Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aleksandr_Nosit
Employee
Employee
Jump to solution

Alert on rule time expire

Hi gurus,

do we have any option to alert admins via e-mail about time limited rules about to expire?

Br,

Aleksandr

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

Hi,

SmartConsole does not have such feature at the moment. For R80, setting up the customized email template to the specific users, with the specific pre-expiration threshold, could be achieved by using API commands such as "show-access-rulebase", or alternatively "show-times" and then "where-used" per expired time object.

View solution in original post

0 Kudos
12 Replies
Tomer_Sole
Mentor
Mentor

Hi,

SmartConsole does not have such feature at the moment. For R80, setting up the customized email template to the specific users, with the specific pre-expiration threshold, could be achieved by using API commands such as "show-access-rulebase", or alternatively "show-times" and then "where-used" per expired time object.

0 Kudos
Aleksandr_Nosit
Employee
Employee

Hi Tomer,

Do we have this feature in roadmap for near future? This is the  feature people a asking about and missing a lot .

/Alec

0 Kudos
Tomer_Sole
Mentor
Mentor

We have this in our roadmap plan.

thanks,

Tomer.

0 Kudos
Ekta_Siwani1
Contributor

Hi Tomer Sole,

How to find expired rules using "show-access-rulebase" API.

I am not able to find any field which provides me this information. 

Looks like I am missing something.

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi, just like SmartConsole, this option is not available with the R80.10 API either. This is because the logics happen on the Management Server. Both SmartConsole and the MGMT API are simply clients that utilize the logics that happen on the Management Server.

In our next releases, this gap will be closed, and then both clients (SmartConsole & API) will have this capability. 

As a workaround, you will have to iterate per rule and check whether it has a time object, and the time object's data.

0 Kudos
Felix_Hoffmann1
Participant

Hi, I created a small python script that is using the web services API. maybe you can use it.

#!/usr/bin/python
import requests, json, urllib3, os, smtplib, re
from datetime import datetime
from email.parser import Parser
from pprint import pprint
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

mgmtserv = 'ip of your mgmt server'
mgmtport = '443'
mgmtuser = 'yourapiuser'
mtmtpass = 'apiuserpassword'
mailpath = '/root/maildir/'
smtpserver = 'yourmailserver'

def api_call(command, json_payload, sid):
    url = 'https://' + mgmtserv + ':' + mgmtport + '/web_api/' + command
    if sid == '':
        request_headers = {'Content-Type' : 'application/json'}
    else:
        request_headers = {'Content-Type' : 'application/json', 'X-chkp-sid' : sid}
    r = requests.post(url,data=json.dumps(json_payload), headers=request_headers, verify=False)
    return r.json()


def login(user,password):
    payload = {'user':user, 'password':password}
    response = api_call('login', payload, '')
    return response["sid"]


def createmails(userarr,content,delta):
    for mail in userarr:
        mailfile = mailpath + mail.lower()
        if not os.path.isfile(mailfile):
            filehandler = open(mailfile,"w+")
            if re.search(r'@',mail.lower()):
                filehandler.write("To:" + mail.lower() + "\n")
            else:
                filehandler.write("To:" + mail.lower() + "@<yourdomainname here>\n")
            filehandler.write("From: \n")
            filehandler.write("Cc: \n")
            filehandler.write("Subject: rule expiration\n")
            filehandler.write("Content-Type: text/html; charset=UTF-8\n\n")
            filehandler.write("<html><body>\n")
            filehandler.write("<p><span style=\"font-family:sans-serif\"; font-size:\"0.5em\">\n")
            filehandler.write("Hi,<br>The following rules are about to expire.<br><br>")
            filehandler.write("<table border='1'>\n<tr>\n<th>source</th>\n<th>destination</th>\n<th>service</th>\n<th>days left</th>\n<th>contacts</th>\n<th>ticket number</th>\n<th>additional rule information</th>\n</tr>\n")
            filehandler.close()
        appendcontenttomail(mailfile,content,delta)

def appendcontenttomail(mailfile,content,delta):
    filehandler = open(mailfile,"a")
    daysleft = delta.days
    print daysleft
    filehandler.write("<tr><td>")
    for item in content['source']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    for item in content['destination']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    for item in content['service']:
        filehandler.write(item['name'] + "<br>")
    filehandler.write("</td><td>")
    filehandler.write(str(daysleft))
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-3'])
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-2'])
    filehandler.write("</td><td>")
    filehandler.write(content['custom-fields']['field-1'])
    filehandler.write("</td>\n")
    filehandler.close()

sid = login(mgmtuser,mtmtpass)

result = api_call('show-times', {}, sid)

for i in result['objects']:
    timedetail = api_call('show-time', {'uid':i['uid']}, sid)
    if not timedetail['end-never']:
        date1 = datetime.strptime(timedetail['end']['date'], "%d-%b-%Y")
        date2 = datetime.now()
        delta = date1 - date2

        if (int(delta.days) == 45) or (int(delta.days) == 21) or (int(delta.days) == 3):
            rules = api_call('where-used', {'uid':i['uid']}, sid)
            for rulenr in rules['used-directly']['access-control-rules']:
                accessrule = api_call('show-access-rule', {'layer':rulenr['layer']['uid'],'uid':rulenr['rule']['uid']}, sid)
                if accessrule['custom-fields']['field-3'] != '':
                    users = accessrule['custom-fields']['field-3'].split("/")
                    createmails(users,accessrule,delta)

                    
for file in os.listdir(mailpath):
    mailfile = mailpath + file
    filehandler = open(mailfile,"a")
    filehandler.write("</table>\n</span>\n</p>\n</body>\n</html>\n")
    filehandler.close

    headers = Parser().parse(open(mailfile, 'r'))
    fromaddr = headers['From']

    toaddr = headers['To']
    ccaddr = headers['Cc']
    toaddrs = [toaddr] + [ccaddr]
    server = smtplib.SMTP(smtpserver)
    server.sendmail(fromaddr, toaddrs, headers.as_string())
    server.quit()


logout_result = api_call('logout', {}, sid)

you need to change the from, CC and <yourdomainname here> to your needs.

minhhaivietnam
Collaborator

Hello Felix,

Thank much for this script. I run this,  it works fine for rule number from 0 to 500.

run ok.png

When I change limit rule to 501 and above, it get error like this

run faild.png

 

Could you pls help me why ? Tks you in advance.

 

0 Kudos
abihsot__
Advisor

it is crappy design, but you have to use offset 500 and  limit 500 together to iterate through bigger lists.

0 Kudos
quabank
Explorer

Hi Felix, 

Your script run so nice. But i have an issuez: Now i want to sent the rule expired or alert to each requester(who own this rule) instead of sent lots of rules.

Could you have any suggestions.

Thanks

0 Kudos
(1)
Ihenock1011
Advisor

hi @Aleksandr_Nosit @Felix_Hoffmann1 @minhhaivietnam @abihsot__ @quabank 

Can Check Point Smart Console R81 and later versions send email alerts for expired rules and user accounts? checking if the feature is enabled

0 Kudos
PhoneBoy
Admin
Admin

You can create scripts that monitor API output for these items.
However, we do not issue alerts for these items.

JozkoMrkvicka
Authority
Authority

For expired rules:

you can view a list of these expired rules in $FWDIR/log/expired_rules_per_layer.txt. (In case of VSX - go to the relevant VS)

Kind regards,
Jozko Mrkvicka

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events