[nsp] gathering data from PIX
Kristofer Sigurdsson
ks at rhi.hi.is
Tue May 18 10:42:27 EDT 2004
Hello,
Jean-Christophe VARAILLON, Tue, May 18, 2004 at 03:32:21PM +0300 :
> Hi,
>
>
> I need to find a way to check specific paramaters (buffer, established connections,... )
> automatically at regular intervals.
>
> I imagine that I could find some "script" to automatically:
>
> logon to the PIX (and even localdirector
> issue well defined commands
> store the output into a specific file
> keep that file updated.
One way to do this is to use SSH's ability to log in to a remote
system and issue commands:
ssh user at hostname [command] (OpenSSH)
However, this means the PIX has to allow that computer to access
it without typing a password. This can be done on a key basis or
even based on an IP address, based on your network infrastructure...
Another way is to use the common UNIX scripting language expect, which
is designed for this kind of thing. It even comes with a utility that
attempts to make scripts automatically, called autoexpect. What you
do is simply start autoexpect, log on to the PIX, issue the commands,
exit - then you have a script. After that, change the script to allow
certain parameters (such as command output) to be a variable (otherwise
the script will hang if the output is not exactly the same everytime).
After you've adapted the script to your needs, run it from cron, redirecting
the output to a file of your choice.
--
Kristófer Sigurðsson Tel: +354 525 4103 / MSN: ks at rhi.hi.is
Netsérfræðingur/Network specialist Reiknistofnun HÍ/University of Iceland
More information about the cisco-nsp
mailing list