cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using User-ID XML API to get data?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
aigarkais
aigarkais
Not applicable
‎03-04-2011 04:13 AM
‎03-04-2011 04:13 AM

Using User-ID XML API to get data?

Is there a way to use User-ID xml api to get data from User-ID agent?

Tags (1)
0 Likes
Reply
mwalter
Palo Alto Networks Guru
‎03-14-2011 02:40 PM
‎03-14-2011 02:40 PM

Re: Using User-ID XML API to get data?

Unfortunately there isn't. The User-ID XML API is designed to feed User-IP information into the Agent and the firewall, but not to retrieve any data. Out of curiousity, may I still ask what you are trying to achieve?

0 Likes
Reply
Sr_Sealion
Sr_Sealion
L2 Linker
‎04-02-2012 09:41 AM
‎04-02-2012 09:41 AM

Re: Using User-ID XML API to get data?

I don't know about aigarkais but I would like to be able to get data from the agent so I can do user-id to IP lookups without having to log into a PAN device.

A tool like that would be useful to a number of IT groups for supporting users. Currently, if support needs to do a remote login to a workstation, they need to ask the user what their IP address is. If the user is not very knowledgable about computers, this can be a frustrating task for both the user and the support person. Leveraging the user-id agent to lookup the mapping would make a lot of people happy.

0 Likes
Reply
jseals
jseals
L5 Sessionator
‎04-02-2012 10:52 AM
‎04-02-2012 10:52 AM

Re: Using User-ID XML API to get data?

Hi Jim,

You can poll the firewall for its current list of mappings.

I was able to run:

$ curl -k "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"

from any machine with curl and it outputs all of the mappings on the firewall. It's not polling the agent, but it's close and will probably suffice for what you're wanting. Note, you'll have to have XML API setup, and you'll need to insert your own firewall's IP and XML API key in the above command.

Thanks,


Jason Seals

0 Likes
Reply
jseals
jseals
L5 Sessionator
‎04-02-2012 11:00 AM
‎04-02-2012 11:00 AM

Re: Using User-ID XML API to get data?

Jim,

Here is the wget equivalent if you'd prefer:

wget --no-check-certificate "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"

After the wget finishes, you'll just need to view the contents of the index file it pulls down as that contains the user info it pulled from the firewall.

Thanks,

Jason Seals

0 Likes
Reply
sps186
sps186
Not applicable
‎04-09-2012 01:01 PM
‎04-09-2012 01:01 PM

Re: Using User-ID XML API to get data?

Hello,

I'm curious as to how to set this information. Using the https://<mgmt ip>/api API browser, I don't see where or how I may set this information. Using IMAP/POP3 logs, I have a plethora of IP<->username mappings - just need to know how to get them into our 2050.

Thanks in advance. =)

0 Likes
Reply
sps186
sps186
Not applicable
‎04-09-2012 01:17 PM
‎04-09-2012 01:17 PM

Re: Using User-ID XML API to get data?

Disregard -- I've found ye olde DOC-1348.

0 Likes
Reply
ericgearhart
ericgearhart
L4 Transporter
‎09-05-2013 01:01 PM
‎09-05-2013 01:01 PM

Re: Using User-ID XML API to get data?

We send syslog data from our PA devices that include the username field populated and the IP address they're coming from, and we heavily use our SIEM to normalize that data to provide username-IP mappings all the time.

You could build a home grown web interface search that could search a syslog server's logs and return username-IP mappings. Or use something like ELSA and get web access to your PA logs that way:

enterprise-log-search-and-archive - Enterprise log search and archive (ELSA) is an industrial-streng...

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2019 - Palo Alto Networks