Menu
▾
▴
Re: [Netdisco] Getting ARP entries from a Cisco ASA
|
From: <ne...@fr...> - 2010-10-21 19:54:10
|
see my old post : Hello, Based on the work of Bill Anderson (http://www.billsnetworktoolbox.com/ip- tools/software.html) I have reworked his pixarp.pl script and created the pixarp2.pl one. It use the "Net::Appliance::Session" module that is simpler to use that telnet and support SSH very well. It use the result of show names to send to Netdisco the correct ip to arp entry. The param file use 2 columns : IP of your PIX and transport mode (SSH or Telnet) I'm not a expert in Perl but I hope this little script could help someone. Tested on PIX and ASA ver 7.2(2) and 7.2(3) Don't forget to give SSH or telnnt access to your Netdisco Host on the PIX/ASA box ! Regards ---------------------------------------------------------------- pixfile : -- cut here -- #ip Transport (SSH or Telnet) 10.34.0.254 SSH 10.40.72.253 SSH 10.34.194.252 SSH -- cut here -- ---------------------------------------------------------------- pixarp2.pl -- cut here -- #! /usr/bin/perl -w # # Pixarp2 # # Utility to fetch arp and names table from Cisco PIX firewall # and store in netdisco # # Netdisco cannot do this on its own # because the PIX does not expose the arp table # via SNMP # # use Net::Appliance::Session Module # work with telnet and SSH # # by Serge KUENY # # Based on the great work of # Bill Anderson # # Copyright (C) 2006-2007 # # Pixarp is released under the Perl Artistic License # # Portions from the netdisco package # http://www.netdisco.org # # Uses netdisco.conf for configuration # # # ---- Pixarp Settings ---- # pixarp_user = username # pixarp_pass = password # pixarp_enable = password # pixarp_hostfile = /usr/local/netdisco/pix-hosts.txt # # Configuration file can be overridden # with command line options # # Released Mar 5, 2008 #use strict; use warnings; my $VERSION = "1.00.01"; use Getopt::Long; my %args; my $success = GetOptions(\%args,'c|configfile=s', 'd|debug', 'e|enablepass=s', 'h|?|help', 'l|loginpass=s', 'o|log=s', 'p|pixfile=s', 'u|username=s', ); # If no errors parsing command line options, proceed if ($success) { if ($args{h}) { usage(); } my $DEBUG = $args{d} || 0; print "Pixarp2 processing starting\n" if $DEBUG; use FindBin; use lib $FindBin::Bin; use netdisco qw/:all/; # Parse Config File - Check for -C, then in current dir, then in default dir. my $configfile; foreach my $c ($args{c},"$FindBin::Bin/netdisco.conf",'/usr/local/netdisco/netdisco.conf ') { if (defined $c and -r $c){ $configfile = $c; print "Using Config File: $configfile\n" if $DEBUG; last; } } unless (defined $configfile){ print "No Config file found!\n"; exit; } config($configfile); # Read pixarp variables from netdisco configuration file # If you don't want to use the netdisco.conf file, # replace the '$CONFIG{''}' with a string value # in the following 4 lines # eg. my $pixuser = 'username'; my $pixuser = $CONFIG{'pixarp_user'}; my $pixpass = $CONFIG{'pixarp_pass'}; my $enablepass = $CONFIG{'pixarp_enable'}; my $pixfile = $CONFIG{'pixarp_hostfile'}; # Override variables if command line options present if ($args{e}) { $enablepass = $args{e}; } if ($args{l}) { $pixpass = $args{l}; } if ($args{p}) { $pixfile = $args{p}; } if ($args{u}) { $pixuser = $args{u}; } print "Using username: $pixuser\n" if $DEBUG; print "Using password: $pixpass\n" if $DEBUG; print "Using enable password: $enablepass\n" if $DEBUG; use Net::Appliance::Session; print "Using PIX host file: $pixfile\n\n" if $DEBUG; open PIXNAMES, $pixfile or die "Cannot open file $pixfile: $!"; my @pixlist=<PIXNAMES>; close PIXNAMES; foreach (@pixlist) { if (/^\s*\#|^$/) {next;} # ne traite pas les commentaires ni les lignes vides # assign ip and transport my ($pixip, $pixtransport)=split(/\t|\n|\s+/,$_); # define session my $s = Net::Appliance::Session->new( Host => $pixip, Transport => $pixtransport, Platform => 'PIXOS', ); # suppress automatic paging $s->do_paging(0); # loging ? if ($args{o}) { $s->input_log($args{o}); } eval { print "Opening connection to host: $pixip\n" if $DEBUG; $s->connect( Name => $pixuser, Password => $pixpass, SHKC => 0 ); print "Connection and login succeeded\n" if $DEBUG; print "Attempting enable mode\n" if $DEBUG; $s->begin_privileged($enablepass); print "Enable mode succeeded\n" if $DEBUG; print "Sending terminal pager 0\n" if $DEBUG; $s->cmd('terminal pager 0'); my %NameTab; # table of names print "Sending cmd show names\n" if $DEBUG; { my @pixoutput = $s->cmd('show names'); foreach my $line (@pixoutput) { if ($line !~ /^name/) {next;} # ignore lines not beginning with "name" my ($none,$ip,$name,$desc) = split (/\t|\n|\s+/, $line); print "adding name=$name,ip=$ip to table\n" if $DEBUG; $NameTab{$name} = $ip; #add ip to the name entry of the table } }; print "Sending cmd show arp\n" if $DEBUG; { my @pixoutput = $s->cmd('show arp'); foreach my $line (@pixoutput) { my $ip; chomp ($line); if ($line =~/^#|^$/) {next;} # ignore comments my ($none, $int, $name, $mac) = split (/\t|\n|\s+/, $line); if ($int !~ /\w/) {next;} #rejet des interfaces vides #if ($int =~ /^outside|^special/) {next;} #reject specific interfaces if ($name =~ /^\d/) { #check if it's a IP or a name $ip=$name; # start by a number -> IP } else { $ip=$NameTab{$name}; # it's a name , get the IP }; print "Adding $mac, $ip to arp tables\n" if $DEBUG; add_arp($mac, getip($ip)); } }; }; # end of eval if ( UNIVERSAL::isa($@,'Net::Appliance::Session::Exception') ) { print $@->message, "\n"; # fault description from Net::Appliance::Session print $@->errmsg, "\n"; # message from Net::Telnet print $@->lastline, "\n"; # last line of output from your appliance # perform any other cleanup as necessary }; $s->close; print "Connection closed\n\n" if $DEBUG; }; #end of pixlist print "Pixarp2 processing completed\n" if $DEBUG; } # Error parsing command line options else { print "\n"; usage(); }; sub usage { print <<"_end_usage_"; Pixarp2 - Utility to fetch arp table from Cisco PIX for Netdisco pixarp [Options] Options: -c --configfile file Specify path to config file -d --debug DEBUG - Copious output -e --enablepass pass Enable password -l --loginpass pass Login password -o --log file Specify log file -p --pixfile file Specify full path to file containing PIX hosts -u --username name Login user name Options are read from netdisco.conf unless specified on the command line _end_usage_ exit; } -- cut here -- ---------------------------------------------------------------- usage pixarp2.pl -p mypixfile ----------------------------------------------------------------- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Netdisco mailing list net...@li... https://lists.sourceforge.net/lists/listinfo/netdisco-users > I'll try the newest ASA release, but I'm wondering if netdisco has a > manual method to insert this data? > > I could automate a script to login and parse 'show arp' and drop in > in > to csv or anyother format. I just need a method to import in to > netdisco. Is this hard to do? > > --Joel > > On 10/20/10 7:12 PM, Joel Krauska wrote: > > I have an ASA running 8.2 software, and I know it's got an arp > cache, > > but arpnip isn't pulling anything. > > > > Any ideas on what I could try on this? > > > > Unfortunately my ASA is my main "router" and has all ARP > entries. > > > > --Joel > > > > > > asa01# sh arp > > ... > > data 192.168.168.43 XXXX.c94d.XXXX 13 > > data 192.168.168.29 XXXX.b133.XXXX 14 > > ... > > > > But arpnip isn't grabbing anything... > > > > /usr/bin/netdisco -A 192.168.168.1 -D > > n e t d i s c o > > -------------------------------------------------- > > Using Config File : /etc/netdisco/netdisco.conf > > arpnip(192.168.168.1) : > > get_device(192.168.168.1) > > get_device(192.168.168.1) - Connecting using cached info: > 192.168.168.1/p/2 > > create_device(192.168.168.1,p,2,AutoSpecify,bw:default) > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/allied > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/arista > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/aruba > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/asante > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cabletron > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cisco > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cyclades > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/dell > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/enterasys > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/extreme > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/foundry > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/hp > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/juniper > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/netscreen > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/nortel > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/rfc > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/net-snmp > > SNMP::Info::_global layers : sysServices.0 > > SNMP::Info::_global description : sysDescr.0 > > SNMP::Info::_global id : sysObjectID.0 > > SNMP::Info 2.01 ($Id: Info.pm,v 1.150 2009/06/12 22:25:32 maxbaker > Exp $) > > SNMP::Info::device_type() layers:00000100 id:9 sysDescr:"Cisco > Adaptive > > Security Appliance Version 8.2(2)" > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/allied > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/arista > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/aruba > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/asante > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cabletron > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cisco > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/cyclades > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/dell > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/enterasys > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/extreme > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/foundry > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/hp > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/juniper > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/netscreen > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/nortel > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/rfc > > SNMP::Info::init() - Adding new > mibdir:/usr/share/netdisco/mibs/net-snmp > > SNMP::Info::specify() - Changed Class to > SNMP::Info::Layer3::Cisco. > > SNMP::Info::_global layers : sysServices.0 > > [192.168.168.1] Device Type : SNMP::Info::Layer3::Cisco > > mac_getportmacs() ... found 330 MACs. > > SNMP::Info::_load_attr at_paddr : ipNetToMediaPhysAddress > > SNMP::Info::_global description : sysDescr.0 > > SNMP::Info::_load_attr physical_at_paddr : > ipNetToPhysicalPhysAddress > > SNMP::Info::_load_attr at_netaddr : ipNetToMediaNetAddress > > SNMP::Info::_load_attr physical_at_paddr : > ipNetToPhysicalPhysAddress > > [192.168.168.1] Processed 0 ARP Cache entries. > > SNMP::Info::_load_attr ip_netmask : ipAdEntNetMask > > ... > > Found subnet 192.168.168.0/24 > > Found subnet 192.168.169.0/24 > > ... > > > > Why 0 ARP cache entries? > > > > > -------------------------------------------------------------------- > ---------- > Nokia and AT&T present the 2010 Calling All Innovators-North America > contest > Create new apps & games for the Nokia N8 for consumers in U.S. and > Canada > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in > marketing > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi > Store > http://p.sf.net/sfu/nokia-dev2dev > _______________________________________________ > Netdisco mailing list > net...@li... > https://lists.sourceforge.net/lists/listinfo/netdisco-users > |
