Description
This article describes how to create the script and how to execute it automatically.
Scope
FortiManager.
Solution
- Configure the following CLI settings.
FMG # config system admin setting
(setting) set show_schedule_script enable
(setting) set show_automatic_script enable
(setting) set show_tcl_script enable
(setting) end
- Navigate from Device manager -> scripts -> CLI/TCL script and select 'Create new'.
- Create a TCL script as shown in the screenshot using the following script text.
#!
set systemTime [clock seconds]
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
do_cmd "config vdom"
do_cmd "edit root"
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
puts "Backup_config: $systemTime config"
do_cmd "exe backup config ftp $systemTime <FTP_IP> guest '' "
}
do_cmd "end"
Run a different script to add the hostname and other information to the TCL script output.
#!
set systemTime [clock seconds]
proc get_sys_status aname {
upvar $aname a
puts [exec "#This is an example Tcl script to get the system status of the FortiGate\n" "# " 15 ]
set input [exec "get system status\n" "# " 15 ]
# puts $input
set linelist [split $input \n]
# puts $linelist
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Version {
regexp {FortiGate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build)
}
Serial-Number {
set a(serial-number) [string trim $value]
}
Hostname {
set a(hostname) [string trim $value]
} }
}
}
get_sys_status status
puts "This machine is a $status(platform) platform."
puts "It is running version $status(version) of FortiOS."
puts "The firmware is build# $status(build)."
puts "S/N: $status(serial-number)"
puts "This machine is called $status(hostname)"
puts "Backup_config: $systemTime config"
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
do_cmd "exe backup config ftp $status(hostname)$systemTime a.b.c.d admin password"
}
do_cmd "end"
set systemTime [clock seconds]
proc get_sys_status aname {
upvar $aname a
puts [exec "#This is an example Tcl script to get the system status of the FortiGate\n" "# " 15 ]
set input [exec "get system status\n" "# " 15 ]
# puts $input
set linelist [split $input \n]
# puts $linelist
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Version {
regexp {FortiGate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build)
}
Serial-Number {
set a(serial-number) [string trim $value]
}
Hostname {
set a(hostname) [string trim $value]
} }
}
}
get_sys_status status
puts "This machine is a $status(platform) platform."
puts "It is running version $status(version) of FortiOS."
puts "The firmware is build# $status(build)."
puts "S/N: $status(serial-number)"
puts "This machine is called $status(hostname)"
puts "Backup_config: $systemTime config"
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
do_cmd "exe backup config ftp $status(hostname)$systemTime a.b.c.d admin password"
}
do_cmd "end"
This is the result of the script when running.
Starting log (Run on device).
This is an example Tcl script to get the system status of the FortiGate.
Freebox-FortiGate-60~POE #
This machine is a 60E-POE platform.
It is running version v6.4.2 of FortiOS.
The firmware is build# 1723.
S/N: FG60EPTK1-----7
This machine is called Freebox-FortiGate-60E-POE
Backup_config: 1600764484 config
The time is: 1600764484
exe backup config ftp Freebox-FortiGate-60E-POE1600-----4 a.b.c.d admin password
Please wait...
This machine is a 60E-POE platform.
It is running version v6.4.2 of FortiOS.
The firmware is build# 1723.
S/N: FG60EPTK1-----7
This machine is called Freebox-FortiGate-60E-POE
Backup_config: 1600764484 config
The time is: 1600764484
exe backup config ftp Freebox-FortiGate-60E-POE1600-----4 a.b.c.d admin password
Please wait...
- Select the script name created, choose Schedule Script, and choose the specific time to execute.
The below pic shows a successful TCL script execution.
The backup file created on the FTP server is visible.
Debugs:
On FortiGate:
On FortiGate:
execute tac report
On FortiManager:
execute tac report -->While running the script.
On FortiGate:
diagnose debug cli 8 <----- As debugging CLI level is 0 to 8.
diagnose debug application fgfm 255
diagnose debug console timestamp enable
diagnose debug application fgfm 255
diagnose debug console timestamp enable
diagnose debug enable
On FortiManager:
diagnose debug application depmanager 255
diagnose debug application fgfm 255 <device name>
diagnose debug timestamp enable
diagnose debug enable
