Hi all, i am newbie to tcl usage with cisco ios. Actually what i want to achieve is that, whenever a user runs show running-config, i want some out to be omitted and shown either as ***** or simple space " ". I dont know how to do it with tcl.
Can some one guide me pls
It would take way too long to explain Tcl. So I will point you to the Tcl language reference: http://www.tcl.tk/doc/ . While IOS uses Tcl 8.3, the documentation on 8.4, and the tutorial on 8.5 will be helpful.
As for the IOS/EEM nature of the policy, I will go through that briefly. First, you should familiarize yourself with EEM scripting in Tcl on IOS at http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps6441_TSD_Products_Configuration_Guide_Chapter.html .
The first line registers a new CLI policy with the EEM policy director. This policy will run when someone runs the "show running-config" command (or any abbreviation thereof). The policy will run synchronously, blocking until complete. The script will run for no longer than five minutes.
The next non-comment lines load the two required EEM namespaces. These are documented in the link above. They provide necessary EEM functions as well as some nice convenience procedures.
The following run_cli procedure is something I wrote to make running CLI commands easier with EEM. It uses the cli interface documented at the EEM link above to open a cli session, enter enable mode, and then run a specified list of CLI commands, returning the output to the caller.
Finally, we get into the main portion of the script. The first main line runs the "show run" command, and saves the result in the $output variable.
Then, the script iterates through each line in the show run output, and checks the line to see if matches the regular expression "(password|key|community)". This means, if the line contains the word "password", "key", or "community" it will match the regular expression.
If the line does NOT match the regular expression, it is printed to the terminal. If it DOES match the regular expression, the line is skipped, and not shown to the user.
The last line is important. By returning ok to the EEM server, the script says that it completed successfully, and the device should NOT run the "show running-config" command that was initially requested. If, however, you do:
Then EEM will run the original "show running-config", and display that output to the user.