[Day #100 PyATS Series] Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer]
Table of Contents
Introduction: Key Concepts
Welcome to Day #100 of the 101 Days of pyATS (Vendor-Agnostic) series. Today, I will focus on creating production-grade automation audit reports for management using pyATS. For a professional Python for Network Engineer, the ability to generate comprehensive, readable, and actionable reports is a key skill.
In this Article, we will cover:
- Generating management-friendly audit reports from multi-vendor environments.
- Combining CLI and GUI validations into structured reports.
- Creating HTML, Markdown, and PDF outputs.
- Automating report generation post-test execution.
- Integrating trend analysis and KPI metrics for executive review.
By the end of this session, you will have a reusable, production-ready reporting framework.
Topology Overview
The lab topology includes:
- Core Layer: Cisco ISR routers
- Distribution Layer: Cisco Catalyst and Arista switches
- Edge Layer: Palo Alto and FortiGate firewalls
- Management Server: Python automation server with pyATS
Simplified topology:

This setup simulates a real-world enterprise environment for generating management-grade reports.
Topology & Communications
- Device Communication: SSH, REST API (for GUI-enabled devices)
- Framework Architecture:
- Core Engine: pyATS test execution
- Validation Plugins: Device-specific checks (interfaces, routing, licenses, compliance)
- Reporting Engine: Aggregates outputs into management-friendly formats
- Parallel Execution: Using pyATS
pcall
for fast multi-device validation - Data Collection: CLI outputs parsed with Genie parsers, screenshots for GUI validation
- Reporting Flow: JSON → HTML/Markdown/PDF → Email or Dashboard
Workflow Script
The workflow involves:
- Load testbed.yml for device definitions.
- Execute plugins for health, interfaces, services, and compliance.
- Aggregate results into structured JSON.
- Generate HTML/Markdown/PDF reports.
- Optional: Send reports via email or dashboard.
Core Script: generate_audit_report.py
import os import json from datetime import datetime from pyats.async_ import pcall from genie.testbed import load from jinja2 import Environment, FileSystemLoader from weasyprint import HTML # Load testbed testbed = load('testbed.yml') # Discover validation plugins PLUGIN_DIR = 'plugins' plugins = [f.replace('.py','') for f in os.listdir(PLUGIN_DIR) if f.endswith('.py')] def run_plugin(device_name, plugin_name): device = testbed.devices[device_name] device.connect() plugin_module = __import__(f'plugins.{plugin_name}', fromlist=['run']) result = plugin_module.run(device) device.disconnect() return {device_name: result} # Execute plugins across all devices all_results = {} for plugin in plugins: results = pcall(run_plugin, *[(dev.name, plugin) for dev in testbed.devices.values()]) all_results[plugin] = results # Save JSON results timestamp = datetime.now().strftime("%Y%m%d_%H%M%S") with open(f'audit_results_{timestamp}.json', 'w') as f: json.dump(all_results, f, indent=2) # Generate HTML report using Jinja2 env = Environment(loader=FileSystemLoader('templates')) template = env.get_template('audit_report.html') html_out = template.render(results=all_results, timestamp=timestamp) with open(f'audit_report_{timestamp}.html', 'w') as f: f.write(html_out) # Generate PDF HTML(f'audit_report_{timestamp}.html').write_pdf(f'audit_report_{timestamp}.pdf') print(f"Reports generated: audit_report_{timestamp}.html and .pdf")
Sample Plugin: plugins/interface_status.py
def run(device): """Check interface operational state, speed, and duplex""" interfaces = device.parse('show interfaces') report = {} for intf, details in interfaces.items(): report[intf] = { 'status': details['status'], 'admin_status': details['admin_status'], 'speed': details.get('speed'), 'duplex': details.get('duplex') } return report
Explanation by Line
- pcall(run_plugin, …): Executes plugin validations on multiple devices simultaneously.
- JSON Output: Provides structured, machine-readable data.
- Jinja2 Templates: Convert JSON into management-friendly HTML reports.
- WeasyPrint HTML → PDF: Produces professional PDFs for executive review.
- Plugin Modularity: Each plugin is independent, allowing multi-vendor support and reusable validations.
testbed.yml Example
testbed: name: MultiVendorAudit devices: core1: type: router os: iosxe connections: cli: protocol: ssh ip: 10.10.10.1 username: admin password: Cisco123 dist1: type: switch os: iosxe connections: cli: protocol: ssh ip: 10.10.20.1 username: admin password: Cisco123 arista1: type: switch os: eos connections: cli: protocol: ssh ip: 10.10.30.1 username: admin password: Arista123 palo1: type: firewall os: panos connections: cli: protocol: ssh ip: 10.10.40.1 username: admin password: Palo123 forti1: type: firewall os: fortios connections: cli: protocol: ssh ip: 10.10.50.1 username: admin password: Forti123
Post-Validation CLI (Expected Outputs)
Interface Plugin Results:
core1> show interfaces Interface Status Admin Speed Duplex Gi0/0 up up 1000 full Gi0/1 down down 1000 full
Firewall Plugin Results:
palo1> show security policies Policy Source Destination Action P1 ANY ANY permit P2 ANY ANY deny
Reports Generated:
audit_report_YYYYMMDD_HHMMSS.html
audit_report_YYYYMMDD_HHMMSS.pdf
Reports include color-coded statuses, summary tables, and device-wise metrics.
FAQs
Q1: What are production-grade automation audit reports in pyATS?
A1: These are comprehensive, structured, and executive-ready reports generated automatically after network validation tests. They summarize network health, compliance, configuration drift, and SLA adherence across multi-vendor environments, enabling management-level insights without manual data compilation.
Q2: Why is automation critical for audit reporting in production networks?
A2: Manual audits are time-consuming, error-prone, and inconsistent. Automated reports:
- Provide real-time insights into network status
- Ensure standardization across devices and vendors
- Reduce human error in compliance tracking
- Integrate easily with CI/CD and ITSM processes
Q3: What information is typically included in a production-grade audit report?
A3: Key components include:
- Device inventory and software versions
- Interface health (status, speed, duplex)
- Redundant power/fan validation
- Configuration compliance (golden images, ACLs, routing policies)
- Event and log summaries
- Service-level indicators (latency, packet loss, uptime)
- Executive dashboards in PDF/HTML/Markdown formats
Q4: How does pyATS generate these reports?
A4: pyATS collects structured data using:
- Genie parsers for CLI output
- Test scripts and plugins for validation
- Result objects for structured storage
Reports are then formatted using: - Jinja2 templates for HTML/PDF
- Markdown or JSON for automation pipelines
This ensures readable and actionable insights for management and engineers alike.
Q5: Can audit reports be customized for different stakeholders?
A5: Yes. Using pyATS:
- Engineers can get detailed logs and CLI outputs
- Network managers can receive summarized metrics
- Executives can view high-level dashboards and compliance scores
This role-based reporting ensures information is contextually relevant.
Q6: How are audit reports integrated into multi-vendor environments?
A6: pyATS supports Cisco, Arista, Palo Alto, Fortigate, and other vendors. Plugins or test scripts normalize output into a common data model, allowing unified reporting and cross-vendor comparisons for compliance, health scores, and configuration validation.
Q7: How can these reports support regulatory or internal compliance?
A7: Automation audit reports:
- Track configuration drift vs golden templates
- Validate security policies, ACLs, and firewall rules
- Capture historical changes for internal audits or external compliance checks (ISO, SOC, NIST)
- Provide timestamped documentation for governance
Q8: What are the long-term benefits of implementing automated audit reports?
A8: Benefits include:
- Continuous network health monitoring
- Reduced manual effort and faster audit cycles
- Improved operational efficiency and SLA adherence
- Better decision-making through historical trends and actionable insights
- Scalability for growing multi-vendor environments
YouTube Link
Watch the Complete Python for Network Engineer: Production-Grade Automation Audit Reports for Management Using pyATS for Cisco [Python for Network Engineer] Lab Demo & Explanation on our channel:
Join Our Training
Take your Python for Network Engineer skills to the next level by mastering production-grade audit reporting frameworks.
Join Trainer Sagar Dhawan’s 3-month instructor-led program to learn:
- Multi-vendor network automation
- pyATS plugin-based testing frameworks
- CI/CD pipeline integration
- Professional reporting and KPI dashboards
- Hands-on labs with realistic network topologies
Enroll Now & Future‑Proof Your Career
Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088