有一个几乎 10K 策略的 junos 配置,下面是一个示例:
每个政策可能包含Logoptions
/Scheduler
或不包含。另一部分总是包含
样品1
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X then permit
set logical-systems LS security policies from-zone Untrust to-zone Trust policy 791 then log session-init
set logical-systems LS security policies from-zone Untrust to-zone Trust policy 791 then log session-close
set logical-systems LS security policies from-zone Untrust to-zone Trust policy X scheduler-name 2021-12-31
样品2
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X then permit
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X scheduler-name 2021-12-31
样品3
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 1.1.1.1/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match source-address 2.2.2.2/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 3.3.3.3/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match destination-address 4.4.4.4/32
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-19094
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X match application Tcp-9101
set logical-systems LS1 security policies from-zone Untrust to-zone Trust policy X then permit
我写了一个这样的 textfsm 模板:
Value Required Logicalsystem (\S+)
Value Required Srczone (\S+)
Value Required Destzone (\S+)
Value Required Policyname (\S+)
Value List Srcaddr (\S+)
Value List Dstaddr (\S+)
Value List Application (\S+)
Value Required Action (permit|deny)
Value List Logoptions (\S+)
Value Scheduler (\S+)
Start
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match source-address ${Srcaddr}
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match destination-address ${Dstaddr}
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} match application ${Application}
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} then ${Action} -> Record
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} then log ${Logoptions} -> Record
^set logical-systems ${Logicalsystem} security policies from-zone ${Srczone} to-zone ${Destzone} policy ${Policyname} scheduler-name ${Scheduler} -> Record Start
理想输出:
['LS', 'Untrust', 'Trust', 'X', ['1.1.1.1/32', '2.2.2.2/32'], ['3.3.3.3/32', '4.4.4.4/32'], ['Tcp-19094', 'Tcp-9101'], 'permit', ['session-init','session-close'], '2021-12-31']
实际输出:
['EBS', 'Untrust', 'Trust', 'CHG202106221013_5', ['10.168.96.26/32', '10.168.96.27/32'], ['10.187.224.11/32', '10.187.224.12/32'], ['Tcp-19094', 'Tcp-9101'], 'permit', [], '']
我的 textfsm 模板的哪一部分是错误的?请纠正我。谢谢。