[Day #100 PyATS Series] Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer]

[Day #100 PyATS Series] Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer]


Introduction: Key Concepts

Welcome to Day #100 of the 101 Days of pyATS (Vendor-Agnostic) series. Today, I will focus on creating production-grade automation audit reports for management using pyATS. For a professional Python for Network Engineer, the ability to generate comprehensive, readable, and actionable reports is a key skill.

In this Article, we will cover:

  • Generating management-friendly audit reports from multi-vendor environments.
  • Combining CLI and GUI validations into structured reports.
  • Creating HTML, Markdown, and PDF outputs.
  • Automating report generation post-test execution.
  • Integrating trend analysis and KPI metrics for executive review.

By the end of this session, you will have a reusable, production-ready reporting framework.


Topology Overview

The lab topology includes:

  • Core Layer: Cisco ISR routers
  • Distribution Layer: Cisco Catalyst and Arista switches
  • Edge Layer: Palo Alto and FortiGate firewalls
  • Management Server: Python automation server with pyATS

Simplified topology:

This setup simulates a real-world enterprise environment for generating management-grade reports.


Topology & Communications

  • Device Communication: SSH, REST API (for GUI-enabled devices)
  • Framework Architecture:
    • Core Engine: pyATS test execution
    • Validation Plugins: Device-specific checks (interfaces, routing, licenses, compliance)
    • Reporting Engine: Aggregates outputs into management-friendly formats
  • Parallel Execution: Using pyATS pcall for fast multi-device validation
  • Data Collection: CLI outputs parsed with Genie parsers, screenshots for GUI validation
  • Reporting Flow: JSON → HTML/Markdown/PDF → Email or Dashboard

Workflow Script

The workflow involves:

  1. Load testbed.yml for device definitions.
  2. Execute plugins for health, interfaces, services, and compliance.
  3. Aggregate results into structured JSON.
  4. Generate HTML/Markdown/PDF reports.
  5. Optional: Send reports via email or dashboard.

Core Script: generate_audit_report.py

import os
import json
from datetime import datetime
from pyats.async_ import pcall
from genie.testbed import load
from jinja2 import Environment, FileSystemLoader
from weasyprint import HTML

# Load testbed
testbed = load('testbed.yml')

# Discover validation plugins
PLUGIN_DIR = 'plugins'
plugins = [f.replace('.py','') for f in os.listdir(PLUGIN_DIR) if f.endswith('.py')]

def run_plugin(device_name, plugin_name):
    device = testbed.devices[device_name]
    device.connect()
    plugin_module = __import__(f'plugins.{plugin_name}', fromlist=['run'])
    result = plugin_module.run(device)
    device.disconnect()
    return {device_name: result}

# Execute plugins across all devices
all_results = {}
for plugin in plugins:
    results = pcall(run_plugin, *[(dev.name, plugin) for dev in testbed.devices.values()])
    all_results[plugin] = results

# Save JSON results
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
with open(f'audit_results_{timestamp}.json', 'w') as f:
    json.dump(all_results, f, indent=2)

# Generate HTML report using Jinja2
env = Environment(loader=FileSystemLoader('templates'))
template = env.get_template('audit_report.html')
html_out = template.render(results=all_results, timestamp=timestamp)
with open(f'audit_report_{timestamp}.html', 'w') as f:
    f.write(html_out)

# Generate PDF
HTML(f'audit_report_{timestamp}.html').write_pdf(f'audit_report_{timestamp}.pdf')
print(f"Reports generated: audit_report_{timestamp}.html and .pdf")

Sample Plugin: plugins/interface_status.py

def run(device):
    """Check interface operational state, speed, and duplex"""
    interfaces = device.parse('show interfaces')
    report = {}
    for intf, details in interfaces.items():
        report[intf] = {
            'status': details['status'],
            'admin_status': details['admin_status'],
            'speed': details.get('speed'),
            'duplex': details.get('duplex')
        }
    return report

Explanation by Line

  • pcall(run_plugin, …): Executes plugin validations on multiple devices simultaneously.
  • JSON Output: Provides structured, machine-readable data.
  • Jinja2 Templates: Convert JSON into management-friendly HTML reports.
  • WeasyPrint HTML → PDF: Produces professional PDFs for executive review.
  • Plugin Modularity: Each plugin is independent, allowing multi-vendor support and reusable validations.

testbed.yml Example

testbed:
  name: MultiVendorAudit
  devices:
    core1:
      type: router
      os: iosxe
      connections:
        cli:
          protocol: ssh
          ip: 10.10.10.1
          username: admin
          password: Cisco123
    dist1:
      type: switch
      os: iosxe
      connections:
        cli:
          protocol: ssh
          ip: 10.10.20.1
          username: admin
          password: Cisco123
    arista1:
      type: switch
      os: eos
      connections:
        cli:
          protocol: ssh
          ip: 10.10.30.1
          username: admin
          password: Arista123
    palo1:
      type: firewall
      os: panos
      connections:
        cli:
          protocol: ssh
          ip: 10.10.40.1
          username: admin
          password: Palo123
    forti1:
      type: firewall
      os: fortios
      connections:
        cli:
          protocol: ssh
          ip: 10.10.50.1
          username: admin
          password: Forti123

Post-Validation CLI (Expected Outputs)

Interface Plugin Results:

core1> show interfaces
Interface    Status  Admin   Speed  Duplex
Gi0/0        up      up      1000   full
Gi0/1        down    down    1000   full

Firewall Plugin Results:

palo1> show security policies
Policy      Source  Destination  Action
P1          ANY     ANY          permit
P2          ANY     ANY          deny

Reports Generated:

  • audit_report_YYYYMMDD_HHMMSS.html
  • audit_report_YYYYMMDD_HHMMSS.pdf

Reports include color-coded statuses, summary tables, and device-wise metrics.


FAQs

Q1: What are production-grade automation audit reports in pyATS?
A1: These are comprehensive, structured, and executive-ready reports generated automatically after network validation tests. They summarize network health, compliance, configuration drift, and SLA adherence across multi-vendor environments, enabling management-level insights without manual data compilation.


Q2: Why is automation critical for audit reporting in production networks?
A2: Manual audits are time-consuming, error-prone, and inconsistent. Automated reports:

  • Provide real-time insights into network status
  • Ensure standardization across devices and vendors
  • Reduce human error in compliance tracking
  • Integrate easily with CI/CD and ITSM processes

Q3: What information is typically included in a production-grade audit report?
A3: Key components include:

  • Device inventory and software versions
  • Interface health (status, speed, duplex)
  • Redundant power/fan validation
  • Configuration compliance (golden images, ACLs, routing policies)
  • Event and log summaries
  • Service-level indicators (latency, packet loss, uptime)
  • Executive dashboards in PDF/HTML/Markdown formats

Q4: How does pyATS generate these reports?
A4: pyATS collects structured data using:

  • Genie parsers for CLI output
  • Test scripts and plugins for validation
  • Result objects for structured storage
    Reports are then formatted using:
  • Jinja2 templates for HTML/PDF
  • Markdown or JSON for automation pipelines
    This ensures readable and actionable insights for management and engineers alike.

Q5: Can audit reports be customized for different stakeholders?
A5: Yes. Using pyATS:

  • Engineers can get detailed logs and CLI outputs
  • Network managers can receive summarized metrics
  • Executives can view high-level dashboards and compliance scores
    This role-based reporting ensures information is contextually relevant.

Q6: How are audit reports integrated into multi-vendor environments?
A6: pyATS supports Cisco, Arista, Palo Alto, Fortigate, and other vendors. Plugins or test scripts normalize output into a common data model, allowing unified reporting and cross-vendor comparisons for compliance, health scores, and configuration validation.


Q7: How can these reports support regulatory or internal compliance?
A7: Automation audit reports:

  • Track configuration drift vs golden templates
  • Validate security policies, ACLs, and firewall rules
  • Capture historical changes for internal audits or external compliance checks (ISO, SOC, NIST)
  • Provide timestamped documentation for governance

Q8: What are the long-term benefits of implementing automated audit reports?
A8: Benefits include:

  • Continuous network health monitoring
  • Reduced manual effort and faster audit cycles
  • Improved operational efficiency and SLA adherence
  • Better decision-making through historical trends and actionable insights
  • Scalability for growing multi-vendor environments

YouTube Link

Watch the Complete Python for Network Engineer: Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer] Lab Demo & Explanation on our channel:

Master Python Network Automation, Ansible, REST API & Cisco DevNet
Master Python Network Automation, Ansible, REST API & Cisco DevNet
Master Python Network Automation, Ansible, REST API & Cisco DevNet
Why Robot Framework for Network Automation?

Join Our Training

Take your Python for Network Engineer skills to the next level by mastering production-grade audit reporting frameworks.
Join Trainer Sagar Dhawan’s 3-month instructor-led program to learn:

  • Multi-vendor network automation
  • pyATS plugin-based testing frameworks
  • CI/CD pipeline integration
  • Professional reporting and KPI dashboards
  • Hands-on labs with realistic network topologies

Enroll here

Enroll Now & Future‑Proof Your Career
Emailinfo@networkjourney.com
WhatsApp / Call: +91 97395 21088