Automation
Automation

Scripting How-To: Get the same functionality as Cisco's absolute vty timeout

by Cordelia on ‎08-10-2015 12:36 PM - edited on ‎09-11-2017 05:42 PM by Administrator Administrator
08.10.15   |   12:36 PM

Overview

This event script mimics Cisco's absolute vty timeout functionality. This applies to SLAX version 1.0 and higher.

 

Description

 

This script works in Junos 9.2 or later. It uses jade_auth_success as the generated event to cause the script to be run every 60 seconds. This can be changed to fit your environment.

 

Source Code


GitHub Links


The source code below is also available from GitHub at the following locations:

 

Example Configuration

 

01	The event-options to trigger this script are below:
02	 
03	{master}
04	user@cli> show configuration event-options generate-event {
05	    jade_auth_success time-interval 60; } policy logout {
06	    events jade_auth_success;
07	    then {
08	        event-script logout.slax;
09	    }
10	}
11	event-script {
12	    file logout.slax;
13	}

 

SLAX Script Contents

 

01	version 1.0;
02	 
03	ns junos = "http://xml.juniper.net/junos/*/junos";
04	ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
05	ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
06	 
07	/*
08	 * This event script mimicks Cisco's absolut vty timeout functionality.
09	 * It DOES NOT work on 8.5 but works on 9.2. It uses jade_auth_success as
10	 * the generated event to cause the script to be run every 60 seconds,
11	 * this can be changed to fit your environment.
12	 *
13	 * Ths event-options to trigger this script are below:
14	 *
15	 * {master}
16	 * user@cli> show configuration event-options generate-event {
17	 *     jade_auth_success time-interval 60; } policy logout {
18	 *     events jade_auth_success;
19	 *     then {
20	 *         event-script logout.slax;
21	 *     }
22	 * }
23	 * event-script {
24	 *     file logout.slax;
25	 * }
26	 */
27	 
28	import "../import/junos.xsl";
29	 
30	var $cliTimeout = 300;
31	 
32	match / {
33	    <op-script-results> {
34	        var $uptimeInfo = jcs:invoke ('get-system-uptime-information');
35	        var $uptimeSeconds = $uptimeInfo/current-time/date-time/@junos:seconds;
36	        var $userInfo = jcs:invoke ('get-system-users-information');
37	        for-each ($userInfo/uptime-information/user-table/user-entry) {
38	            var $diff = $uptimeSeconds - login-time/@junos:seconds;
39	            if ($diff > $cliTimeout) {
40	                var $runcmd = <command> "request system logout terminal " _ tty;
41	                var $outcmd = jcs:invoke ($runcmd);
42	            }
43	        }
44	    }
45	}

 

XML Script Contents

 

01	<?xml version="1.0"?>
02	<script>
03	<title>logout.slax</title>
04	<author>jpanagos</author>
05	<synopsis>
06	This event script mimicks Cisco's absolute vty timeout functionality.
07	</synopsis>
08	<coe>event</coe>
09	<type>login</type>
10	 
11	<description>
12	This script works on 9.2. It uses jade_auth_success as the generated event to cause the script to be run every 60 seconds, this can be changed to fit your environment.
13	 
14	</description>
15	 
16	 <example>
17	 <title>Config</title>
18	 <description>The event-options to trigger this script are below:</description>
19	 <config>example-1.conf</config>
20	 </example>
21	 
22	<xhtml:script xmlns:xhtml="http://www.w3.org/1999/xhtml"
23	src="../../../../../web/leaf.js"
24	type="text/javascript"/>
25	</script>