TCL variables
Variables allow you to store information from the FortiGate device, and use it later in the script. Arrays allow you to easily manage information by storing multiple pieces of data under a variable name. The next script uses an array to store the FortiGate system information.
To save system status information in an array |
Script | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | #! proc get_sys_status aname { upvar $aname a set input [exec "get system status\n" "# "] set linelist [split $input \n] foreach line $linelist { if {![regexp {([^:]+):(.*)} $line dummy key value]} continue switch -regexp -- $key { Version { regexp {Fortigate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build) } Serial-Number { set a(serial-number) [string trim $value] } Hostname { set a(hostname) [string trim $value] } } } } get_sys_status status puts "This machine is a $status(platform) platform." puts "It is running version $status(version) of FortiOS." puts "The firmware is build# $status(build)." puts "S/N: $status(serial-number)" puts "This machine is called $status(hostname)" |
Output | | Starting script execution This machine is a 100A platform. It is running version 4.0 of FortiOS. The firmware is build# 482. S/N: FGT100A220120181 This machine is called techdocs-100A. |
Variations | | Once the information is in the variable array, you can use it as part of commands you send to the FortiGate device or to make decisions based on the information. For example: if {$status(version) == 4.0} { # follow the version 4.0 commands } elseif {$status(version) == 4.0} { # follow the version 4.0 commands } |
This script introduces the concept of executing CLI commands within TCL scripts using the following method:
set input [exec "get system status\n" "# "]
This command executes the CLI command “get system status” and passes the result into the variable called input. Without the “\n” at the end of the CLI command, the CLI command will not execute to provide output.
In analyzing this script:
• line 1 is the required #! to indicate this is a TCL script
• lines 2-3 open the procedure declaration
• lines 4-5 puts the output from the CLI command into a TCL variable as a string, and breaks it up at each return character into an array of smaller strings
• line 6 starts a loop to go through the array of strings
• line 7 loops if the array element is punctuation or continues if its text
• line 8 takes the output of line 7’s regular expression command and based on a match, performs one of the actions listed in lines 9 through 17
• lines 9-11 if regular expression matches ‘Version’ then parse the text and store values for the platform, version, and build number in the named array elements
• line 12-14 if regular expression matches ‘Serial-Number’ then store the value in an array element named that after trimming the string down to text only
• lines 15-17 is similar to line 12 except the regular expression is matched against ‘Hostname’
• line 17-19 close the switch decision statement, the for each loop, and the procedure
• line 20 calls the procedure with an array name of status
• lines 21-25 output the information stored in the status array