[Day #100 PyATS Series] Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer]

Introduction: Key Concepts

Welcome to Day #100 of the 101 Days of pyATS (Vendor-Agnostic) series. Today, I will focus on creating production-grade automation audit reports for management using pyATS. For a professional Python for Network Engineer, the ability to generate comprehensive, readable, and actionable reports is a key skill.

In this Article, we will cover:

• Generating management-friendly audit reports from multi-vendor environments.
• Combining CLI and GUI validations into structured reports.
• Creating HTML, Markdown, and PDF outputs.
• Automating report generation post-test execution.
• Integrating trend analysis and KPI metrics for executive review.

By the end of this session, you will have a reusable, production-ready reporting framework.

Topology Overview

The lab topology includes:

• Core Layer: Cisco ISR routers
• Distribution Layer: Cisco Catalyst and Arista switches
• Edge Layer: Palo Alto and FortiGate firewalls
• Management Server: Python automation server with pyATS

Simplified topology:

This setup simulates a real-world enterprise environment for generating management-grade reports.

Topology & Communications

• Device Communication: SSH, REST API (for GUI-enabled devices)
• Framework Architecture:
  • Core Engine: pyATS test execution
  • Validation Plugins: Device-specific checks (interfaces, routing, licenses, compliance)
  • Reporting Engine: Aggregates outputs into management-friendly formats
• Parallel Execution: Using pyATS pcall for fast multi-device validation
• Data Collection: CLI outputs parsed with Genie parsers, screenshots for GUI validation
• Reporting Flow: JSON → HTML/Markdown/PDF → Email or Dashboard

Workflow Script

The workflow involves:

1. Load testbed.yml for device definitions.
2. Execute plugins for health, interfaces, services, and compliance.
3. Aggregate results into structured JSON.
4. Generate HTML/Markdown/PDF reports.
5. Optional: Send reports via email or dashboard.

Core Script: generate_audit_report.py

import os
import json
from datetime import datetime
from pyats.async_ import pcall
from genie.testbed import load
from jinja2 import Environment, FileSystemLoader
from weasyprint import HTML

# Load testbed
testbed = load('testbed.yml')

# Discover validation plugins
PLUGIN_DIR = 'plugins'
plugins = [f.replace('.py','') for f in os.listdir(PLUGIN_DIR) if f.endswith('.py')]

def run_plugin(device_name, plugin_name):
    device = testbed.devices[device_name]
    device.connect()
    plugin_module = __import__(f'plugins.{plugin_name}', fromlist=['run'])
    result = plugin_module.run(device)
    device.disconnect()
    return {device_name: result}

# Execute plugins across all devices
all_results = {}
for plugin in plugins:
    results = pcall(run_plugin, *[(dev.name, plugin) for dev in testbed.devices.values()])
    all_results[plugin] = results

# Save JSON results
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
with open(f'audit_results_{timestamp}.json', 'w') as f:
    json.dump(all_results, f, indent=2)

# Generate HTML report using Jinja2
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('audit_report.html')
html_out = template.render(results=all_results, timestamp=timestamp)
with open(f'audit_report_{timestamp}.html', 'w') as f:
    f.write(html_out)

# Generate PDF
HTML(f'audit_report_{timestamp}.html').write_pdf(f'audit_report_{timestamp}.pdf')
print(f"Reports generated: audit_report_{timestamp}.html and .pdf")

Sample Plugin: plugins/interface_status.py

def run(device):
    """Check interface operational state, speed, and duplex"""
    interfaces = device.parse('show interfaces')
    report = {}
    for intf, details in interfaces.items():
        report[intf] = {
            'status': details['status'],
            'admin_status': details['admin_status'],
            'speed': details.get('speed'),
            'duplex': details.get('duplex')
        }
    return report

Explanation by Line

• pcall(run_plugin, …): Executes plugin validations on multiple devices simultaneously.
• JSON Output: Provides structured, machine-readable data.
• Jinja2 Templates: Convert JSON into management-friendly HTML reports.
• WeasyPrint HTML → PDF: Produces professional PDFs for executive review.
• Plugin Modularity: Each plugin is independent, allowing multi-vendor support and reusable validations.

testbed.yml Example

testbed:
  name: MultiVendorAudit
  devices:
    core1:
      type: router
      os: iosxe
      connections:
        cli:
          protocol: ssh
          ip: 10.10.10.1
          username: admin
          password: Cisco123
    dist1:
      type: switch
      os: iosxe
      connections:
        cli:
          protocol: ssh
          ip: 10.10.20.1
          username: admin
          password: Cisco123
    arista1:
      type: switch
      os: eos
      connections:
        cli:
          protocol: ssh
          ip: 10.10.30.1
          username: admin
          password: Arista123
    palo1:
      type: firewall
      os: panos
      connections:
        cli:
          protocol: ssh
          ip: 10.10.40.1
          username: admin
          password: Palo123
    forti1:
      type: firewall
      os: fortios
      connections:
        cli:
          protocol: ssh
          ip: 10.10.50.1
          username: admin
          password: Forti123

Post-Validation CLI (Expected Outputs)

Interface Plugin Results:

core1> show interfaces
Interface    Status  Admin   Speed  Duplex
Gi0/0        up      up      1000   full
Gi0/1        down    down    1000   full

Firewall Plugin Results:

palo1> show security policies
Policy      Source  Destination  Action
P1          ANY     ANY          permit
P2          ANY     ANY          deny

Reports Generated:

• audit_report_YYYYMMDD_HHMMSS.html
• audit_report_YYYYMMDD_HHMMSS.pdf

Reports include color-coded statuses, summary tables, and device-wise metrics.

FAQs

Q1: What are production-grade automation audit reports in pyATS?
A1: These are comprehensive, structured, and executive-ready reports generated automatically after network validation tests. They summarize network health, compliance, configuration drift, and SLA adherence across multi-vendor environments, enabling management-level insights without manual data compilation.

Q2: Why is automation critical for audit reporting in production networks?
A2: Manual audits are time-consuming, error-prone, and inconsistent. Automated reports:

• Provide real-time insights into network status
• Ensure standardization across devices and vendors
• Reduce human error in compliance tracking
• Integrate easily with CI/CD and ITSM processes

Q3: What information is typically included in a production-grade audit report?
A3: Key components include:

• Device inventory and software versions
• Interface health (status, speed, duplex)
• Redundant power/fan validation
• Configuration compliance (golden images, ACLs, routing policies)
• Event and log summaries
• Service-level indicators (latency, packet loss, uptime)
• Executive dashboards in PDF/HTML/Markdown formats

Q4: How does pyATS generate these reports?
A4: pyATS collects structured data using:

• Genie parsers for CLI output
• Test scripts and plugins for validation
• Result objects for structured storage
  Reports are then formatted using:
• Jinja2 templates for HTML/PDF
• Markdown or JSON for automation pipelines
  This ensures readable and actionable insights for management and engineers alike.

Q5: Can audit reports be customized for different stakeholders?
A5: Yes. Using pyATS:

• Engineers can get detailed logs and CLI outputs
• Network managers can receive summarized metrics
• Executives can view high-level dashboards and compliance scores
  This role-based reporting ensures information is contextually relevant.

Q6: How are audit reports integrated into multi-vendor environments?
A6: pyATS supports Cisco, Arista, Palo Alto, Fortigate, and other vendors. Plugins or test scripts normalize output into a common data model, allowing unified reporting and cross-vendor comparisons for compliance, health scores, and configuration validation.

Q7: How can these reports support regulatory or internal compliance?
A7: Automation audit reports:

• Track configuration drift vs golden templates
• Validate security policies, ACLs, and firewall rules
• Capture historical changes for internal audits or external compliance checks (ISO, SOC, NIST)
• Provide timestamped documentation for governance

Q8: What are the long-term benefits of implementing automated audit reports?
A8: Benefits include:

• Continuous network health monitoring
• Reduced manual effort and faster audit cycles
• Improved operational efficiency and SLA adherence
• Better decision-making through historical trends and actionable insights
• Scalability for growing multi-vendor environments

YouTube Link

Watch the Complete Python for Network Engineer: Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer] Lab Demo & Explanation on our channel:

Join Our Training

Take your Python for Network Engineer skills to the next level by mastering production-grade audit reporting frameworks.
Join Trainer Sagar Dhawan’s 3-month instructor-led program to learn:

• Multi-vendor network automation
• pyATS plugin-based testing frameworks
• CI/CD pipeline integration
• Professional reporting and KPI dashboards
• Hands-on labs with realistic network topologies

Enroll here

Enroll Now & Future‑Proof Your Career
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088