This Expect script provides expect with a list of IP addresses to Cisco IPS sensors and commands to configure Cisco IPS sensors. The user, password, IP addresses, prompt regex, etc. have been anonymized. In general this script will log into the sensors and send commands successfully but there are some problems I haven't been able to solve.
Delays in prompts, Sleep timers:
- Sometimes the script appears to send the next command before the next prompt appears in which case the correct command is skipped and the one afterwards sent and accepted. The commands usually need to be entered in order so this usually produces an error. For example Expect sends "service signature-definition sig0" and the sensor receives it but the sensor takes 5-10 seconds to provide the next prompt. The possibility of this long delay which will cause an error has forced me to insert a sleep timer after each command is sent in my loop. One problem with that is if the delay is even longer than my sleep timer I still get an error. Another problem is the script takes forever because there's a 10 second pause after every command. Is using a sleep timer the only or best solution to this problem?
Quoting, Escaping \. in Regex
2. From what I can tell in Expect if I don't quote the command "configure terminal" it's received at the IPS sensor as 2 separate commands so I have to quote it. I don't know if this is causing this problem but for some reason when I use this script the regex string 10\.1\.1\.100 ends up being sent to the IPS sensor without the backslashes 10.1.1.100 but I don't want the regular expression dot . evaluated I just want an IP address with periods i.e. with the periods escaped with the backslash. Something about my Expect script is causing this problem because when I log into an IPS sensor using ssh and copy and paste the commands into the IPS sensors manually the regex string is saved with the backslashes. I've tried removing the quotes and I've also tried double quoting and neither work. Does anyone know what I'm doing wrong here or what I could try to use Expect to send a regex string with backslashes intact?
#!/usr/bin/expect
log_user 1
set timeout 10
set user "user"
set password "password"
set ip_list {
10.1.1.10
10.1.2.10
10.1.3.10
10.1.4.10
}
set cmd_list {
"configure terminal"
"service signature-definition sig0"
"signatures 60000 0"
"alert-severity high"
"sig-fidelity-rating 100"
"sig-description"
"sig-name Foo"
"sig-string-info Foo"
"no sig-comment"
"exit"
"engine string-tcp"
"regex-string 10\.1\.1\.100"
"service-ports 0-65535"
"direction from-service"
"exit"
"exit"
"exit"
}
foreach ip $ip_list {
if {$ip != ""} {
# Connect
spawn ssh $user@$ip
expect "?assword*"
send "$password\r"
set prompt "(IPS....#)"
foreach command $cmd_list {
if {$command != ""} {
expect -re $prompt {
send "$command\r"
sleep 5
}
}
}
expect -re "Apply Changes" {
send -- "yes\r"
}
expect -re $prompt {
send -- "exit\r"
}
close
}
}
send_user "\nDone.\n"