135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve Palo Alto SSH Collector support (#397)

Browse Source 
The PAN CLI tries to do friendly auto-completion things and makes the SSH
Collector fail sporadically.  This change uses the "set cli scripting-mode on"
command to calm down the PAN CLI and works around the extra echoed prompts that
get sent.

This change also adds collection of IPv6 neighbor information.
This commit is contained in:
Brian De Wolf
2018-04-28 03:43:01 -07:00
committed by Oliver Gorwits
parent cddbf44916
commit 2f2c9f6b26
1 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
lib/App/Netdisco/SSHCollector/Platform/PaloAlto.pm
View File

@@ -25,7 +25,7 @@ use Moo;
=item B<arpnip($host, $ssh)>
Retrieve ARP entries from device. C<$host> is the hostname or IP address
Retrieve ARP and neighbor entries from device. C<$host> is the hostname or IP address
of the device. C<$ssh> is a Net::OpenSSH connection to the device.
Returns a list of hashrefs in the format C<{ mac => MACADDR, ip => IPADDR }>.
@@ -45,9 +45,16 @@ sub arpnip{
my $prompt = qr/> \r?$/;
($pos, $error, $match, $before, $after) = $expect->expect(20, -re, $prompt);
$expect->send("set cli pager off\r\n");
$expect->send("set cli scripting-mode on\n");
# The PAN cli echos stuff back at us, causing us to see the prompt 3 extra times.
# Fortunately, the previous command disables this, so we only deal with it once.
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
$expect->send("show arp all\r\n");
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
$expect->send("show arp all\n");
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
my @arpentries;
@@ -58,6 +65,16 @@ sub arpnip{
push(@arpentries, { ip => $ip, mac => $mac });
}
}
$expect->send("show neighbor interface all\n");
($pos, $error, $match, $before, $after) = $expect->expect(10, -re, $prompt);
for (split(/\r\n/, $before)){
next unless $_ =~ m/([0-9a-f]{0,4}:){2,7}[0-9a-f]{0,4}/;
my ($tmp, $ip, $mac) = split(/\s+/);
if ($ip =~ m/([0-9a-f]{0,4}:){2,7}[0-9a-f]{0,4}/ && $mac =~ m/([0-9a-f]{2}:){5}[0-9a-f]{2}/i) {
push(@arpentries, { ip => $ip, mac => $mac });
}
}
$expect->send("exit\n");
$expect->soft_close();