Element Type

in the element type function, it is possible to define a new element and configure its properties there are frequently used elements already defined in kron pam these elements can be edited if necessary elements can be personalized by adding or editing properties on the element type screen to set the properties of an element type, follow the steps below navigate to devices > element type click the element type option button, and go to next select the show properties according to the preferred association tags save property name description sample values aaa auth username case sensitive if the device type is expected to recognize a case sensitive username, the property must be set as true false cli clean line bytes this property is used to define the method of how to clean the line on the prompt if the command is not permitted on the target device the property can have the values of enq nak cr , etx , and enq can cr enq nak cr some switches/routers might require this method to clean the prompt line when the command is detected as a black key command (mikrotik, etc ) etx when a command is run, if it is detected as a black key command, the “ctrl+c” command is not run enq can cr some switches/routers might require this method to clean the prompt line when the command is detected as a black key command ( hp, etc ) the proper method should be defined according to the specifications of the device etx cli login password prompt pattern telnet connections behave differently during the authentication process based on the device, such as only the password or only the username being asked for authentication set this parameter if only the password is required for authentication (?i) password\[ |>] cli login username and password prompt pattern telnet connections behave differently during the authentication process based on the device, such as only the password or only the username being asked for authentication set this parameter, if only the username is required for authentication (?i) username password cli login username prompt pattern telnet connections behave differently during the authentication process based on the device, such as only the password or only the username being asked for authentication set this parameter, if only the username is required for authentication (?i) (username|user|login)\[ |>] discovery commands hostname command to get the hostname during device discovery hostname discovery commands hostname pattern regex pattern to get the hostname from the output of the hostname command during device discovery hoctamectl discovery commands version command command to get the version of the operating system during discovery cat /etc/os release discovery model match regex match the word or regex for output of version command during device discovery linux discovery name server lookup hostname if this value is set as true , devices will be discovered with their name by executing the nslookup command during auto device discovery true enforcer terminal behaviour context this property can keep the actual context in the device and the context in xml policies synchronized alcatel and cisco can locate deeper contexts when a user enters them sequentially in one command line whereas huawei cannot when a command does not exist in the current context, huawei and alcatel look for it in the root context whereas cisco does not alcatel enforcer terminal behaviour ctrl c this property can keep the actual context in the device and context in the xml policies synchronized devices have different behaviors when the user presses ctrl+c do nothing does not change the context abort ignores what the user wrote, does not change the context abort and go to root changes the context to root abort and go to root when no command changes the context to root only when the user did not write anything abort enforcer terminal behaviour ctrl c this property can keep the actual context in the device and context in the xml policies synchronized devices have different behaviors when the user presses ctrl+z do nothing does not change the context abort and go to root does not execute the command if the user wrote something, then changes the context to root execute and go to root executes the command if the user wrote something, then changes the context to root abort and go to root enforcer terminal behaviour error message pattern this property is used to see whether the command has executed successfully or not in the command log entries the expected failure message returned by the command needs to be defined in this property (command not found)|(error ) enforcer terminal behaviour exc last line patterns skips command detection , policy enforcement and command logging when the last line matches one of these patterns (?i)password\[ |>] ^\s +\s (?i)more\s + enforcer terminal behaviour has prompt if the device type has no prompt, such as #,$, set the value as false true enforcer terminal behaviour prompt pattern when the user presses enter, the system tries to find this pattern in the last line if found, the system considers the rest of the characters as a command ?(>|#|]|$) enforcer terminal behaviour second attempt for prompt this property applies to when the user presses enter but the command could not be detected because no prompt was found in the last line the command may not be detected because sometimes, while the user is typing a command, the device may suddenly send messages to the user, causing the characters of the command to mix with the characters of the message when the user presses enter dont try and clean line sends a specific byte series to the device in order to clean the line (guaranteed to cancel possible command) dont try and send enter sends enter to the device (may cause it to execute a possible command without policy enforcement and logging) try and clean line sends tab to the device and waits for a short while if still no prompt is found in the last line, sends a specific byte series to the device to clean the line (guaranteed to cancel possible command) try and send enter sends tab to the device and waits for a short while if still no prompt is found in the last line, sends enter to the device (may cause it to execute the possible command without policy enforcement and logging) try and clean line http auto login send email in header when set as true , the email address of the user is forwarded to the http(s) device during auto login the info is sent in an additional info parameter as email=abc\@def com the default value is false true / false http auto login send utc time in header when set as true , the timestamp of the auto login is forwarded to the http(s) device during auto login in utc format the info is sent in an additional info parameter as time=1563288010000 the default value is false true / false http auto login user information hash algorithm the algorithm to hash the email and utc time information sent in the header, if the related properties are set as true no hashing is applied if this property is not defined sha256 http auto login user information hash preshared key the pre shared key string to hash the email and utc time information is sent in the header, when the related properties are set as true string nsso cli delay before enter to adjust the delay time for the possibility of echo not coming from the device before the enter command 100 nsso cli delay between enters sometimes bulk commands, which are copy/pasted, aren't executed completely, or some commands can be missed, whenever the response time is more than the expected time kron pam waits 500 milliseconds as default after each time the enter command is echoed from the device the value can change if it is not considered sufficient 500 shell terminal config fixed pty columns some devices send enter bytes when the command being typed is longer than the window width this causes problems with command detection to avoid this, this property should be set as “0” (or “ 1”, according to the device) to force the device to assume an unlimited window width additionally, it can also be used to work with a set window width, like 80 columns, even if the user changes the window width of the client application 80 shell terminal config fixed pty lines forces the device to assume unlimited window height when this property is set as “0” (or “ 1”, according to the device) additionally, it can also be used to work with a set height, like 24 lines, even if the user changes the window height of the client application 24 shell terminal config local echo this parameter must be set as true if the device side keys are not echoed false shell terminal config ssh echo process this property value can be set as with queue , when a performance increase is desired without queue shell terminal config ssh enable bouncycastle some devices do not support up to date encryption techniques for those devices, setting the value as false prevents performance loss shell terminal config telnet auth failure pattern when the defined values in this property are captured after entering the username/password in telnet connections, the authentication is considered unsuccessful (?i) (error|username\[ |>]|user\[ |>]|login\[ |>]|password\[ |>]) shell terminal config telnet logon template in telnet connections, some devices ask for the username and password at the same time when logging in, in which case this property must be defined lgi\ op="${username}",pwd="${password}"; shell terminal config ssh server alive interval the parameter value is defined in seconds format a session is kept alive during the defined value 30000 tacacs log authorization as accounting allows tacacs authorization requests to be saved as accounting logs true / false device import azure port number optional devices are imported with the defined port number value if this value is not set, the default port number is 22 for ssh device import aws port number optional devices are imported with the defined port number value if this value is not set, the default port number is 22 for ssh device import aws save windows admin password while importing windows devices from azure, username and password will be retrieved from azure by using a private key for zero touch onboarding if the parameter is set as true , the credentials are stored in the sapm admincredentials <$publicipofdevice> defaults to false if this value is not set device import azure reset windows admin password while importing windows devices from azure, username and password will be retrieved from azure by using a private key for zero touch onboarding if the parameter is set as true , the credentials are stored in the sapm admincredentials <$publicipofdevice>