Friday, March 29, 2013

JunOS Script Health Check

For my first technical post, I figure I'd share a bit of newly acquired know-how with regard to JunOS script. Often, upon logging into a router, it's good to know a bit of information, whether that login is for troubleshooting or normal configuration and provisioning. For me, the things that I care about knowing first are:

  • How long has the router been up
  • Who is logged in now
  • When was the last commit
  • Is anything broken
    • Chassis/System Alarms
    • Physical Interfaces down
    • LDP neighbors down
    • OSPF neighbors down
    • BGP Peers down
    • L2Circuits Down
I thought to myself, this is the perfect time for a login-script, and an easy opportunity to break into JunOS Scripting. So how do we get to the point, where, on login, the script outputs the health-check. It's actually not too difficult. First, we need to load the script onto the router. This can be accomplished by copying the script over using SCP or FTP. Next, we need to add it as an op script:

cstewart@router# set system scripts op file login-script.slax 

cstewart@router# show system scripts 
op {
    file login-script.slax;

Finally, we need to add the script to the login-class for the users that we want to have see this information.
cstewart@router# set system login class network-manager login-script login-script.slax permissions all 

After these changes are committed, we can test the command by calling the op script directly. Now, I'll caveat this with a warning that I am by no means a programmer, so, for revision 1, my target output was this, when there is a lot broken.

cstewart@router# run op login-script                                   
Minor ALARM - Rescue configuration is not set
LDP Configured and down on fe-0/0/7.0
OSPF Configured and down on fe-0/0/7.0
BGP Peer Down Peer@ is down
L2Circuit to on fe-0/0/7.0(vc 123) is down due to status NC
Physical Interface fe-0/0/7 is Admin Up and Operationally Down to MPLS Network
System Uptime is 7 days, 15:05
cstewart is currently logged in from since 10:39AM
Last commit was 2013-03-29 10:45:21 UTC by: cstewart

Now, when things are going well, you would see an output like this:
cstewart@router# run op login-script                             
System Uptime is 7 days, 15:15
cstewart is currently logged in from since 10:39AM
Last commit was 2013-03-29 10:56:07 UTC by: cstewart

So, without any further adieu, here is the script, free as in beer, for you to use and modify. Hopefully it helps you and your team.

version 1.0;
Version 1.0 of the login-script that does a quick health check

ns junos = "*/junos";
ns xnm = "";
ns jcs = "";

import "../import/junos.xsl";

match / 
<op-script-results> {

var $query0 = { <command> 'show chassis alarms'; }
var $result0 = jcs:invoke($query0);              
<alarm-information> {
for-each($result0) { 
if ($result0/alarm-detail/alarm-class != '') {
<output> $result0/alarm-detail/alarm-class _' ALARM - ' _$result0/alarm-detail/alarm-description; 

var $query1 = { <command> 'show system alarms'; }
var $result1 = jcs:invoke($query1);
<alarm-information> {
for-each($result1) { 
if ($result1/alarm-detail/alarm-class != '') {
<output> $result1/alarm-detail/alarm-class _' ALARM - ' _$result1/alarm-detail/alarm-description; 
var $query2 = { <command> 'show ldp interface'; }
var $result2 = jcs:invoke($query2);              
<ldp-interface-information> {
for-each($result2/ldp-interface[ldp-neighbor-count=='0']) { 
<output> 'LDP Configured and down on ' _$result2/ldp-interface/interface-name; 

var $query3 = { <command> 'show ospf interface'; }
var $result3 = jcs:invoke($query3);              
<ospf-interface-information> {
for-each($result3/ospf-interface[neighbor-count=='0']) { 
<output> 'OSPF Configured and down on ' _$result3/ospf-interface/interface-name; 

var $query4 = { <command> 'show bgp summary'; }
var $result4 = jcs:invoke($query4);              
<bgp-information> {
for-each($result4/bgp-peer[peer-state!='Established']) { 
<output> 'BGP Peer ' _$result4/bgp-peer/description _'@' _$result4/bgp-peer/peer-address _' is down'; 

var $query5 = { <command> 'show l2circuit connections down'; }
var $result5 = jcs:invoke($query5);              
<l2circuit-connection-information> {
for-each($result5/l2circuit-neighbor/connection[connection-status!='Up']) { 
<output> 'L2Circuit to ' _$result5/l2circuit-neighbor/neighbor-address _' on ' _$result5/l2circuit-neighbor/connection/connection-id _' is down due to status ' _$result5/l2circuit-neighbor/connection/connection-status; 

var $query6 = { <command> 'show interfaces terse'; }
var $result6 = jcs:invoke($query6);  
<interface-information> {
for-each ($result6/physical-interface) { 
if ((admin-status=='up') && (oper-status=='down')) { 
<output> 'Physical Interface ' _name _' is Admin Up and Operationally Down to '_description; 

var $query7 = { <command> 'show system users'; }
var $result7 = jcs:invoke($query7);              
<system-users-information> { 
<output> 'System Uptime is ' _$result7/uptime-information/up-time; 
for-each($result7/uptime-information/user-table/user-entry) { <output> user _' is currently logged in from ' _from _' since ' _login-time; 

var $query8 = { <command> 'show system commit'; }
var $result8 = jcs:invoke($query8);
<commit-information> { 
<output> 'Last commit was ' _$result8/commit-history/date-time _' by: ' _$result8/commit-history/user; 




  1. I know this page is old but it comes up in Google search for JunOS health check script still so I'm adding a comment to help other people that might see this.
    Thanks for the script - It's actually broken here but I fixed it and changed it around a little here:

  2. This comment has been removed by a blog administrator.

  3. This comment has been removed by a blog administrator.

  4. This comment has been removed by a blog administrator.

  5. This comment has been removed by a blog administrator.

  6. This comment has been removed by the author.

  7. I heard about the 5 qualities that make a name awesome from this product naming agency? I heard a lot of people were able to come up with various creative names because of this. how long does it take for cbd gummies to work

  8. Yes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks Click here

  9. It is very good, but look at the information at this address. Best Air Fryer Pressure Cookers

  10. This is very interesting, but it is necessary to click on this link: Click here

  11. Acknowledges for paper such a beneficial composition, I stumbled beside your blog besides decipher a limited announce. I want your technique of inscription... check here

  12. For true fans of this thread I will address is a free online! mélybölcsős szállítás Europa-Road Kft

  13. I am always searching online for storys that can accommodate me. There is obviously a multiple to understand about this. I feel you made few salubrious points in Attributes moreover. Detain busy, awesome career! prometazin actavis