Versions Compared

Old Version 3

changes.mady.by.user Jorge Ramirez

Saved on

compared with

New Version Current

changes.mady.by.user John Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix typo

...

Code Block
.
.
.
      "opconfig_url_base" : "",
      "opconfig_disable_ios_ssh_connection_discovery" : "false",
      "opconfig_parsers" : [
         [
            "^show full-configuration system netflow$",          # Command that we are using to extract the information 
            "config_parsers/fortigate-netflow.pm"                # File to parse the command output
         ]
      ],
      "opconfig_queue_expire_after_seconds" : 691200,
      "opconfig_audit_import" : 1,
.
.
.

We can check if the syntaxis syntax is is ok using this: 

Code Block
# json_xs < opCommon.json

...

Code Block
[root@localhost conf]# /usr/local/omk/bin/opconfig-cli.pl act=export_config_status node=FortinetTest debug=true
opconfig-cli.pl Version 3.420.0

Copyright (C) 2015 Opmantek Limited (www.opmantek.com)
This program comes with ABSOLUTELY NO WARRANTY;
See www.opmantek.com or email contact@opmantek.com

opConfig is licensed to Opmantek Internal for 50 Nodes - Expires 15-Aug-2023

[2023-01-20 17:32:28.57037] [8596] [debug] new opConfig: require_db
[2023-01-20 17:32:28.71590] [8596] [debug] Creating NMISx
{
   "config_features" : {
      "netflow" : {
         "activeFtimeout" : "1800",
         "collectorip" : "192.168.0.104",
         "collectorport" : "2055",
         "inactFtimeout" : "15",
         "intmethod" : "auto",
         "sourceip" : "192.168.0.105",
         "txcounter" : "20",
         "txtimeout" : "1800"
      }
   }
}


Compliance Policy files.

Compliance policy language is very similar to opEvents language. 

Here is a quick overview of the structural rules:

  • A policy consists of one hash (or "associative array"). All hash keys (=rule numbers) must be numeric, and the keys control the order of rule evaluation.
    Rule numbers do not have to be globally unique, just within the enclosing subpolicy.
  • Each hash element must describe either one IF/THEN clause or one EACH/BLOCK iteration.
  • THEN statements can be either a single string (describing the actions to take) or a nested sub-policy (in the form of a nested hash).
  • EACH/BLOCK iterations always require a nested sub-policy.
  • IF statements are single strings, made up from structure or variable selector expressions and Perl operators and expressions.
  • The available actions for THEN statements are ok(), exception()CONTINUE() and LAST().
  • EACH statements consist of a variable name (for the iterator variable to be) and a structure selector expression (for the objects to iterate over).
  • The policy engine invokes policy rules with a number of pre-defined structure variables, to provide access to the configuration status document, the current node name and a few others

Compliance policy files are installed in the directory /usr/local/omk/conf/compliance_policies and they must have the .json extension.

...

Code Block
# /usr/local/omk/bin/opconfig-cli.pl act=check_compliance name='netflow' node=FortinetTest debug=9

Step 3. View Compliance Status

Now you can check the Complaince Status in the opConfig GUI.  Access the opConfig GUI at http://YOUR_SERVERNAME/omk/opConfig, login and then from the Menu Bar "Views -> Compliance Status".

...