ncat_report - produce reports from ncat output.

ncat_report [OPTIONS] xxx.ncat_out.txt [yyy.ncat_out.txt ...]

ncat_report reads a rules file (default /etc/ncat.conf) and one or more ncat output files. It produces text and HTML reports ($config.html, CW$config.ncat_report.txt) listing rules violations found per the config file. It also produces fix files ($config.ncat_fix.txt) that are suitable for cut-and-pasting to fix problems identified where possible.

-r, --rules

The CW--rules flag allows the specification of an alternate rules file.

-s, --sortorder=value

The CW--sortorder flag allows the specification of the field that reports are sorted by. Possible values are importance (default), passfail,rule,device,line,instance.

-V, --version

The CW--version option displays the current program version.

0 - success >0 - some error occurred

 $config                        - the config file that was pulled
 $config.ncat_out.txt           - a passwd style file with raw results
 $config.ncat_fix.txt           - commands to correct problems found
 $config.ncat_report.txt        - a simple text report with statistics
 $config.html                   - an HTML version of the report w/fixes
 rules.html                     - an HTML version of the rules applied
 index.html                     - an index of the rules and html files

The ncat output file is formatted to be friendly for import to spreadsheets and databases. It is series of colon delimited records, one per line. The first line contains field names. Each succeeding line contains individual records. Lines beginning with # are comments and should be ignored. Individual fields are CW Config:type:rule:Instance:Line where

    * Config is the name of the config that was checked.

    * Type is "Forbidden" to indicate that a forbidden rule was found
      or "Required" to indicate that a required rule was missing.

    * Rule is name of the rule per the ncat rules file.

    * Instance defines, for non-global rules, which instance
      of a class (lines, interfaces) violated the rule, for
      example "Serial0/0" or "vty".

    * Line indicates the line of the original config where
      the violation was detected.

Yes.

  bin/ncat_report               - this program
  bin/rat                       - audit tool main program
  bin/router-snarf              - the config puller
  bin/ncat                      - the audit tool
  etc/ncat.conf                 - file containing audit rules

George M. Jones <gmj@users.sourceforge.net>