Run multiple FortiOS commands from an ind script

IKL Development
#1

I would need your help please. I hope that is a quick answer question. :slight_smile:


I need to create a new fortigate ind script and run more than one FortiOS commands to the same ind script. The reason is that I need more than one FortiOS command to get all the required information for parsing.


I have found several ind scripts where the consecutive commands are separatedby using a “;”


Example from a Checkpoint ind script

#! REMOTE::SSH
stty rows 80 ; ${nice-path} -n 15 clish -c ‘show config-state’ ; sleep 5 ; ${nice-path} -n 15 clish -c ‘show config-state’ ; ${nice-path} -n 15 dbget installer:last_sent_da_info ; ${nice-path} -n 15 grep “installer:last_sent_da_info” /config/active


In the above example the Checkpoint commands are written one after the other. Does it mean that the .input file that I need to parse has the output from each Checkpoint command starting with the first command and then moving to the second etc (i.e. the .input file follows the same order with the e.g. Checkpoint commands defined to the ind script)?


NOTE: These FortiOS commands are irrelevant and there isnt any requirement to be executed over the same ssh session

#2

I think this is OS specific. The Checkpoint scripts uses bash. Unless Fortinet uses bash you might be out of luck with using the ";".


Have you considered trying a multi-step scripts, or separating the commands with a new line? Never tried the latter myself, but I hear it should be possible?

#3

I completed the the tests by using the command runner with direct access to a Fortigate.


$ command-runner.sh full-command --ssh admin,xxxxx get_system_interface.ind X.X.X.X --verbose

After testing seems that is possible to run multiple commands in the same ind script also for FortiOS (fortigate) devices!


Below can be found the test cases and results:


Scope:

Two FortiOS commands needed to be executed and parsed by an ind script.

The next FortiOS commands

get system interface physical AND get system interface


Cases:


#! REMOTE::SSH
get system interface physical get system interface

STATUS: FAIL
--------------

#! REMOTE::SSH
get system interface physical;get system interface

STATUS: FAIL
-----------------
#! REMOTE::SSH
get system interface physical; get system interface

STATUS: FAIL
-----------------

#! REMOTE::SSH
get system interface physical;
get system interface

STATUS: only the last command (get system interface) works

-------------------
#! REMOTE::SSH
get system interface physical
get system interface

STATUS: PASS!!! :)