Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Lovinggood
Explorer
Jump to solution

Security Gateway Inventory

About 6 months ago, CP gave us a script to run from Provider 1 to grab all gateways and their corresponding model/software version. However, it was a very inconsistent result. Meaning that, some (active) gateways came back with just host name and IP and then some came back with host name/IP/OS Version/model number.

Anybody aware of a way to pull : Gateway Info that includes (Hostname/IP/OS-Version/Model)? I know  you can export a list through network objects, but I just want active count for inventory. Any such method/script? 

78 Replies
Etheldra_Freder
Collaborator

Where you run this command or is it related to the script? How do you run it?When I run the "mgmt._cli ...." I get an error that the command is not found.

0 Kudos
PhoneBoy
Admin
Admin

mgmt_cli is run from the management (R80 and above).

If you're on an earlier release, that command won't be available.

0 Kudos
Etheldra_Freder
Collaborator

Thanks for that clarification. I tried using the command but I got an error back that the command was not found.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Can you share the screenshot? Smiley Happy You are logged into expert mode? As in bash shell?

0 Kudos
Etheldra_Freder
Collaborator

Yes, I am.

Also we are on 77:30

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Smiley Happy you will need to get to R80.10 first then. API is not supported in R77.30

0 Kudos
PhoneBoy
Admin
Admin

However, the script you provided above should work on R77.30 MDM.

If you're not on MDM, then it probably needs some modification since there isn't a cpmiquerybin binary to get the list of managed gateways.

0 Kudos
Etheldra_Freder
Collaborator

Got it. Thanks

0 Kudos
PhoneBoy
Admin
Admin

Please be aware when you respond via email, your signature may be included in the public response that gets posted to CheckMates.

I've removed this information from a couple of posts on this thread as I assume you don't want it out there Smiley Happy

0 Kudos
Etheldra_Freder
Collaborator

Thanks, I did not realize that.

0 Kudos
Etheldra_Freder
Collaborator

I have a script SK85621 that does some of the inventory collection but it does not tell you the specific model for each firewall.  I have looked at the attributes and when you use "appliance type" but I would like the specific platform from each individual ( we have a variety). Which attributes gives me that output. I see a list of attributes but not sure which one would do that (since it is not obvious to me in the list of attributes).

0 Kudos
PhoneBoy
Admin
Admin

The script that Kaspars Zibarts‌ provided as part of this thread should give you this information.

It should be a little easier to find now that I've marked it as "correct." Smiley Happy

0 Kudos
Etheldra_Freder
Collaborator

When I try to run the script i get this error "  ./inventoryscriptcheckmates091818.sh: /bin/bash^M: bad interpreter: No such file or directory", any thoughts on how to fix it? I have not tried the corrected one but will now and let you know if I have any issues.

0 Kudos
Etheldra_Freder
Collaborator

Wait, I got it to work, i used the dos2unix command and it is now runnin.

0 Kudos
Etheldra_Freder
Collaborator

I ran the script after converting it. It is running perfectly. 

I could not get the output to come out in HTML though. It came out in semicolon delimited format. It's

 not a big deal because it is working but just thought it would be cool to have the HTML output. Thank for all of the help and feedback.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

HTML is faced in the output.html file in the same directory as script itself. In order to see it copy to a webbserver or your laptop and open it there. 

0 Kudos
Weiwei_Miao
Participant

If I want to pull, serial number, memory, hardisk space, cpu level, sic status, hastatus...how can I achieve it.

0 Kudos
Weiwei_Miao
Participant

#!/bin/bash
. /opt/CPshared/5.0/tmp/.CPprofile.sh

IP='xxxx'
MAC=`$CPDIR/bin/cprid_util -server $IP -verbose rexec -rcmd bash -c "ifconfig -a" | egrep "Mgmt|Internal|eth0" | head -1 | awk '{print $5}'`
echo $MAC

I am just trying to test this on a specific fw gateway, but it is not returning any value. Did I miss anything?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

You can't execute cprid commands on gateways, it runs only on management. So if you want to do it on firewall itself then run

MAC=`ifconfig -a | egrep "Mgmt|Internal|eth0" | head -1 | awk '{print $5}'`

0 Kudos
Weiwei_Miao
Participant

sorry for the confusion. I tested this script on management, and I specified which gateway I want to pull the info from, but it did not return any value. Any idea on what could cause it?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Hi

check that cprid is running on the gateway, I have noticed that sometimes it may die

ps aux|grep cprid

and it's listening on port 18208

[Expert@fw2:0]# netstat -an|grep 18208
tcp 0 0 0.0.0.0:18208 0.0.0.0:* LISTEN

0 Kudos
Weiwei_Miao
Participant

checked that.. it is running and listening on that port.

[Expert@xxxx]# ps aux|grep cprid
admin    29498  0.0  0.0   1736   520 pts/2    S+   11:31   0:00 grep cprid
[Expert@xxx]# netstat -an | grep 18208
tcp        0      0 10.15.207.11:18208          0.0.0.0:*                   LISTEN

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Can you run cprid without script? I.e.

$CPDIR/bin/cprid_util -server x.x.x.x -verbose rexec -rcmd bash -c ifconfig -a

Do you see output of ifconfig from gateway?

Do you have any firewalls in the path that can stop port 18208?

Martin_Valenta
Advisor

Also it doesn't count with any Gaia Embbedded boxes.

0 Kudos
Etheldra_Freder
Collaborator

Good morning 

we have MDSs that In “stopping “, I have cleared  CPMIcache, reboot the MDS, stop and start the MDS and still they are in that state. It is preventing us from assigning policy and making use of the CMA for troublehooting purposes and still nothing works. We have 3 MDSs and the main one works but the secondary ones do not. Would the issue be because the service has stopped? I am going to check it with the command you listed above. Thanks 

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Sorry, but this article is nothing to do with MDS stopping. It simply collects gateway information using cprid. You better start new conversation and add more information about what's actually wrong

0 Kudos
Etheldra_Freder
Collaborator

Oh shoot, not sure why I did that. My apologize All. I blame it on sleep.

0 Kudos
Greg_Galowitz
Participant

I am getting error when running this script.

[Expert@Manager:0]# ./Gateway.sh
sed: -e expression #1, char 6: unterminated `s' command
./Gateway.sh:;line;;;;
[Expert@Manager:0]#

 

I am running r80.20 on my manager. 

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee
Haven't upgraded to R80.20 yet in our env 🙂 coming soon
0 Kudos
Maarten_Sjouw
Champion
Champion
Kaspars, can you paste the script again with the correct formatting? Carriage returns got eaten by the conversion to the new forum...
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events