Working with Scripts : Script samples : TCL scripts : TCL variables
 
TCL variables
Variables allow you to store information from the FortiGate device, and use it later in the script. Arrays allow you to easily manage information by storing multiple pieces of data under a variable name. The next script uses an array to store the FortiGate system information.
To save system status information in an array
Script
1
2
3
4
5
6
7
 
8
9
10
 
 
11
12
 
 
13
14
 
 
 
 
15
 
16
17
18
19
#!
proc get_sys_status aname {
upvar $aname a
set input [exec "get system status\n" "# "]
set linelist [split $input \n]
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Version {
regexp {Fortigate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build)
}
Serial-Number {
set a(serial-number) [string trim $value]
}
Hostname {
set a(hostname) [string trim $value]
} }
}
}
 
get_sys_status status
 
puts "This machine is a $status(platform) platform."
puts "It is running version $status(version) of FortiOS."
puts "The firmware is build# $status(build)."
puts "S/N: $status(serial-number)"
puts "This machine is called $status(hostname)"
 
Output
 
Starting script execution
 
This machine is a 100A platform.
It is running version 4.0 of FortiOS.
The firmware is build# 482.
S/N: FGT100A220120181
This machine is called techdocs-100A.
Variations
 
Once the information is in the variable array, you can use it as part of commands you send to the FortiGate device or to make decisions based on the information. For example:
if {$status(version) == 4.0} {
# follow the version 4.0 commands
} elseif {$status(version) == 4.0} {
# follow the version 4.0 commands
}
This script introduces the concept of executing CLI commands within TCL scripts using the following method:
set input [exec "get system status\n" "# "]
This command executes the CLI command “get system status” and passes the result into the variable called input. Without the “\n” at the end of the CLI command, the CLI command will not execute to provide output.
In analyzing this script:
line 1 is the required #! to indicate this is a TCL script
lines 2-3 open the procedure declaration
lines 4-5 puts the output from the CLI command into a TCL variable as a string, and breaks it up at each return character into an array of smaller strings
line 6 starts a loop to go through the array of strings
line 7 loops if the array element is punctuation or continues if its text
line 8 takes the output of line 7’s regular expression command and based on a match, performs one of the actions listed in lines 9 through 17
lines 9-11 if regular expression matches ‘Version’ then parse the text and store values for the platform, version, and build number in the named array elements
line 12-14 if regular expression matches ‘Serial-Number’ then store the value in an array element named that after trimming the string down to text only
lines 15-17 is similar to line 12 except the regular expression is matched against ‘Hostname’
line 17-19 close the switch decision statement, the for each loop, and the procedure
line 20 calls the procedure with an array name of status
lines 21-25 output the information stored in the status array