Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
venkata_marutur
Contributor

Emailing Command Outputs

Hello Team,

Can someone tell me how I can run a command on Checkpoint firewalls/management server and get the command output in an email (like a text or csv file)?

I was able to find some alerts for theresholds but not for custom command outputs.

Thanks in advance!

9 Replies
venkata_marutur
Contributor

Hello,

It did not receive an email when I tried this: "$FWDIR/bin/sendmail -t <IP_ADDRESS_of_SMTP_SERVER> -s <Subject> -f <FROM_ADDRESS> <TO_ADDRESS>" or "internal_sendmail -s 'SmartView' -t MAILSERVER -f SENDER_EMAIL_ADDRESS RECEIVER_EMAIL_ADDRESS"

But following SK127192, I did receive an email.

Can someone help me understand what was missing in my other approach?

Thanks.

 

PhoneBoy
Admin
Admin

What output when you ran the Sendmail command? Maybe a tcpdump will also provide a clue as to how the mailserver is responding.

0 Kudos
venkata_marutur
Contributor

Hello PhoneBoy,
Here is the test and tcpdump output:
Mail server IP = Y
Firewall IP = X

Command used: $FWDIR/bin/sendmail -t Y -s "Testmessage" -f <dummy email> <my email>


[Expert@xxxx:0]# tcpdump -nnei any host Y -c 200
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
03:28:46.240228 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 76: X.61498 > Y.25: S 381158 2092:3811582092(0) win 5840 <mss 1460,sackOK,timestamp 3253921051 0,nop,wscale 10>
03:28:46.240330 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 76: X.61498 > Y.25: S 381158 2092:3811582092(0) win 5840 <mss 1460,sackOK,timestamp 3253921051 0,nop,wscale 10>
03:28:46.240339 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 76: X.61498 > Y.25: S 381158 2092:3811582092(0) win 5840 <mss 1460,sackOK,timestamp 3253921051 0,nop,wscale 10>
03:28:46.256677 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 64: Y.25 > X.61498: S 140125 9499:1401259499(0) ack 3811582093 win 4380 <mss 1460,sackOK,eol>
03:28:46.256780 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 1 win 5840
03:28:46.256786 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 1 win 5840
03:28:46.256788 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 1 win 5840
03:28:46.273920 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 154: Y.25 > X.61498: P 1:99( 98) ack 1 win 4380
03:28:46.274036 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 99 win 5840
03:28:46.274039 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 99 win 5840
03:28:46.274040 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 99 win 5840
03:28:46.274055 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 74: X.61498 > Y.25: P 1:19(1 😎 ack 99 win 5840
03:28:46.274058 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 74: X.61498 > Y.25: P 1:19(1 😎 ack 99 win 5840
03:28:46.274058 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 74: X.61498 > Y.25: P 1:19(1 😎 ack 99 win 5840
03:28:46.290339 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 62: Y.25 > X.61498: . ack 19 win 4398
03:28:47.305681 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 87: Y.25 > X.61498: P 99:130 (31) ack 19 win 4398
03:28:47.306096 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: F 19:19( 0) ack 130 win 5840
03:28:47.306100 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: F 19:19( 0) ack 130 win 5840
03:28:47.306101 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: F 19:19( 0) ack 130 win 5840
03:28:47.322599 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 62: Y.25 > X.61498: . ack 20 win 4398
03:28:47.322715 In 00:08:e3:ff:fc:c4 ethertype IPv4 (0x0800), length 62: Y.25 > X.61498: F 130:13 0(0) ack 20 win 4398
03:28:47.322818 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 13 1 win 5840
03:28:47.322822 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 13 1 win 5840
03:28:47.322823 Out 00:1c:7f:30:de:b5 ethertype IPv4 (0x0800), length 56: X.61498 > Y.25: . ack 13 1 win 5840

24 packets captured
54 packets received by filter
0 packets dropped by kernel
[Expert@xxxx:0]#

Also, is there any sendmail.log file ?

Thanks.
Maarten_Sjouw
Champion
Champion

Are you using this inside a script? If so you need to use the proper directory, you probably do not have an include for the Check Point variables in the script to take care of $FWDIR?

To make sure it works try /opt/CPsuite-R80.20/fw1/bin/sendmail (set the proper version in the PCsuite part).

We use this every day in our MDS backup and log clean scripts, works like a charm.

Regards, Maarten
0 Kudos
venkata_marutur
Contributor

No sir, I am not using the command inside a script.
Thanks for the tip though 😄
PhoneBoy
Admin
Admin

I would need to see a full packet dump (with -s 0 -X) to see what the SMTP responses actually are.
venkata_marutur
Contributor

Initially I did happen to notice "Invalid domain name" errors when i used -s and -X flags in my tcpdump.
So i did add domain name in the Gaia WebUI portal and also configured my mail server (just in case).
Now I am not seeing any such errors, the mail server sends hello and the firewall replies hello and that's it..will send you the packet capture in a private message.

Thanks.
0 Kudos
PhoneBoy
Admin
Admin

I recommend opening a TAC case on this based on what you sent.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events