clean this since NQE natively does not use double quotes to designate a single object that happens to contain spaces. sampleInput = """policy { shared; panorama { address-group { THE-GRAPE-Subnets { static [ "Green Grapes Are Good" RedGrapes BlackGrapes "Wine Grapes" PurpleGrapes]; tag GRAPES; description "This is a list of Grapes"; }""";pattern01 = ```policy panorama address-group THE-GRAPE-Subnets static "[ {object: (string*)} ```;foreach x in [1]let config = parseConfigBlocks(OS.PAN_OS, sampleInput)foreach match in blockMatches(config, pattern01)select { objects: match.data, block: match.blocks}Then this is the result from the “objects” column.{object:["Green

1367
Mullers
Employee
5 days ago
J
javeedfRamping Up
asked in NQE
length of  vrrpFhrpGroupsCount is retured as 0 for VRRP configured device

vlan456 is configured with VRRP group 456, for the below query, length of vrrpFhrpGroupsCount is returned as 0configuration snippet:interface vlan456 no shutdown ip address 10.7.0.1/26 ip pim sparse-mode ip igmp version 3 ! vrrp-group 456  priority 110  virtual-address 10.7.0.7!for the below query,@queryget_vrrp_details(host_pattern: String) =    foreach device in network.devices        where matches(device.name, toUpperCase(host_pattern))            foreach interface in device.interfaces            where isPresent(interface.routedVlan)            let routedVlan = interface.routedVlan            let ipv4 = routedVlan.ipv4            let fhrp = ipv4.fhrp            let vrrp = fhrp.vrrp            select {            deviceName: device.name,            interfaceName: interface.name,            vlan: routedVlan.vlan,            hsrpFhrpGroupsCount: length(fhrp.hsrp.fhrpGroups),            vrrpFhrpGroupsCount: length(fhrp.vrrp.fhrpGroups)              }; length of  vrrpFhrpGroupsCount is r

373
G
Employee
8 days ago
C
Driver
CarlBDriver
asked in NQE
blockMatches on multiple patterns with the differentiator being a child line of output

I am trying to get data out of a Cisco DMVPN hub on the spokes via NHRP database.  Specifically the ARIN addresses and if the spoke has a firewall or other NAT. I was modelling off of this NQE question and it works...except for the 2nd pattern is not detecting the child line.The above question had a parent line that was always present if the new child was present and NHRP has the new child only if there is a NAT in the path while the parent line is always present. The line in question is the “(Claimed NBMA address: <IP address>)” line at the bottom of the 2nd example - it is indented 1 space from the line above ‘NBMA address’ which is always present. I tried both the NHRP data in the data model as well as a custom command ‘show ip nhrp’ with identical results.   //NHRP Database output//Command: show ip nhrp//10.100.12.5/32 via 10.100.12.5//   Tunnel1 created 1d18h, expire 01:56:31//   Type: dynamic, Flags: unique registered nhop//   NBMA address: 12.12.31.74//10.100.12.6/32 via 1

435
C
Driver
12 days ago
D
Spotter
dakotaglorySpotter
asked in NQE
Do blockMatches require consistent line patterns?

Do patterns need to be standardized or will blockMatches match when lines are missing? pattern=```line one {main:string}    sub-line1 may or may not be consistently present    sub-line2 may or may not be consistently present    sub-line3 {value1:string} is target and sub-line3 will always be there    sub-line4 may or may not be consistently present    sub-line5 may or may not be consistently present    sub-line6 may or may not be consistently present    sub-line7 may or may not be consistently present    sub-line8 {value2:string} is target and sub-line8 will always be there         sub-sub-line9 {value3:string} is target and sub-sub-line9 will always be there        sub-line10 may or may not be consistently present    sub-line11 may or may not be consistently present    sub-line12 {value4:string} is target and may or may not be present         sub-sub-line13 {value5:string} is target and sub-sub-line13 will be there if sub-line12 is present    sub-line14 may or may not be consistently

1269
Tyson Henrie
Employee
13 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
how can i get the Egress and Ingress IP Details by NQE

how can i get the Egress and Ingress IP Details by NQE 

524
G
Employee
15 days ago
V
Spotter
VarunS
asked in NQE
Public IPs from where outside traffic is coming Internal Network

Need one NQE Queries for Public IPs only from where outside traffic is coming to my internal network. Also want to get the output of below command on Fortinet Firewall through NQE Queries. “ local route prefix list ”I used one NQE Query that already on Forward Library - “Interfaces Using Public IPv4 Addresses” but this is not fulfilling my requirement. Tried Forward AI Assist also but not useful in this scenario.Can you please help me on this ? 

291
Mullers
Employee
15 days ago
G
Employee
GaryBEmployee
posted in NQE
Three techniques for pattern matching text with patternMatch, patternMatches and blockMatches

This article explores NQE's robust pattern matching for extracting and parsing data, simplifying complex tasks with high-level, well-defined types for reporting and evaluation.Table of ContentsApproach 1: Leveraging the “or” pattern as described here Approach 1 Test  Approach 2 : Unifying multiple patterns Approach 2 Test Approach 3: Evaluation via token count Approach 3 Test Approach 1: Leveraging the “or” pattern as described here Using the following pattern`ntp server {"vrf" vrf:string server:string | server:string}`; We can accommodate various patterns for this command syntax by which the literal “vrf” and the VRF name maybe elided from the command. Instead of needing to create two separate patterns we can combine them into one expression.Looking closer at how we then extract the properties out of the data for vrf and server. The expression will append all properties to the left of the ‘|’ pipe operator to the data.left property and will append all properties to the right of the 

4822
G
Employee
20 days ago
P
pjptsujitRamping Up
asked in NQE
Getting VRRP peers

Is there a way to get the pair of switches for the VRRP protocol using NQE?

341
Tyson Henrie
Employee
20 days ago
C
Driver
CarlBDriver
asked in NQE
How to isolate a single commandType output for parsing?

I am trying to get the output from commandType NHRP_STATE so I can then pull out the tunnel peer IPs with a patternmatch. When the NHRP table was a custom command the command.commandText was able to get this information, now how to do so that NHRP is part of the data model?

393
Tyson Henrie
Employee
20 days ago
P
pjptsujitRamping Up
asked in NQE
Split the output string value

foreach device in network.devicesselect {  deviceName: device.name}For the above NQE, if I get the device names in the format “aaa_bbb_ccc”, is there a way to split the output based on the string “_” and have three different fields?

562
Andreas
Employee
21 days ago
deronjohnson
Employee
deronjohnsonEmployee
published in NQE
Simplifying Compliance for Palo Alto Firewalls: Custom Checks

OverviewIn my recent work with Palo Alto firewalls, I noticed that keeping configurations compliant can get complex, especially when administrators need to modify default settings for certain applications. Small changes to session handling or TCP timeouts, while necessary for specific use cases, can introduce inconsistencies and potential compliance issues. I developed straightforward NQEs to create compliance checks that help us monitor and manage these configurations effectively. Key Benefits:Improved Visibility: The compliance checks I set up give us a clear view into any configuration deviations across firewalls, making it easy to spot unauthorized changes. Targeted Control: By creating separate compliance checks for different parameters, like session setup and timeouts, we can focus on what matters most in our environment. Unified Compliance Management: Even though Panorama handles many configurations, Forward Networks fills in the gaps by providing custom compliance checks, givin

80
deronjohnson
Employee
21 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
NQE Query for F5 NTP Server details from config, Please help us to collect this data.

NQE Query for F5 NTP Server details from config, Please help us to collect this data.

382
C
Employee
22 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
Merge NQE Query

how can i merger 2 or 3 NQE Query into 1 , so that i can get output in single file.

442
Tyson Henrie
Employee
23 days ago
V
Spotter
VarunS
asked in NQE
Request for all firewalls, verifying NTP, DNS, and FortiGuard configurations.

Hi Team, Can you help to get all the details verifying NTP/DNS and Fortiguard configuratioins ?

1029
V
Employee
23 days ago
V
venkat rajRamping Up
asked in NQE
Interface Errors and/or High utilization verification

I am trying to get an NQE scheduled to run every 5 mins. and fetch if an interface has any errors and/or if the interface utilization is high ( >90%).With the below NQE i get an error as below - Any fields with bytes is not recognized..ERROR: Record does not have field: "bytesOut". interfaceUtilization(iface) = 100 * (sum(iface.bytesOut) - sum(iface.bytesIn)) / (sum(iface.bytesOut) + sum(iface.bytesIn));foreach device in network.devicesforeach interface in device.interfaceswhere interface.adminStatus == AdminStatus.UPselect { deviceName: device.name, interfaceName: interface.name, utilization: interfaceUtilization(interface)} Not sure why “bytes” is not recognized by the NQE How to have this scheduled to run every 5 mins ?

211
Tyson Henrie
Employee
23 days ago
G
Spotter
gbaronSpotter
asked in NQE
How too data from comment fields in a config file via NQE

The below are two lines that we are trying to pull data out of, but it appears utilizing device.file.config  from the data model wont return the information because they are comments?  Thoughts?   !! Last configuration change at 13:58:30 ZULU Fri Oct 25 2024 by personx! NVRAM config last updated at 14:01:13 ZULU Thu Aug 22 2024 by persony!

778
Andreas
Employee
26 days ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
Not able to see outut by NQE

Team, i am using below query to get the virtual server name and dst ip from below query , but somehow i am getting 0 result , can anyone please help . -=-------------------- pattern01 = ```Ltm::Virtual Server: {VirtualServer: string}    |   Availability   : {Availability: string}              |   State          : {State: string}                |   IP Address     : {Destination: ipv4Address}    |   Reason         : {Reason: string}```; foreach device in network.deviceswhere device.platform.vendor == Vendor.F5where device.snapshotInfo.result == DeviceSnapshotResult.completedforeach command in device.outputs.commandswhere command.commandType == CommandType.F5_VIRTUAL_SERVER_STATElet text = command.responselet text = replaceMatches(text, "\n", "\n    ")let text = replaceMatches(text, "    Ltm::Virtual Server: ", "Ltm::VirtualServer: ")let parsedCommand = parseConfigBlocks(OS.F5, text)foreach match in blockMatches(parsedCommand, pattern01)select {  device: device.name, VirtualServer: match.

684
R
Spotter
29 days ago
C
Employee
ChristopherEmployee
posted in NQE
Combining NQE queries into a single check

Suppose you are using NQE queries to validate that your networking devices follow certain configuration benchmarks. You have an individual query for each benchmark, but you would also like a summary query that shows how each device in the network performs against every check. Here is how you can combine them.Below are two separate NQE queries that validate that the password policies on Cisco ASA devices require a minimum number of numbers and a minimum number of special characters, respectively.In each query, we define a function using the export command that takes in a Device as a parameter. export minNumber(device: Device) Then we call that function later in the same query with minNumber(device). This allows the query to be run on its own or part of another query.We save each file as min-numeric and min-special.pattern = ```password-policy minimum-numeric {minNum:number}```;checkPattern(config) = (max(blockMatches(config, pattern)))?.data?.minNum >= 1;export minNumber(device: Devi

390
C
Employee
1 month ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
how can i get the F5 POOL Member name ip and state and availability

how can i get the F5 POOL Member name ip and state and availability ?

9713
Tyson Henrie
Employee
1 month ago
A
auueckerRamping Up
posted in NQE
Sample NQE for Golden Config Compliance and Remediation

I recently have done alot of work on building Golden Config and using NQE queries to find Actual Config on devices and compare to Golden Config and then building the remediation config so actual config will match Golden Config. I did this so Operations engineers can utilize the remediation config to implement on device either manually or through an Ansible playbook that utilizes the NQE Query and then build a workspace on devices being worked on to verify that Golden Config was implemented correctly on device(s). Below is a sample Query for a small section of config to ensure NTP configuration is correct on a Juniper device: goldenConfig_ntp_list =  ["set system ntp server 10.10.10.10",   "set system time-zone UTC"  ];foreach device in network.deviceswhere device.platform.os == OS.JUNOSlet outputs = device.outputsforeach command in outputs.commands  where command.commandText == "show configuration | display set"  let text = parseConfigBlocks(OS.JUNOS, command.response)let configList =

402
A
1 month ago
R
Spotter
Rohit_809 KumarSpotter
asked in NQE
F5 Partition NQE not fullfil requirement

i am using below query to get the F5 Partition details.======================== foreach device in network.deviceswhere device.platform.vendor == Vendor.F5let outputs = device.outputsforeach c in outputs.commandswhere c.commandType == CommandType.PARTITION_CONFIGselect {  Device: device.name,  Location: device.locationName,  "Partition Name": c.response}=====================================  but the output is not looks good , i am also getting the Partition description in Output , i just need only Partition name only , Please help   

211
G
Employee
1 month ago
D
Spotter
dakotaglorySpotter
posted in NQE
Can commas be removed from number?

extractJson obtains a signatureId value that is a 9 digit Number. When viewing the results in the FN Results window the number appears with commas every three digits.  *When exporting the results to Excel the command is not included in the output.

271
Andreas
Employee
1 month ago
T
Employee
TimFEmployee
posted in NQE
Sample NQE query of devices for validation or import to a CMDB

For any users that may be looking to leverage a query to gather information on devices to compare with an existing CMDB inventory, or looking to import data into their existing CMDB to update inventory. Please checkout this NQE: /** * @intent Basic information about Network Devices for CMDB import/compare */formatStatus(deviceSnapshotResult) = when deviceSnapshotResult is collectionFailed(collectionError) -> "Collecting - " + replace(toString(collectionError), "DeviceCollectionError.", ""); completed -> "Completed"; processingFailed(processingError) -> "Processing - " + replace(toString(processingError), "DeviceProcessingError.", "");foreach device in network.deviceslet platform = device.platformlet snapshotInfo = device.snapshotInfoforeach component in platform.componentsselect { Name: device.name, Location: device.locationName, Tags: device.tagNames, Vendor: platform.vendor, Model: platform.model, "Part Serial Number": component.serialNumb

270
T
Employee
1 month ago
Show all badges
Terms of UseCookie settings