Is often necessary to audit the same setting across multiple vendors.

For example, you can use the following NQE query to list the NTP servers on both Cisco IOS and Fortinet devices.

patternFortinet =
  ```
config system ntp
  set ntpsync enable
  set type custom
  config ntpserver
    edit {number}
      set server {ntpServer:string}
```;

patternCisco =
```
ntp server {ntpServer:string}
```;

getNtpServers(parsedCommand, ntpPattern) =
  foreach match in blockMatches(parsedCommand, ntpPattern)
  select { serverIP: match.data.ntpServer };

getFortinetNtpServers(device) =
  foreach command in device.outputs.commands
  where command.commandText == "show system ntp"
  let parsedCommand = parseConfigBlocks(OS.FORTINET, command.response)
  foreach server in getNtpServers(parsedCommand, patternFortinet)
  select server.serverIP;

getCiscoNtpServers(device) =
  foreach server in getNtpServers(device.files.config, patternCisco)
  select server.serverIP;

foreach device in network.devices
let ntpServers = 
  when device.platform.os is 
    FORTINET -> getFortinetNtpServers(device);
    IOS -> getCiscoNtpServers(device);
    otherwise -> null:List<String>
select { 
  device: device.name, 
  OS: device.platform.os, 
  servers: ntpServers
}

You can run this query on all your devices, and then add new patterns and getServers functions for each vendor or OS that has missing information.

Note that the config for NTP in Cisco devices is in the device.files.config file (the running configuration), but for Fortinet we needed the result of a Custom Command to see the NTP configuration.

A similar approach for getting DNS servers can be seen here: