0

有一个几乎 10K 策略的 junos 配置,下面是一个示例:

每个政策可能包含Logoptions/Scheduler或不包含。另一部分总是包含

样品1

set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X then permit
set logical-systems LS security policies from-zone Untrust to-zone Trust policy 791 then log session-init
set logical-systems LS security policies from-zone Untrust to-zone Trust policy 791 then log session-close
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X scheduler-name 2021-12-31

样品2

set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X then permit
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X scheduler-name 2021-12-31

样品3

set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X then permit

我写了一个这样的 textfsm 模板:

Value Required Logicalsystem (\S+)
Value Required Srczone (\S+)
Value Required Destzone (\S+)
Value Required Policyname (\S+)
Value List Srcaddr (\S+)
Value List Dstaddr (\S+)
Value List Application (\S+)
Value Required Action (permit|deny)
Value List Logoptions (\S+)
Value Scheduler (\S+)

Start
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match source-address ${Srcaddr}
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match destination-address ${Dstaddr}
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match application ${Application}
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} then ${Action} -> Record
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} then log ${Logoptions} -> Record
  ^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} scheduler-name ${Scheduler} -> Record Start

理想输出:

['LS', 'Untrust', 'Trust', 'X', ['1.1.1.1/32', '2.2.2.2/32'], ['3.3.3.3/32', '4.4.4.4/32'], ['Tcp-19094', 'Tcp-9101'], 'permit', ['session-init','session-close'], '2021-12-31']

实际输出:

['EBS', 'Untrust', 'Trust', 'CHG202106221013_5', ['10.168.96.26/32', '10.168.96.27/32'], ['10.187.224.11/32', '10.187.224.12/32'], ['Tcp-19094', 'Tcp-9101'], 'permit', [], '']

我的 textfsm 模板的哪一部分是错误的?请纠正我。谢谢。

4

0 回答 0