Skip to main content

we are using 4 different query to get some information in FWD , is their any way to merge these queries into one and get the output in single file.

Query 1 for NTP Fortinet :- 

 

pattern_fmg = ```

config system ntp

    config ntpserver

        edit 1

            set server {ntp1:string}

```;

pattern_servers =

  ```

config system ntp

    config ntpserver

        edit 2

            set server {ntp2:string}

       

```;

pattern_servers2 =

  ```

config system ntp

    config ntpserver

        edit 3

            set server {ntp3:string}

```;

// Loop through list of devices finding those that are Fortinet

// and store outputs of commands in the 'outputs' variable



// Loop through list of devices finding those that are Fortinet

foreach device in network.devices

/* where device.platform.vendor == Vendor.FORTINET */

let outputs = device.outputs



// Loop through the commands in the outputs var, looking for custom

// commands that are from 'show system ntp' and store in a variable called central_mgmt

foreach command in outputs.commands

where command.commandType == CommandType.CUSTOM

where command.commandText == "show system ntp"



let ntp = parseConfigBlocks(OS.FORTINET, command.response)



// Search for the "pattern_fmg" pattern looking for a match

foreach match in blockMatches(ntp, pattern_fmg)

// Loop through all server-address IP's and store them in variable "servers"

let servers = (foreach server in blockMatches(ntp, pattern_servers)

                  select server.data.ntp2)

let servers2 = (foreach server in blockMatches(ntp, pattern_servers2)

                  select server.data.ntp3)

where !matches(device.name, "*_*")




// Produce the results

select {

     vendor: device.platform.vendor,



  "Device Name": device.name,

   "IP Address":device.snapshotInfo.collectionIp,

   Tags : device.tagNames,

   Location : device.locationName,

  "NTP Server 1": match.data.ntp1,

   "NTP Server 2" : servers,

   "NTP Server 3" : servers2,

   




}




NTP Query 2 DNS 
 

/* Fortinet Firewall DNS Server details */

pattern_dns =

  ```

config system dns

    set primary {pdns:string}

    set secondary {sdns:string}



```;

foreach device in network.devices

where device.platform.vendor == Vendor.FORTINET



  let outputs = device.outputs

foreach command in outputs.commands

  where command.commandType == CommandType.CUSTOM

  where command.commandText == "show system dns"

  let configurations = parseConfigBlocks(OS.FORTINET, command.response)

where !matches(device.name, "*_*")



foreach match in blockMatches(configurations, pattern_dns)



select {

  deviceName: device.name,

  SiteName: device.locationName,

  "Primary DNS": match.data.pdns,

  "Secondary DNS": match.data.sdns

}




Query Type 3 
 

pattern_faz =

  ```

config log fortianalyzer setting

    set server {faz:string}

   



```;

foreach device in network.devices

/* where device.platform.vendor == Vendor.FORTINET */

  let outputs = device.outputs

foreach command in outputs.commands

   where command.commandType == CommandType.CUSTOM

   where command.commandText == "show  log fortianalyzer setting"

  let configurations = parseConfigBlocks(OS.FORTINET, command.response)



foreach match in blockMatches(configurations, pattern_faz)

where !matches(device.name, "*_*")



select {

  deviceName: device.name,

 "IP Address":device.snapshotInfo.collectionIp,

  "Tags" : device.tagNames,

   Location : device.locationName,

  "FAZ": match.data.faz,

}




Query 4 
 

/**

 * @intent Find fortimanagers and update servers configured in Fortigates

 * @description

 */



// Patterns to match

pattern_fmg = ```

config system central-management

  set fmg {fmgIp:string}

```;



pattern_servers =

  ```

config system central-management

    config server-list

        edit {string}

            set server-address {serverAddr:string}

```;




// Loop through list of devices finding those that are Fortinet

// and store outputs of commands in the 'outputs' variable

foreach device in network.devices

/* where device.platform.vendor == Vendor.FORTINET */

let outputs = device.outputs



// Loop through the commands in the outputs var, looking for custom

// commands that are from 'show system central-management' and store

// in a variable called central_mgmt

foreach command in outputs.commands

where command.commandType == CommandType.CUSTOM

where command.commandText == "show system central-management"

let central_mgmt = parseConfigBlocks(OS.FORTINET, command.response)



// Search for the ""pattern_fmg" pattern looking for a match

foreach match in blockMatches(central_mgmt, pattern_fmg)

//loop through the all server-address IP's and store them in variable "servers"

let servers = (foreach server in blockMatches(central_mgmt, pattern_servers)

                  where server.data.serverAddr == server.data.serverAddr

                  select server.data.serverAddr)

where !matches(device.name, "*_*")



// Produce the results

select {

  "Device Name":      device.name,

  "Server 1":  match.data.fmgIp,

  "Server 2":        servers

}







 

Hi Rohit,

This should give you the collective results you’re looking for. 

pattern_ntp =
```
config system ntp
config ntpserver
edit {string}
set server {ntp:string}
```;

pattern_dns =
```
config system dns
set primary {pdns:string}
set secondary {sdns:string}
```;

pattern_faz =
```
config log fortianalyzer setting
set server {faz:string}
```;

pattern_fmg = ```
config system central-management
set fmg {fmgIp:string}
```;

pattern_servers =
```
config system central-management
config server-list
edit {string}
set server-address {serverAddr:string}
```;

ntp(device) =
foreach command in device.outputs.commands
where command.commandText == "show system ntp"
let response = parseConfigBlocks(device.platform.os, command.response)
foreach match in blockMatches(response, pattern_ntp)
select match.data.ntp;

dns(device) =
foreach command in device.outputs.commands
where command.commandText == "show system dns"
let response = parseConfigBlocks(device.platform.os, command.response)
foreach match in blockMatches(response, pattern_dns)
select match.data;

faz(device) =
foreach command in device.outputs.commands
where command.commandText == "show log fortianalyzer setting"
let response = parseConfigBlocks(device.platform.os, command.response)
foreach match in blockMatches(response, pattern_faz)
select match.data.faz;

cmgmt(device) =
foreach command in device.outputs.commands
where command.commandText == "show system central-management"
let response = parseConfigBlocks(device.platform.os, command.response)
let fmg = max(foreach match in blockMatches(response, pattern_fmg)
select match.data.fmgIp)
let server = max(foreach match in blockMatches(response, pattern_servers)
select match.data.serverAddr)
select { fmg, server };

foreach device in network.devices
where device.platform.vendor == Vendor.FORTINET
select {
vendor: device.platform.vendor,
"Device Name": device.name,
"IP Address": device.snapshotInfo.collectionIp,
Tags: device.tagNames,
Location: device.locationName,
"NTP Servers": ntp(device),
"Primary DNS": foreach item in dns(device)
select item.pdns,
"Secondary DNS": foreach item in dns(device)
select item.sdns,
FAZ: faz(device),
FMG: foreach item in cmgmt(device) select item.fmg,
"Central Mgmt Server": foreach item in cmgmt(device) select item.server
}

 


This is working for me, thanks ​@AricaFN  for the support.


Reply