01-02-2020 05:59 AM - edited 02-21-2020 09:48 AM
When attempting to restore an FMC from a backup, 3 things must match from when the backup occurred:
1. Snort Version
2. FMC version
3. Vulnerability Database Version
When performing scheduled backups, this information is not retrieved and I'm looking for either a way to run a report or a script to pull the info on the same night that the FMC is backed up. What has everyone else done to fix this problem?
Solved! Go to Solution.
02-12-2020 11:54 PM
I finally found what I was looking for! You can run a report daily that is sent to an email that lists all the necessary information about the FMC. Located under System > Configuration > Change Reconciliation provides settings to turn this on.
You do have to have System > Configuration > Email Notification configured first before you can start generating this report. The report runs every 24 hours (you can only configure which hour of the day that it runs). I'd suggest enabling this feature and just set a rule in Outlook or whatever email you use to divert those reports to a folder so you aren't burdened with them everyday in your main inbox.
Here is a pic of the first page of that report:
Hope this helps someone out there
01-08-2020 07:48 AM
I've been working on a Python script that will log into the firewall and perform a "show version". If anyone else has a more elegant way of doing this, I would love to get your input.
To create the script yourself, you will need to download and install Python (https://www.python.org/downloads/) and netmiko using the pip command within Python
$ pip install netmiko
Here is the script I wrote. It will SSH to the firewall's IP address, perform a "show version", then push that output to a file named Firewall_Info.txt with the current date. Each time it is run, it will append to the existing file with the output and date so you don't have a million files after running it several times. Just make sure to run this script in scheduled tasks at the same interval and time as the regular backups of your Firepower system otherwise you won't have accurate data which defeats the entire point.
#!/usr/bin/env python from netmiko import Netmiko from netmiko import ConnectHandler from getpass import getpass from datetime import datetime import time timenow = datetime.now() timestamp = timenow.strftime('%Y/%m/%d') cisco = { "host": "10.1.1.1", "username": "admin", "password": "MyP@$$w0rdIStheB3st2020!!", "device_type": "cisco_ios", } #Netmiko SSH Connection to Handler connection = Netmiko(**cisco) time.sleep(1) # Open file file = open('Firewall_Info.txt', 'a+') #Execute commands output = connection.send_command("show version") # Print output to console screen print(timestamp) print(output) # Write output to file & close file file.write(timestamp + "\n") file.write(output) file.close() # Gracefully disconnect connection.disconnect()
One thing I had to do was modify a file located at C:\Users\admin\AppData\Local\Programs\Python\Python38\Lib\site-packages\netmiko\cisco\cisco_ios.py using notepad or notepad++
Comment out the following by placing a hashtag in front of:
#self.disable_paging() #self.set_terminal_width(command="terminal width 511") #Clear the read buffer
If you are doing this for customers, you can also try to convert the Python script to an .exe file so that the customer doesn't have to download and install Python and Netmiko.
Hope this helps someone
01-08-2020 09:48 PM
Have you thought about using the Firepower API?
"GET domain" or "GET serverversion" would seem to be a good place to check.
Reference:
01-20-2020 12:58 PM - edited 01-20-2020 01:03 PM
That would have been so much more helpful than working with netmiko lol Thank you very much for that suggestion. I had never tried messing with the API until now. I was able to generate a Python script from the GET serverversion, modified it so the output from the query was stored in a text file, converted it to an .exe (so the customer wouldn't have to install Python and all the extensions), and it worked well!
# # Generated FMC REST API sample script # import json import sys import requests from datetime import datetime import time timenow = datetime.now() timestamp = timenow.strftime('%Y/%m/%d') server = "https://10.1.1.51" username = "admin" if len(sys.argv) > 1: username = sys.argv[1] password = "thisISmyPassword(notreally)" if len(sys.argv) > 2: password = sys.argv[2] r = None headers = {'Content-Type': 'application/json'} api_auth_path = "/api/fmc_platform/v1/auth/generatetoken" auth_url = server + api_auth_path try: # 2 ways of making a REST call are provided: # One with "SSL verification turned off" and the other with "SSL verification turned on". # The one with "SSL verification turned off" is commented out. If you like to use that then # uncomment the line where verify=False and comment the line with =verify='/path/to/ssl_certificate' # REST call with SSL verification turned off: r = requests.post(auth_url, headers=headers, auth=requests.auth.HTTPBasicAuth(username,password), verify=False) # REST call with SSL verification turned on: Download SSL certificates from your FMC first and provide its path for verification. # r = requests.post(auth_url, headers=headers, auth=requests.auth.HTTPBasicAuth(username,password), verify='/path/to/ssl_certificate') auth_headers = r.headers auth_token = auth_headers.get('X-auth-access-token', default=None) if auth_token == None: print("auth_token not found. Exiting...") sys.exit() except Exception as err: print ("Error in generating auth token --> "+str(err)) sys.exit() headers['X-auth-access-token']=auth_token api_path = "/api/fmc_platform/v1/info/serverversion" # param url = server + api_path if (url[-1] == '/'): url = url[:-1] # GET OPERATION try: # REST call with SSL verification turned off: r = requests.get(url, headers=headers, verify=False) # REST call with SSL verification turned on: # r = requests.get(url, headers=headers, verify='/path/to/ssl_certificate') status_code = r.status_code resp = r.text if (status_code == 200): file = open('FMC_Info.txt', 'a+') print(timestamp) json_resp = json.loads(resp) print(json.dumps(json_resp,sort_keys=True,indent=4, separators=(',', ': '))) file.write(timestamp + "\n") file.write(json.dumps(json_resp,sort_keys=True,indent=4, separators=(',', ': '))) file.close() else: r.raise_for_status() print("Error occurred in GET --> "+resp) except requests.exceptions.HTTPError as err: print ("Error in connection --> "+str(err)) finally: if r : r.close()
02-12-2020 11:54 PM
I finally found what I was looking for! You can run a report daily that is sent to an email that lists all the necessary information about the FMC. Located under System > Configuration > Change Reconciliation provides settings to turn this on.
You do have to have System > Configuration > Email Notification configured first before you can start generating this report. The report runs every 24 hours (you can only configure which hour of the day that it runs). I'd suggest enabling this feature and just set a rule in Outlook or whatever email you use to divert those reports to a folder so you aren't burdened with them everyday in your main inbox.
Here is a pic of the first page of that report:
Hope this helps someone out there
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide