topic Re: RESTful API and getting log data in Automation/API Discussions

RESTful API and getting log data

u2521 — Thu, 22 Oct 2009 09:47:33 GMT

Getting the data

I have been researching a way to get threat logs from the system using the RESTful API as a carrier. It seems you can access reports and configuration this way but not the "raw" logs.

The "raw" logs are accessable through the CLI it seems, for instance you can get data by issuing this command:

show log threat csv-output equal yes start-time 2009/10/22@10:00:00

I would be great if you could get this same output through the RESTful API aswell.

Proposal "uniqe-log-row-id"

When getting data from the logs you are able to restrict the output to alot of different things like source, dest, application, etc, etc. When implementing some kind of automated log-retrieval system i would be really cool if each log-row had an uniqe ID and you could place the following command to the CLI (or RESTful API)

show log threat csv-output equal yes since-id equal <unique-id>

This would allow a system to uninterrupted get data from the device even if the retrieval application goes offline for awhile.

Does anyone know of a way to solve problem 1 or 2 with the features that are available now.

Re: RESTful API and getting log data

mjacobsen — Thu, 22 Oct 2009 16:10:09 GMT

Henrik,

Thanks for the feedback on the API. We will considers these ideas as

we enhance the API in future releases.

As for options to perform similar function today, there are a couple

of options for getting logs off of the device in a programmatic way.

The most real-time method is to use the syslog forwarding function

which will forward all specified logs as they come in. If you want a

less real-time approach, you can use the scheduled log export function

which will connect to an FTP server once a day and dump any logs for

the previous day in a CSV file format. Alternatively, you can use the

CLI command "scp|ftp export log traffic|data|threat|url unexported-

only equal yes ..." The system internally marks the logs that have

been exported to ensure you don't miss any logs.

Mike

Re: RESTful API and getting log data

u2521 — Thu, 04 Feb 2010 12:18:50 GMT

Hi thanks for your answer.

We would not like to use syslog since that protocol does not have any security in it, if a link goes down we will lose data.

The ftp and scp export command in the cli are good, but as you say they are hard-to-use for realtime operations. Do you know if there is a say to send command to the cli directly just like you can with normal ssh shells like bash?

for instance:

ssh user@box "ls -la /"

if you could do:

ssh user@box "<command for outputting a specified amount of logdata to STDOUT>" This would make a pretty good say to pull logs from the machine using for instance a python script.

However, the best way would be access to logs using the REST api.

//Henrik