08-31-2017 11:46 AM
Hello, is there a way to easily get Rogue AP information through the PI API instead of having to go through the "get alarms" call or "get reports" call? If not, are there plans to do so in the future to help with PCI compliance reporting?
Or is the better way to go through CMX?
Thanks
Bill
08-31-2017 01:37 PM
Not in 3.1, no. We added GET data/RogueApAlarms in 3.2 though.
09-01-2017 01:34 AM
I did some tests, is it possible that the .full=true syntax does not work with GET data/RogueAPAlarms ?
I get a 500 internal server error.
09-01-2017 08:13 AM
.full=true is supported for the RogueApAlarms resource. The capitalization of the URL does matter, so it should be RogueApAlarms and not RogueAPAlarms, but that would (in this case) yield a 404 error rather than a 500, so I'm guessing that's just a typo.
What is the content of the error? Do requests without .full=true or requests for particular alarms work?
09-03-2017 11:43 PM
I did use RogueApAlarms and not RogueAPAlarms.
This is (part of) my script:
{
$getCred = Get-Credential
}
$rest_server = "servername" # replace this with your servername
$decryptedPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($getCred.Password))
$base64password = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("$($getCred.UserName):$decryptedPassword"))
$rest_path = "webacs/api/v3/data"
$rest_module = "RogueApAlarms"
$extraurl = "&severity=ne(CLEARED)&severity=ne(INFORMATION)"
$baseuri = "https://$rest_server/$rest_path/$($rest_module)?.maxResults=1000&.full=true&_ctx.domain=ROOT-DOMAIN$($extraurl)"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
If ($RestSession -eq $null)
{
"New rest session started"
$result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -SessionVariable RestSession
}
else
{
"Excisting rest session used"
$result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession
}
The result I get:
PS H:\> C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1
Excisting rest session used
Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.
At C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1:25 char:15
+ ... $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS H:\>
09-03-2017 11:51 PM
BTW:
If I remove the .full=true syntax, I get results. :-)
PS H:\> $result.queryResponse.entityId
type url #text
---- --- -----
RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982985 7273982985
RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982986 7273982986
etc...
09-05-2017 08:46 AM
Paul, PowerShell is dropping some of the error response on the floor. I can't remember off-the-top how to get it to return the full error response. Could you please try the same request in a web browser? In addition to the 500 response code there should be an error response body that will give us more insight.
09-06-2017 11:06 PM
Thanks for you help.
I cannot use the webbrowser. ("North Bound API users are not allowed to login via the web GUI.")
Though I managed to get more info using powershell. This is a snippet:
try {
$result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession
} catch {
$response = $_.Exception.Response.GetResponseStream()
$reader = New-Object System.IO.StreamReader($response)
$reader.BaseStream.Position = 0
$reader.DiscardBufferedData()
$responseBody = $reader.ReadToEnd()
}
The data in $responseBody is:
<?xml version="1.0" ?>
<errorDocument>
<httpResponseCode>500</httpResponseCode>
<httpMethod>GET</httpMethod>
<message>could not execute query; SQL [select this_.ID as ID2489_0_, this_.Source as Source2489_0_, this_.Severity as
...
this_.ID asc]; nested exception is org.hibernate.exception.SQLGrammarExcep
tion: could not execute query</exception>
<uriPath>data/RogueApAlarms</uriPath>
<queryParams>{.full=[true], .maxResults=[1000], _ctx.domain=[ROOT-DOMAIN], severity=[ne(CLEARED), ne(INFORMATION)]}</queryParams>
</errorDocument>
(full text in the attachment)
09-07-2017 09:18 AM
It looks like the underlying data structures were not created on your server. What was your upgrade path? For example, one upgrade path might be 2.2 fresh install -> 3.0 -> 3.0 MR2 -> 3.2.
09-08-2017 12:14 AM
My colleague has twice a week contact with the Prime business unit. Maybe it is better if he discuss this issue with them. (It gets a long thread this way.)
When the issue is solved I will post it for others to learn. :-)
11-02-2017 03:27 PM
Hi Paul,
Did you end up resolving this issue? I am also experiencing the same issue (receiving a "httpResponseCode": 500, when trying to use the .full=true query parameter for /webacs/api/v3/data/RogueApAlarms)
11-14-2017 05:20 AM
I just tested in the udated PI version 3.2.1, and I do not get any 500 internal server errors! :-)
Next problem to solve is the paging on a volatile dataset. I get a lot of changed data during the query.
09-01-2017 08:32 AM
Thanks Spencer, will see about upgrading to 3.2. As a future request, it'll also be good if there's a way to classify rogues directly to PI. I'm guessing one way to do this is to create a PI template to classify rogues (not sure if you can do that as a template) and then do an API call to the template.
Bill
09-01-2017 08:43 AM
Thanks for the suggestion. We'll take it into consideration
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide