Menu

How to collect Check point Arp table into the DB

Help
Jumah
2015-01-22
2015-01-28

  • Jumah

    Jumah - 2015-01-22

    Hello Jonathan,

    I 'm using Check Point firewall based on a Linux distibution. I would like to collect only the arp table into netdb.

    I modified the linuxscraper.pl with "arp -an" rather than "/user/bin/arp -a".

    I have the following output :
    netdb#/opt/netdb/netdbscraper/linuxscraper.pl -debug 5 -d my-checkpoint.fr,devtype=linux,arp,nomac -conf /etc/netdb.conf -om /tmp/mac.txt
    ...
    Debug: ARP Entry: 10.10.225.15,00:00:0C:07:AC:0B,0,eth3-03.511,,my-checkpoint
    Debug: ARP Entry: 10.10.225.1,00:10:DB:FF:21:50,0,eth3-03.511,,my-checkpoint
    Debug: ARP Entry: 10.10.0.1,00:1C:7F:40:9B:F1,0,eth3-12,,my-checkpoint
    linuxscraper.pl(28961): Writing Data to Disk on my-checkpoint.fr

    But nothing in the /tmp/mac.txt

    Do you have an idea to correctly import the arp table ?
    Thank you.
    Regards
    Ju

     

    • Jonathan Yantis

      Jonathan Yantis - 2015-01-23

      Hey,

      You need to output arp instead of mac, so -oa /tmp/arp.txt. Add this to the end of your devicelist.csv:

      my-checkpoint,nomac,arp,devtype=linux

      I think that will do it.

      Jonathan

      On Jan 22, 2015, at 11:20 AM, Jumah jumah35@users.sf.net wrote:

      Hello Jonathan,

      I 'm using Check Point firewall based on a Linux distibution. I would like to collect only the arp table into netdb.

      I modified the linuxscraper.pl with "arp -an" rather than "/user/bin/arp -a".

      I have the following output :
      netdb#/opt/netdb/netdbscraper/linuxscraper.pl -debug 5 -d my-checkpoint.fr,devtype=linux,arp,nomac -conf /etc/netdb.conf -om /tmp/mac.txt
      ...
      Debug: ARP Entry: 10.10.225.15,00:00:0C:07:AC:0B,0,eth3-03.511,,my-checkpoint
      Debug: ARP Entry: 10.10.225.1,00:10:DB:FF:21:50,0,eth3-03.511,,my-checkpoint
      Debug: ARP Entry: 10.10.0.1,00:1C:7F:40:9B:F1,0,eth3-12,,my-checkpoint
      linuxscraper.pl(28961): Writing Data to Disk on my-checkpoint.fr

      But nothing in the /tmp/mac.txt

      Do you have an idea to correctly import the arp table ?
      Thank you.
      Regards
      Ju

      How to collect Check point Arp table into the DB https://sourceforge.net/p/netdbtracking/discussion/939989/thread/11ebbaf8/?limit=25#4753
      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/netdbtracking/discussion/939989/ https://sourceforge.net/p/netdbtracking/discussion/939989
      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/ https://sourceforge.net/auth/subscriptions

       
      alternate

      • Jumah

        Jumah - 2015-01-27

        Hello Jonathan.
        It works perfectly ... Thank you !!
        regards
        Ju

         

  • Jonathan Yantis

    Jonathan Yantis - 2015-01-28

    Great to hear, it's nice knowing the program is flexible enough to pull off these sorts of tasks without much trouble.

     

Log in to post a comment.