Difference between revisions of "local firewall objects database"
From cpwiki.net
(→commands to run locally on the firewall) |
|||
(9 intermediate revisions by one user not shown) | |||
Line 2: | Line 2: | ||
− | Object information such as IPs can be gathered locally on the firewall. This is useful for situations where you might cat $FWDIR/conf/masters to check the manager and logger configurations. | + | Object information such as IPs can be gathered locally on the firewall. This is useful for situations where you might cat $FWDIR/conf/masters to check the manager and logger configurations. The problem is all that file presents is object names and you might what the associated IP address... but not want to take the time to look it up on the GUI. |
The local firewall object information can be found in | The local firewall object information can be found in | ||
$FWDIR/database/objects.C | $FWDIR/database/objects.C | ||
+ | |||
+ | |||
+ | == commands to run locally on the firewall == | ||
Line 11: | Line 14: | ||
objects.C- :ipaddr (192.168.1.100) | objects.C- :ipaddr (192.168.1.100) | ||
− | where ''mysmartcenter'' should be replaced with | + | where ''mysmartcenter'' should be replaced with the object name of interest |
a little cleaner command for bash on SPLAT or Gaia | a little cleaner command for bash on SPLAT or Gaia | ||
− | # '''NAME=" | + | # '''NAME="''object_name_goes_here''"; grep -A 200 -r ": ($NAME" * $FWDIR/database/objects.C | grep -i ipaddr''' |
ipso | ipso | ||
− | # '''set NAME=" | + | # '''set NAME="''object_name_goes_here''"; grep -A 200 -r ": ($NAME" * $FWDIR/database/objects.C | grep -i ipaddr''' |
+ | |||
+ | ==get smartcenter or CMA info== | ||
+ | |||
+ | i=`grep -A 1 "Policy" $FWDIR/conf/masters | grep -v Policy`; grep -E ": \($i|ipaddr" $FWDIR/database/objects.C | grep -iA1 "$i"|tr -d "()":ipaddr | awk '{print $1}' | ||
+ | |||
+ | == get logger and IP == | ||
+ | |||
+ | this one works in bash on linux based firewalls or from bash in ipso | ||
+ | [Expert@myfirewall]# '''i=`awk '/\[Log\]/{p=1;next}p &&/\[Alert\]/{p=0};p' $FWDIR/conf/masters`; grep -E ": \($i|ipaddr" $FWDIR/database/objects.C | grep -iA1 "$i"|tr -d "()":ipaddr | awk '{print $1}'''' | ||
+ | my_clm | ||
+ | 192.168.1.10 | ||
+ | |||
+ | --- note: bash is not the default shell in ipso(csh is) --- | ||
+ | |||
+ | swithing to bash in ipso | ||
+ | mychkpfw[admin]# '''bash''' | ||
+ | [root@mychkpfw ~]# <<< new bash prompt | ||
[[category:misc]] | [[category:misc]] |
Latest revision as of 17:09, 21 January 2015
Firewall Versions: R65 to R75 (tested)
Object information such as IPs can be gathered locally on the firewall. This is useful for situations where you might cat $FWDIR/conf/masters to check the manager and logger configurations. The problem is all that file presents is object names and you might what the associated IP address... but not want to take the time to look it up on the GUI.
The local firewall object information can be found in
$FWDIR/database/objects.C
commands to run locally on the firewall
# grep -A 200 -r ": (mysmartcenter" * $FWDIR/database/objects.C | grep -i ipaddr objects.C- :ipaddr (192.168.1.100)
where mysmartcenter should be replaced with the object name of interest
a little cleaner command for bash on SPLAT or Gaia
# NAME="object_name_goes_here"; grep -A 200 -r ": ($NAME" * $FWDIR/database/objects.C | grep -i ipaddr
ipso
# set NAME="object_name_goes_here"; grep -A 200 -r ": ($NAME" * $FWDIR/database/objects.C | grep -i ipaddr
get smartcenter or CMA info
i=`grep -A 1 "Policy" $FWDIR/conf/masters | grep -v Policy`; grep -E ": \($i|ipaddr" $FWDIR/database/objects.C | grep -iA1 "$i"|tr -d "()":ipaddr | awk '{print $1}'
get logger and IP
this one works in bash on linux based firewalls or from bash in ipso
[Expert@myfirewall]# i=`awk '/\[Log\]/{p=1;next}p &&/\[Alert\]/{p=0};p' $FWDIR/conf/masters`; grep -E ": \($i|ipaddr" $FWDIR/database/objects.C | grep -iA1 "$i"|tr -d "()":ipaddr | awk '{print $1}' my_clm 192.168.1.10
--- note: bash is not the default shell in ipso(csh is) ---
swithing to bash in ipso
mychkpfw[admin]# bash [root@mychkpfw ~]# <<< new bash prompt