cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
561
Views
17
Helpful
13
Replies
Cisco Employee

PI3.1 API - Rogue APs?

Hello, is there a way to easily get Rogue AP information through the PI API instead of having to go through the "get alarms" call or "get reports" call?  If not, are there plans to do so in the future to help with PCI compliance reporting?

Or is the better way to go through CMX?

Thanks

Bill

Everyone's tags (2)
13 REPLIES 13
Cisco Employee

Re: PI3.1 API - Rogue APs?

Beginner

Re: PI3.1 API - Rogue APs?

I did some tests, is it possible that the .full=true syntax does not work with GET data/RogueAPAlarms ?

I get a 500 internal server error.

Cisco Employee

Re: PI3.1 API - Rogue APs?

.full=true is supported for the RogueApAlarms resource.  The capitalization of the URL does matter, so it should be RogueApAlarms and not RogueAPAlarms, but that would (in this case) yield a 404 error rather than a 500, so I'm guessing that's just a typo.

What is the content of the error?  Do requests without .full=true or requests for particular alarms work?

Beginner

Re: PI3.1 API - Rogue APs?

I did use RogueApAlarms and not RogueAPAlarms.


This is (part of) my script:

If ($getCred -eq $null)

{

  $getCred = Get-Credential

}


$rest_server = "servername"  # replace this with your servername

$decryptedPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($getCred.Password))

$base64password = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("$($getCred.UserName):$decryptedPassword"))

$rest_path = "webacs/api/v3/data"

$rest_module = "RogueApAlarms"


$extraurl = "&severity=ne(CLEARED)&severity=ne(INFORMATION)"

$baseuri = "https://$rest_server/$rest_path/$($rest_module)?.maxResults=1000&.full=true&_ctx.domain=ROOT-DOMAIN$($extraurl)"

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


If ($RestSession -eq $null)

{

  "New rest session started"

  $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -SessionVariable RestSession

}

else

{

  "Excisting rest session used"

  $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession

}

The result I get:

PS H:\> C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1

Excisting rest session used

Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.

At C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1:25 char:15

+ ...   $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType  ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

PS H:\>

Beginner

Re: PI3.1 API - Rogue APs?

BTW:

If I remove the .full=true syntax, I get results. :-)

PS H:\> $result.queryResponse.entityId

type          url                                                                  #text  

----          ---                                                                  -----  

RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982985 7273982985

RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982986 7273982986

etc...

Cisco Employee

Re: PI3.1 API - Rogue APs?

Paul, PowerShell is dropping some of the error response on the floor.  I can't remember off-the-top how to get it to return the full error response.  Could you please try the same request in a web browser?  In addition to the 500 response code there should be an error response body that will give us more insight.

Beginner

Re: PI3.1 API - Rogue APs?

Thanks for you help.

I cannot use the webbrowser. ("North Bound API users are not allowed to login via the web GUI.")

Though I managed to get more info using powershell. This is a snippet:

$baseuri ="https://servername/webacs/api/v3/data/RogueApAlarms?.full=true&.maxResults=1000&_ctx.domain=ROOT-DOMAIN&severity=ne(CLEARED)&severity=ne(INFORMATION)"

try {

    $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession

} catch {

    $response = $_.Exception.Response.GetResponseStream()

    $reader = New-Object System.IO.StreamReader($response)

    $reader.BaseStream.Position = 0

    $reader.DiscardBufferedData()

    $responseBody = $reader.ReadToEnd()

}

The data in $responseBody is:

<?xml version="1.0" ?>

<errorDocument>

  <httpResponseCode>500</httpResponseCode>

  <httpMethod>GET</httpMethod>

  <message>could not execute query; SQL [select this_.ID as ID2489_0_, this_.Source as Source2489_0_, this_.Severity as

...

this_.ID asc]; nested exception is org.hibernate.exception.SQLGrammarExcep

tion: could not execute query</exception>

  <uriPath>data/RogueApAlarms</uriPath>

  <queryParams>{.full=[true], .maxResults=[1000], _ctx.domain=[ROOT-DOMAIN], severity=[ne(CLEARED), ne(INFORMATION)]}</queryParams>

</errorDocument>

(full text in the attachment)

Cisco Employee

Re: PI3.1 API - Rogue APs?

It looks like the underlying data structures were not created on your server.  What was your upgrade path?  For example, one upgrade path might be 2.2 fresh install -> 3.0 -> 3.0 MR2 -> 3.2.

Beginner

Re: PI3.1 API - Rogue APs?

My colleague has twice a week contact with the Prime business unit. Maybe it is better if he discuss this issue with them. (It gets a long thread this way.)

When the issue is solved I will post it for others to learn. :-)


Beginner

Re: PI3.1 API - Rogue APs?

Hi Paul,

Did you end up resolving this issue? I am also experiencing the same issue (receiving a "httpResponseCode": 500, when trying to use the .full=true query parameter for /webacs/api/v3/data/RogueApAlarms)

Highlighted
Beginner

Re: PI3.1 API - Rogue APs?

I just tested in the udated PI version 3.2.1, and I do not get any 500 internal server errors! :-)

Next problem to solve is the paging on a volatile dataset. I get a lot of changed data during the query.

Cisco Employee

Re: PI3.1 API - Rogue APs?

Thanks Spencer, will see about upgrading to 3.2.  As a future request, it'll also be good if there's a way to classify rogues directly to PI.  I'm guessing one way to do this is to create a PI template to classify rogues (not sure if you can do that as a template) and then do an API call to the template.

Bill

Cisco Employee

Re: PI3.1 API - Rogue APs?

Thanks for the suggestion.  We'll take it into consideration

Content for Community-Ad
August's Community Spotlight Awards