Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need help with Expect script for Cisco IPS Sensors, Expect sleep and quoting
Top Forums Shell Programming and Scripting Need help with Expect script for Cisco IPS Sensors, Expect sleep and quoting Post 302344838 by genewolfe on Monday 17th of August 2009 07:08:07 PM
Old 08-17-2009
Need help with Expect script for Cisco IPS Sensors, Expect sleep and quoting
This Expect script provides expect with a list of IP addresses to Cisco IPS sensors and commands to configure Cisco IPS sensors. The user, password, IP addresses, prompt regex, etc. have been anonymized. In general this script will log into the sensors and send commands successfully but there are some problems I haven't been able to solve.

Delays in prompts, Sleep timers:
1. Sometimes the script appears to send the next command before the next prompt appears in which case the correct command is skipped and the one afterwards sent and accepted. The commands usually need to be entered in order so this usually produces an error. For example Expect sends "service signature-definition sig0" and the sensor receives it but the sensor takes 5-10 seconds to provide the next prompt. The possibility of this long delay which will cause an error has forced me to insert a sleep timer after each command is sent in my loop. One problem with that is if the delay is even longer than my sleep timer I still get an error. Another problem is the script takes forever because there's a 10 second pause after every command. Is using a sleep timer the only or best solution to this problem?

Quoting, Escaping \. in Regex
2. From what I can tell in Expect if I don't quote the command "configure terminal" it's received at the IPS sensor as 2 separate commands so I have to quote it. I don't know if this is causing this problem but for some reason when I use this script the regex string 10\.1\.1\.100 ends up being sent to the IPS sensor without the backslashes 10.1.1.100 but I don't want the regular expression dot . evaluated I just want an IP address with periods i.e. with the periods escaped with the backslash. Something about my Expect script is causing this problem because when I log into an IPS sensor using ssh and copy and paste the commands into the IPS sensors manually the regex string is saved with the backslashes. I've tried removing the quotes and I've also tried double quoting and neither work. Does anyone know what I'm doing wrong here or what I could try to use Expect to send a regex string with backslashes intact?

Code:
#!/usr/bin/expect

log_user 1

set timeout 10

set user "user"

set password "password"

set ip_list {
	10.1.1.10
	10.1.2.10
	10.1.3.10
	10.1.4.10
	}

set cmd_list {
	"configure terminal"
    "service signature-definition sig0"
	"signatures 60000 0"
	"alert-severity high"
	"sig-fidelity-rating 100"
	"sig-description"
	"sig-name Foo"
	"sig-string-info Foo"
	"no sig-comment"
	"exit"
	"engine string-tcp"
	"regex-string 10\.1\.1\.100"
	"service-ports 0-65535"
	"direction from-service"
	"exit"
	"exit"
	"exit"
    }

foreach ip $ip_list {
    if {$ip != ""} {

        # Connect
        spawn ssh $user@$ip

		expect "?assword*"
		send "$password\r"

        set prompt "(IPS....#)"

        foreach command $cmd_list {
            if {$command != ""} {
                expect -re $prompt {
			send "$command\r"
			sleep 5
                }
            }
        }

		expect -re "Apply Changes" {
      		send -- "yes\r"
		}

        expect -re $prompt {
            send -- "exit\r"
        }

        close
    }
}

send_user "\nDone.\n"

 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

strange expect script behavior, or am i misunderstanding expect scripting?

Hello to all...this is my first post (so please go easy). :) I feel pretty solid at expect scripting, but I'm running into an issue that I'm not able to wrap my head around. I wrote a script that is a little advanced for logging into a remote Linux machine and changing text in a file using sed.... (2 Replies)
Discussion started by: v1k0d3n
2 Replies

2. Shell Programming and Scripting

question about "sleep" command in expect script

I wrote some expect script to telnet to some device to execute some commands.Firstly,I can't get full result some time,then I try to add some "sleep" command in it.Fortunately it works. My idea about it is that it uses sleep command to wait the result to be displayed.Am I right or correct the... (4 Replies)
Discussion started by: robbiezr
4 Replies

3. Shell Programming and Scripting

Expect/telnet/testing tacacs on a cisco

At times I find the need to test that the tacacs port 49 is open. The code below works but is painfully slow because I have to wait on the timeouts. Examples of possible responds router1#telnet 10.11.20.14 49 Trying 206.112.204.140, 49 ... Open route1#telnet 10.11.19.14 49 Trying... (1 Reply)
Discussion started by: popeye
1 Replies

4. Shell Programming and Scripting

Alternate to SLEEP for EXPECT within BASH script?

Fairly new to the System Admin world, and this is my first post here, hoping to get some clarification. I am using a BASH script to automate some Logfile Archiving (into .tars). The actual logfiles are accessed through an SSH, so I have used the following EXPECT sub-script within my main BASH... (8 Replies)
Discussion started by: Goatfarmer03
8 Replies

5. Shell Programming and Scripting

Bash script failed with expect on cisco routers

Hi all, I use a bash script which use expect to connect throught ssh and run command on a cisco router. The ssh connection with expect work fine, but the first command on the cisco router failed, I try to run the command in error by hand and it work fine... :( the first part of the script... (2 Replies)
Discussion started by: bedomon
2 Replies

6. Programming

Calling expect script inside another expect

Hi, Am very new to expect scripting.. Can You please suggest me how to call an expect script inside another expect script.. I tried with spawn /usr/bin/ksh send "expect main.exp\r" expect $root_prompt and spawn /usr/bin/ksh send "main.exp\r" expect $root_prompt Both... (1 Reply)
Discussion started by: Priya Amaresh
1 Replies

7. Shell Programming and Scripting

Expect script to show cisco configs

I know there are better ways to do this. I prefer snmp. I do not have the proper perl modules loaded on the platorm. Snmp isnt loaded on the platform. Telnet is not an option. I need to write an expect script to pull cisco equipment configs. The following code is executed once I gain... (0 Replies)
Discussion started by: popeye
0 Replies

8. Programming

Calling another expect script inside an expect script

I have an expect script called remote that I want to call from inside my expect script called sudoers.push, here is the code that is causing me issues: set REMOTE "/root/scripts/remote" ... log_user 1 send_user "Executing remote script as $user...\n" send_user "Command to execute is: $REMOTE... (1 Reply)
Discussion started by: brettski
1 Replies

9. Programming

Expect script returning string following a found expect.

I'm fairly new to scripting so this might not be possible. I am using Expect with Cisco switches and need to capture the string after finding the expect request. For example, when I issue "show version" on a Nexus switch, I'm looking to capture the current firmware version: #show version ... (0 Replies)
Discussion started by: IBGaryA
0 Replies

10. Shell Programming and Scripting

Cisco, 2 ssh logins for expect /bash

HI all i need to connect to about 900 cisco routers and switch to do some configs changes. the issue i am having is that half the devices have one set of username and password and the other half have another username and password. From expect or bash script i can ssh into a device and make... (0 Replies)
Discussion started by: quintin
0 Replies

LEARN ABOUT REDHAT

runscript

RUNSCRIPT(1)						      General Commands Manual						      RUNSCRIPT(1)

NAME

       runscript - script interpreter for minicom

SYNOPSIS

       runscript scriptname [logfile [homedir]]

DESCRIPTION

       runscript  is  a simple script interpreter that can be called from within the minicom communications program to automate tasks like logging
       in to a unix system or your favorite bbs.

INVOCATION

       The program expects a script name and optionally a filename and the user's home directory as arguments, and it expects that it's input  and
       output  are  connected  to  the	"remote  end", the system you are connecting to. All messages from runscript ment for the local screen are
       directed to the stderr output. All this is automatically taken care of if you run it from minicom.  The logfile and home directory  parame-
       ters  are  only	used  to tell the log command the name of the logfile and where to write it. If the homedir is omitted, runscript uses the
       directory found in the $HOME environment variable. If also the logfile name is omitted, the log commands are ignored.

KEYWORDS

       Runscript recognizes the following commands:

	    expect   send     goto     gosub	return	 !
	    exit     print    set      inc	dec	 if
	    timeout  verbose  sleep    break	call	 log

OVERVIEW OF KEYWORDS

       send <string>
	    <string> is sent to the modem. It is followed by a '
'.  <string> can be:
	      - regular text, eg 'send hello'
	      - text enclosed in quotes, eg 'send "hello world"'

	    Within <string> the following sequences are recognized:
		
 - newline
		
 - carriage return
		a - bell
		 - backspace
		c - don't send the default '
'.
		f - formfeed
		o - send character o (o is an octal number)

	    Also $(environment_variable) can be used, for example $(TERM).  Minicom passes three special environment variables: $(LOGIN), which is
	    the  username,  $(PASS),  which  is the password, as defined in the proper entry of the dialing directory, and $(TERMLIN) which is the
	    number of actual terminal lines on your screen (that is, the statusline excluded).

       print <string>
	    Prints <string> to the local screen. Default followed by '
'.  See the description of 'send' above.

       label:
	    Declares a label (with the name 'label') to use with goto or gosub.

       goto <label>
	    Jump to another place in the program.

       gosub <label>
	    Jumps to another place in the program. When the statement 'return' is encountered, control returns to the statement after  the  gosub.
	    Gosub's can be nested.

       return
	    Return from a gosub.

       ! <command>
	    Runs  a  shell  for you in which 'command' is executed. On return, the variable '$?' is set to the exit status of this command, so you
	    can subsequently test it using 'if'.

       exit [value]
	    Exit from "runscript" with an optional exit status. (default 1)

       set <variable> <value>
	    Sets the value of <variable> (which is a single letter a-z) to the value <value>. If <variable> does not exist, it	will  be  created.
	    <value> can be a integer value or another variable.

       inc <variable>
	    Increments the value of <variable> by one.

       dec <variable>
	    Decrements the value of <variable> by one.

       if <value> <operator> <value> <statement>
	    Conditional execution of <statement>. <operator> can be <, >, != or =.  Eg, 'if a > 3 goto exitlabel'.

       timeout <value>
	    Sets  the  global  timeout.  By default, 'runscript' will exit after 120 seconds. This can be changed with this command. Warning: this
	    command acts differently within an 'expect' statement, but more about that later.

       verbose <on|off>
	    By default, this is 'on'. That means that anything that is being read from the modem by 'runscript', gets echoed to the screen.   This
	    is so that you can see what 'runscript' is doing.

       sleep <value>
	    Suspend execution for <value> seconds.

       expect
	      expect {
		pattern  [statement]
		pattern  [statement]
		[timeout <value> [statement] ]
		....
	      }
	    The  most  important  command  of  all. Expect keeps reading from the input until it reads a pattern that matches one of the specified
	    ones.  If expect encounters an optional statement after that pattern, it will execute it. Otherwise the default is to just	break  out
	    of	the  expect. 'pattern' is a string, just as in 'send' (see above).  Normally, expect will timeout in 60 seconds and just exit, but
	    this can be changed with the timeout command.

       break
	    Break out of an 'expect' statement. This is normally only useful as argument to 'timeout' within an expect, because the default action
	    of timeout is to exit immediately.

       call <scriptname>
	    Transfers control to another scriptfile. When that scriptfile finishes without errors, the original script will continue.

       log <text>
	    Write text to the logfile.

NOTES

       If you want to make your script to exit minicom (for example when you use minicom to dial up your ISP, and then start a ppp or slip session
       from a script), try the command "! killall -9 minicom" as the last script command. The -9 option should prevent minicom from hanging up the
       line and resetting the modem before exiting.
       Well,  I  don't	think this is enough information to make you an experienced 'programmer' in 'runscript', but together with the examples it
       shouldn't be too hard to write some useful script files. Things will be easier if you have experience with BASIC.  The minicom source  code
       comes together with two example scripts, scriptdemo and unixlogin. Especially the last one is a good base to build on for your own scripts.

BUGS

       Runscript should be built in to minicom.

AUTHOR

       Miquel van Smoorenburg, <miquels@drinkel.ow.org> Jukka Lahtinen, <walker@clinet.fi>

User's Manual						   $Date: 2000/02/10 10:28:00 $ 					      RUNSCRIPT(1)
All times are GMT -4. The time now is 04:15 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy