Wednesday, January 11, 2017

HOWTO: bulk interface gathering details FortiOS

In this post, I will show you how to gather bulk interface gathering details.

For example, you have a  firewall model that has numerous interface, it can be slow and time consuming to  execute diag cmd per interface.

Take this FGT3240, we will build a script that allow us to run thru all 28ports and drop the diad commands of interest.

Than I will show how you can gather  the status using a unix ssh client.

1: here's the script.

(  this unit runs multi-vdom ...drop the globla cfg  if your single vdom )


for ((a=1; a <=  28; a++))
do

echo -e "config global"
echo -e "diagnose hardware deviceinfo nic port$a | grep _drop \n"
echo -e "diagnose hardware deviceinfo nic port$a | grep _dp_  \n"
echo -e "diagnose hardware deviceinfo nic port$a | grep err   \n"
echo -e "diag hardware deviceinfo nic  port$a  | grep over \n"
echo -e "end\n"




done


2: Now the fun part to execute this you could do the following;

./<scriptname.sh>  | ssh <username>@firewall.address > myoutput.`date +%Z%T_%F`


3: Here's a netlink  script and statistic collection plus clearing;

SOCKET01>cat looper1.sh
for ((a=1; a <=  28; a++))
do

echo -e "config vdom \n"
echo -e "edit root \n"
echo -e  "diag netlink interface list port$a   \n"
echo -e  "diag netlink interface clear port$a   \n"
echo -e "end \n"

done


YMMV but you can get very creative and use this in  custom "Expect" scripts or in nagios  | syslog-ng for alert triggers when a condition exists.


e.g 



and syslog-ng with source and destination filters






sendmestatus.sh  would be a simple  bash script  that  runs the  looper1.sh and directs the output into sendmail


.looper1.sh | socfwmongrp1@192.168.192.110 | mail -s " ALERT ME  ` date +%F_%T`  -c kenn1.felix@socpuppets.com SOCSUPERVISION@socpuppets.com












Just ensure you have the correct syslog message for the trigger 










Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment