Description | This article describes how to leverage Bash scripts to run Python or other scripts in the FortiNAC scheduler tool |
Scope | FortiNAC-F, FortiNAC. |
Solution |
In FortiNAC it is possible to set Scheduled Activities and one of the actions that can be used is a Custom Script. This is done in System -> Scheduler. Scripts must be stored in FortiNAC path /home/cm/scripts and have to execute permissions which is done manually through FortiNAC CLI:
execute enter-shell chmod +x /home/cm/scripts/test.py
ls -la /home/cm/scripts/test.py
test.py is a Python script that pings 3 times one Device whose IP address we input as an argument. After that, it prints the date when actions were performed and returns 0 in case each action(ping and date) was successful. The script requires as input an argument which is the "ip" of the device to be pinged. It will then print statistics and the date of that action.
test.py script content:
#!/usr/bin python3
If the python script is directly put in the Scheduler Activity it will fail. This is due to the scheduler function being unable to detect what type of script it is being executed and does not run the script using the interpreter program as follows:
python3 /home/cm/scripts/test.py <ip>
Troubleshoot Scheduler Activities and Custom script failures: To troubleshoot scheduler tasks, enable following debugs in FortiNAC:
execute enter-shell diagnose debug plugin enable SchedulerInterface diagnose tail -F output.master
At this point, manually run the script from Scheduler View and verify the output.
Example 1:
In FortiNAC CLI output messages the following will be visible:
yams.SchedulerInterface FINER :: 2024-09-10 11:16:23:428 :: #400 :: SchedulerServer: ScheduledSystemObject Ping_stats - Running starting task
If the script is manually executed in the CLI, it will only work as follows:
naclab1:~$ python3 /home/cm/scripts/test.py 10.10.10.1 --- 10.10.10.1 ping statistics --- 0 0
Meanwhile, as visible in the scheduler log message it is attempting directly with '/home/cm/scripts/test.py 10.10.10.1'. To prevent this it is possible to use a bash script that simply takes the argument as input and passes it to the pythong script.
Example 2. Using a Bash script to execute the Python script.
In this case, a Bash script named 'bash_pyth.sh' has been created with following content:
#!/bin/bash
This script still takes an input argument which is the 'ip' and passed it to the pythong script. The output is then filtered for 6 lines after the 'statistics' string. This will give only the ping stats and the date command output executed afterward.
This output is then appended to a text file saved in /home/cm/scripts/. In the scheduled Activity the 'bash_pyth.sh' will be selected as the Custrom script entry and use '10.10.10.1' in the Arguments entry. Event logs will show the following:
Output.master logs results:
yams.SchedulerInterface FINER :: 2024-09-10 11:46:33:776 :: #1404 :: new object = ScheduledSystemObject: Type = SystemCommand com.bsc.plugin.scheduler.SchedulerServer$ObjectListener 10.10.10.6 matches operation 1yams.SchedulerInterface FINER :: 2024-09-10 11:46:33:776 :: #1404 :: satisfiesFilter called for com.bsc.plugin.scheduler.SchedulerServer$ObjectListener 10.10.10.6, result=true
Each time the script is executed (manually or by the scheduler) it will append the results in the /home/cm/scripts/Scriptoutput.txt file
naclab1:~$ tail -n 16 /home/cm/scripts/Scriptoutput.txt --- 10.10.10.1 ping statistics --- 0 --- 10.10.10.1 ping statistics --- 0 naclab1:~$
This is a simple example where the script checks for ping statistics from an inventory device and prints the date for each time there are results. Advanced users can use more complex Python scripts to fulfill their needs and automate processes. The scope of this article is to show how to use such scripts and how to troubleshoot scripts when calling them through the scheduler.
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.