Running External Compliance Assessment Scripts
An external script can also be called by the conformance template. Any programming language can be used to write the script as long as it can be called from the command line. In order to display the script results in the Compliance Assessment window’s Detailed Results tab, the script’s output should be comma-separated, including the following details on each line:
Message,Severity,Hostname,Config File,Block,Lines,Template,Rule,Template Lines,Template Line,Template Line #,Category,Vendor,OS,Version
(Alternatively, the output could also be redirected to a separate file, rather than appended to the Detailed Results tab, in which case it could be in any format.)
In the following example, the perl script myscript.pl would be executed using the specification file as one of its inputs. This perl script checks to see if links of a given trunk type have the recommended ISIS metric for that trunk type. The perl script’s output is then appended to the Detailed Results table.
#conform type cisco ios @define external isis_metric_check output=append ./external/edit_check_isis_metric.pl ./spec/spec.auto
To see the example perl script used in this example, refer to IP Manipulation. Note that this particular script parses link information from the bblink file. At the end of the script, the print statement outputs to the CSV format with the appropriate fields to append to the compliance assessment detailed results table:
print "$msg,$severity,$node,$source,,,external,$rule_name,,,\n".
For further information on external scripts, see Building Templates.