Skip to main content

For the networks I work on there are a lot of different servers, mainly due to environmental conditions such as NAT that are used for the basic management of the devices. This include authentication, snmp-traps, ntp, syslog and so on.

The following code allows us to see at a glance all the unique servers ip addresses, along with a reference to each device being used.

It’s very easy to list this as individual records, but sometimes it’s nice to consolidate this to show the number of servers, and how many devices are using them. 

One such use case, may be when moving device from old/demising servers to new servers.

This script is a skeleton for Tacacs, it does not deal with the various different command syntax across the various vendors and is just shown as an example. In this case for Cisco.

Firstly a function to get the information from each device, namely the authentication server and the device name.

getTacacsDeviceEntry(device) =
foreach match
in patternMatches(device.files.config, `tacacs-server host {server:ipv4Address}`)
select { authenticationServer: match.data.server, deviceName: device.name };

The second function gets this same information for all devices. This is where you would do logic to extract the same information from different device types, should you wish to make this universal.

getAllTacacsEntries =
foreach device in network.devices
where device.platform.vendor == Vendor.CISCO
select getTacacsDeviceEntry(device);

Lastly, we need to have a script that uses this information to build our results.

This works by first collecting all the information across the network and flattening it to a single list named matches. Each entry in that list is the authentication server and the device where it is used. this is repeated for every configuration in our model.

To get the unique list of authentication servers we select on the authentication server and apply the distinct function. this removed all duplicates.

To obtain the number of times a device uses the authentication, we match the original data in matches against the authentication server that we are outputting the results for.

The final script is shown below.

foreach x in  0]
// get all the tacacs entries from the estate
let matches = (foreach match in getAllTacacsEntries()
foreach entry in match
select entry)
// get the unique set of authentication servers
let authenticationServers = distinct(foreach match in matches
select match.authenticationServer)
// output is based on unique authentication servers
foreach authenticationServer in authenticationServers
// obtain the devices associated with this authenticationServer
let deviceNames = (foreach match in matches
where match.authenticationServer == authenticationServer
select match.deviceName)
// display the results
select {
authenticationServer: authenticationServer,
count: length(deviceNames),
deviceNames: deviceNames
}

Hope people find it useful.

@AndyL 

VERY useful script!

Just found >600 instances of servers configured, that were supposed to have been ‘cleaned up’  years ago. 

Thank you for great idea, I’ll be using this format to check other things like, NTP, name-servers, and logging servers!

 


Thanks for the feedback - good to see this is useful to others.


Reply