Solved: Output of cprid truncated after receiving 60001 by...

Bärbel · ‎2023-01-17

I use cprid to automate tasks with a bunch of different SMB appliances. This works fine when executing commands with less output (e.g. "show snmp traps receivers")

But when executing commands with larger output (e.g. "show configuration") the output is silently truncated after exactly 60001 bytes. This seems to be the case only with SMB appliances and is consistent and reproducible across different types of appliances and firmware levels:

This is Check Point's 1450 Appliance R77.20.87 - Build 120
This is Check Point's 1550 Appliance R80.20.50 - Build 773
This is Check Point's 1590 Appliance R80.20.50 - Build 773
This is Check Point's 1800 Appliance R80.20.40 - Build 665

Unfortunately there is no error message or other indicator that the output is incomplete. Full Gaia seems to be not affected.

cprid_util is invoked on SmartCenter Management Server (R81.10 - Build 029) like this:
cprid_util -server $gw -verbose rexec -rcmd clish -c "show configuration" > $gw.txt

Any advice?

G_W_Albrecht · ‎2023-01-23

The output of "show configuration" could be saved to a file and transfered using cprid as found in sk101047.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

PhoneBoy · ‎2023-01-17

This is very likely expected behavior, given we do not allow you to run "one-time scripts" on SMB appliances in SmartConsole.
Recommend opening a TAC case to confirm.

Bärbel · ‎2023-01-18

I would at least expect an error message or a return code other than 0 in case a command could not completed.

But this raises more questions:

1.) Are there technical reasons that it is "not allowed" (or to quote SmartConsole "not supported") to run scripts on SMB appliances? There are even official sk's where cprid_util is listed as official solution for certain tasks on SMB appliances!

2.) What is the "official" supported way to automate tasks on SMB appliances?

PhoneBoy · ‎2023-01-18

The technical reason for the limit on the amount of data returned by cprid is quite likely the limited resources (RAM) the SMB devices have versus our regular, non-SMB gateways.
That, I suspect, is the reason we don't allow this from SmartConsole.
That and the scripts you write for SMB devices would be different.

In any case, you should be able to use cprid with SMB devices, particularly since we document its usage in various SKs.
You'll just have to be mindful of the limit in terms of the amount of data returned by said commands.

The fact this isn't officially documented is an issue, and thus it's worth a TAC case to confirm the above and get it documented in an SK.

PhoneBoy · ‎2023-01-19

I asked the SMB R&D folks out-of-band about this issue with cprid and it turns out...it's not a limitation they're aware of.
Which means it's likely a bug and will require a TAC case to investigate and fix.

G_W_Albrecht · ‎2023-01-23

The output of "show configuration" could be saved to a file and transfered using cprid as found in sk101047.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

scordy · ‎2024-11-17

**bleep**! Wish I had read this before I went to the trouble or writing a script to backup / verify that no shifts in CLISH config were occurring without oversight on these devices. I have a very lovely bunch of 60001 byte files ... 😞

Are you a member of CheckMates?

Output of cprid truncated after receiving 60001 bytes