Description
This article describes how to create the script and how to execute it automatically.
Solution
1) Configure the following CLI settings.
FMG # config system admin setting
(setting) set show_schedule_script enable
(setting) set show_automatic_script enable
(setting) set show_tcl_script enable
(setting) end
2) Navigate from Device manager -> scripts -> CLI/TCL script and select 'Create new'.
3) Create a TCL script as shown in the screenshot, using the following script text.
#!
set systemTime [clock seconds]
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
do_cmd "config vdom"
do_cmd "edit root"
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
puts "Backup_config: $systemTime config"
do_cmd "exe backup config ftp $systemTime <FTP_IP> guest '' "
}
do_cmd "end"
Run a different script to add the hostname and other information to the TCL script output.
Starting log (Run on device).
- This is an example Tcl script to get the system status of the FortiGate.
#!This is the result of the script when running.
set systemTime [clock seconds]
proc get_sys_status aname {
upvar $aname a
puts [exec "#This is an example Tcl script to get the system status of the FortiGate\n" "# " 15 ]
set input [exec "get system status\n" "# " 15 ]
# puts $input
set linelist [split $input \n]
# puts $linelist
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Version {
regexp {FortiGate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build)
}
Serial-Number {
set a(serial-number) [string trim $value]
}
Hostname {
set a(hostname) [string trim $value]
} }
}
}
get_sys_status status
puts "This machine is a $status(platform) platform."
puts "It is running version $status(version) of FortiOS."
puts "The firmware is build# $status(build)."
puts "S/N: $status(serial-number)"
puts "This machine is called $status(hostname)"
puts "Backup_config: $systemTime config"
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
do_cmd "exe backup config ftp $status(hostname)$systemTime a.b.c.d admin password"
}
do_cmd "end"
Starting log (Run on device).
- This is an example Tcl script to get the system status of the FortiGate.
Freebox-FortiGate-60~POE #4) Select the script name created, choose Schedule Script and choose the specific time to execute.
This machine is a 60E-POE platform.
It is running version v6.4.2 of FortiOS.
The firmware is build# 1723.
S/N: FG60EPTK1-----7
This machine is called Freebox-FortiGate-60E-POE
Backup_config: 1600764484 config
The time is: 1600764484
exe backup config ftp Freebox-FortiGate-60E-POE1600-----4 a.b.c.d admin password
Please wait...
The below pic shows a successful TCL script execution.
The backup file created on the FTP server is visible.
Debug.
On FortiGate:
On FortiGate:
# Exe tac reportOn FortiManager:
# Exe tac reportWhile running the script.
On FortiGate:
# diag debug cli 255On FortiManager:
# diag de app fgfm 255
# diag de console tim en
# diag de en
# diagnose debug app depmanager 255
# diag de app fgfm 255 <device name>
# diag de tim en
# dia de en
