How to write Commands Portion? (Pro Feature)

SecuRA supports two ways of writing commands in Template.

  1. Plain command format i.e. Writing Device Command as it is
    • In plain command format, user writes the device commands as it is defined by the vendor. This format will be used only inside Command Execution & Network Diagnosis template type.
    • Though it is a simple way to write the template, it is not a recommended format, since additional information to command such as command timeout, response prompt, error check condition on response cannot be used.
    • The Timeout for each command using plain command format is always 30 seconds and each command takes the full 30 seconds even if the execution is completed before.
  2. XML Command Format
    • In XML command format, each command is enclosed in XML node and additional input to the command like command timeout, prompt, expected pattern, previous match, action will be added in XML node properties.
    • XML command format is the recommended format across all features of SecuRA including Upload and Diagnosis purpose.

    Sample command portion for changing Device hostname in plain text format and XML format:
    Plain Format XML Format
    conf t <command prompt=”#” timeout=”10”> conf t  </command>
    hostname newname <command prompt=”#” timeout=”10”>hostname newname  </command>
    Remote Access <command prompt=”#” timeout=”10” action=”exit”>exit  </command>

    In the above example, the plain format takes device command as it is the same way the command is executed using Putty or xtrem application, however in XML Format each device command will be placed inside XML node “Data” section and other information in XML node property section.

    XML Command Syntax:

    XML Command Sample:
    <command prompt="#" timeout="10"> hostname newname  </command>

    The device command for every device will be inside the Data portion of XML Node and the additional properties or information will be inside XML’s property portion. Property value must always be inside Double quotes character.

    SecuRA supports the following properties:

    1. timeout value (in seconds)- Every command execution is considered as complete either till the prompt pattern value is matched or till the timeout second count is reached.

    2. prompt - is generally the last character of command response that informs the command execution completion of a Device. When the response from Device is not matching the prompt, command execution is considered as COMMAND ERROR.
    3.  prompt="#"
      a. The prompt can be a single character or a word or a line.
      prompt="#"
      prompt="Router27#"
      prompt="[Do you Confirm Reboot action]?"
      b. The prompt value is always a regex pattern and it can be escaped using \ to make exact match. Below example. (Dot) regex character is escaped with \ to consider it literally as ‘.’ (Dot) and not as regex pattern.
       prompt="\"
      Follow the URL https://regex101.com/ to verify or check the regex pattern before saving the template.
      c. The prompt also supports multiple patterns (multiple single characters or multiple words) to match the command execution completion.
      prompt="\"
      prompt="[Username, login, User]"
      d. When the given prompt is not matched within the specified timeout seconds, SecuRA will declare it as Command error and stop or continue the execution based on Task IP/Command continuation input from Upload Job task input.

    4. action property is used to
    5. a. Inform SecuRA that exit command is executed and to not wait for prompt.
      action="exit"
      b. Inform SecuRA to store the result of command for storing the configuration output of device and also to copy the command output for Trigger parsing.
      action="output-to-store"
    6. shell property is used to Inform SecuRA to open a remote session (TELNET or SSH) from a Device for further command executions.
    7. shell="remote"
      <command shell="remote" prompt="Password">
        ssh -o StrictHostKeyChecking=no -o
        UserKnownHostsFile=/dev/null
        {{Profile.ssh_loginname}}@{{Device.IPaddress}} -p {{Profile.ssh_port}}
      </command>

    8. error_pattern property is used to check the command response; if the pattern values match the command response, command execution is considered as COMMAND ERROR. Similar to prompt property, error_pattern can take multiple values.
      Note - Prompt property is used to check for command completion however error_pattern property is for checking whether the Response is as per the expectation.
    9. error_pattern="[%Error opening tftp]"
      The below properties also follow the same principle as error_pattern .
    10. expected_pattern property is used to check the command response; if the pattern value does not match the command response, command execution is considered as COMMAND ERROR.
    11.  expected_pattern="[bgp is enabled]"
    12. expected_any_response property is used to check the command response; if the device does not respond to any data, command execution is considered as COMMAND ERROR. The value of property is not required and hence input can be empty double quotes.
    13.  expected_any_response=""
    14. expected_empty_response property is used to check the command response; if the device responds with any data, command execution is considered as COMMAND ERROR. The value of property is not required and hence, input can be empty double quotes.
    15. t; expected_empty_response=""
    16. expected_count_response property is used to check the command response; if the device response line is not equal to count value data, command execution is considered as COMMAND ERROR. The value of property is the response line count. The count can be any number.
    17. ; expected_count_response="5"
      SecuRA expects a 5 line response.
    18. expected_count_response property is used to check the command response; if the device response line is not equal to the count value data, command execution is considered as COMMAND ERROR. The value of property is response line count. The count can be any number.
    19.  expected_count_response="!5"
      SecuRA expects the response to be anything other than 5 lines.
    20. expected_count_response property is used to check the command response; if the device response line is less than 6, command execution is considered as COMMAND ERROR. The value of property is count of line. The count can be any number.
    21. expected_count_response=">5"
      SecuRA expects the response to be greater than 5 lines.
    22. expected_count_response property is used to check the command response; if the device response line is greater than 4, command execution is considered as COMMAND ERROR. The value of property is count of line. The count can be any number.
    23.  expected_count_response="<5"
      SecuRA expects the response to be lesser than 5 lines.
    24. expected_count_response property is used to check the command response; if the device response line is less than 5, command execution is considered as COMMAND ERROR. The value of property is count of line. The count can be any number.
    25.  expected_count_response=">=5"
      SecuRA expects the response to be more than 4 lines.
    26. expected_count_response property is used to check the command response; if the device response line is greater than 5, command execution is considered as COMMAND ERROR. The value of property is count of line. The count can be any number.
    27.  expected_count_response="<=5"
      SecuRA expects the response to be less than 6 lines.
    28. type property is used to store the command response under property value. SecuRA stores the command output in Operation Data store. For Example: If the output of the command, show IP interface brief is required to store in SecuRA as Interface Brief, XML command should be written as :

    prompt=”#” timeout=”5” type=”Interface Brief”> show IP interface brief </command>
    Sample command to shut down an interface in plain text and XML format:
    Plain Format XML Format
    conf t <command prompt=”#” timeout=”10”>conf t</command>
    int Gi 0/0 <command prompt=”#” timeout=”10”> int Gi 0/0 </command>
    shutdown <command prompt=”#” timeout=”10”>shutdown</command>
    exit <command prompt=”#” timeout=”10” action=”exit”>exit</command>
    Sample command to enable syslog in plain text format and XML format:
    Plain Format XML Format
    conf t <command prompt=”#” timeout=”10”>conf t</command>
    logging source-interface Loopback100 <command prompt=”#” timeout=”10”> logging source-interface Loopback100 </command>
    end <ccommand prompt=”#” timeout=”10”>end </command>
    write memory <command prompt=”#” timeout=”10” action=”exit”>write memory</command>
    Below are some sample commands to replace the Device configuration file from SecuRA server.
          <command prompt="\]\?">copy tftp: running-config </command>
          <command prompt="\]\?">{{Global.managementIP}} </command>
          <command prompt="\]\?">{{Job.uploadfilename}} </command>
          <command prompt="[\],#]" timeout="300">running-config </command>
          <command previous_match="\]" prompt="#" timeout="300">yes </command>
          <command action="exit" prompt="">exit </command>
           
    Plain text command cannot be written since the timeout of some commands are more than 30 seconds.

    SecuRA also supports writing of Comments inside the command portion

    .