Parse, Audit, Query, Build, and Modify Cisco IOS-style and JunOS-style configs
ciscoconfparse2 is similar to an advanced grep and diff that handles multi-vendor network configuration files (such as those from Arista, Cisco, F5, Juniper, Palo Alto, etc); it is the next generation of ciscoconfparse, which was the primary development package from 2007 until 2023.
Assume you have a bunch of interfaces in a configuration. How do you find which ones are shutdown?
One way is manually reading the whole Cisco IOS-XE configuration. Another option is ciscoconfparse2
>>> from ciscoconfparse2 import CiscoConfParse
>>>
>>> parse = CiscoConfParse('/path/to/config/file')
>>> intf_cmds = parse.find_parent_objects(['interface', 'shutdown'])
>>>
>>> shut_intf_names = [" ".join(cmd.split()[1:]) for cmd in intf_cmds]
>>>
>>> shut_intf_names
['GigabitEthernet1/5', 'TenGigabitEthernet2/2', 'TenGigabitEthernet2/3']
>>>
Assume you have this IOS-XR bgp configuration:
router bgp 65534
bgp router-id 10.0.0.100
address-family ipv4 unicast
!
neighbor 10.0.0.37
remote-as 64000
route-policy EBGP_IN in
route-policy EBGP_OUT out
!
neighbor 10.0.0.1
remote-as 65534
update-source Loopback0
route-policy MANGLE_IN in
route-policy MANGLE_OUT out
next-hop-self
!
neighbor 10.0.0.34
remote-as 64000
route-policy EBGP_IN in
route-policy EBGP_OUT out
You can generate the list of EBGP peers pretty quickly with this script:
from ciscoconfparse2 import CiscoConfParse
parse = CiscoConfParse('/path/to/config/file') # Or read directly from a list of strings
# Get all neighbor configuration branches
branches = parse.find_object_branches(('router bgp',
'neighbor',
'remote-as'))
# Get the local BGP ASN
bgp_cmd = branches[0][0]
local_asn = bgp_cmd.split()[-1]
# Find EBGP neighbors for any number of peers
for branch in branches:
neighbor_addr = branch[1].split()[-1]
remote_asn = branch[2].split()[-1]
if local_asn != remote_asn:
print("EBGP NEIGHBOR", neighbor_addr)
When you run that, you'll see:
$ python example.py
EBGP NEIGHBOR 10.0.0.37
EBGP NEIGHBOR 10.0.0.34
$
There is a lot more possible; see the tutorial.
ciscoconfparse2 distributes a CLI tool that will diff and grep various network configuration or text files.
The API examples are documented on the web
ciscoconfparse2 is a Python library that helps you quickly search for questions like these in your router / switch / firewall / load-balancer / wireless text configurations:
It can help you:
Speaking generally, the library examines a text network config and breaks it into a set of linked parent / child relationships. You can perform complex queries about these relationships.
In late 2023, I started a rewrite because ciscoconfparse is too large and has some defaults that I wish it didn't have. I froze ciscoconfparse PYPI releases at version 1.9.52; there will be no more ciscoconfparse PYPI releases.
What do you do? Upgrade to ciscoconfparse2!
Here's why, it:
BaseCfgLine() objectsignore_blank_lines=False (this could be a breaking change for old scripts).auto_commit keyword, which defaults TrueUse pip for Python3.x... :
python -m pip install ciscoconfparse2
hier_configscryptPyYAMLmacaddresspyparsingtraitletsrichtypeguardThe ciscoconfparse2 python package requires Python versions 3.9+.
I will not. however, if it's truly a problem for your company, there are commercial solutions available (to include purchasing the project, or hiring me).
ciscoconfparse2 is licensed GPLv3
The word "Cisco" is a registered trademark of Cisco Systems.
ciscoconfparse2 was written by David Michael Pennington.
FAQs
Parse, Audit, Query, Build, and Modify Cisco IOS-style and JunOS-style configs
We found that ciscoconfparse2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
Research
/Security News
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.