Using User-ID XML API to get data?

Reply
Not applicable

Using User-ID XML API to get data?

Is there a way to use User-ID xml api to get data from User-ID agent?

Tags (1)
Palo Alto Networks Guru

Re: Using User-ID XML API to get data?

Unfortunately there isn't. The User-ID XML API is designed to feed User-IP information into the Agent and the firewall, but not to retrieve any data. Out of curiousity, may I still ask what you are trying to achieve?

L2 Linker

Re: Using User-ID XML API to get data?

I don't know about aigarkais but I would like to be able to get data from the agent so I can do user-id to IP lookups without having to log into a PAN device.

A tool like that would be useful to a number of IT groups for supporting users. Currently, if support needs to do a remote login to a workstation, they need to ask the user what their IP address is. If the user is not very knowledgable about computers, this can be a frustrating task for both the user and the support person. Leveraging the user-id agent to lookup the mapping would make a lot of people happy.

L5 Sessionator

Re: Using User-ID XML API to get data?

Hi Jim,

You can poll the firewall for its current list of mappings.

I was able to run:

$ curl -k "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"

from any machine with curl and it outputs all of the mappings on the firewall. It's not polling the agent, but it's close and will probably suffice for what you're wanting. Note, you'll have to have XML API setup, and you'll need to insert your own firewall's IP and XML API key in the above command.

Thanks,


Jason Seals

L5 Sessionator

Re: Using User-ID XML API to get data?

Jim,

Here is the wget equivalent if you'd prefer:

wget --no-check-certificate "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"

After the wget finishes, you'll just need to view the contents of the index file it pulls down as that contains the user info it pulled from the firewall.

Thanks,

Jason Seals

Not applicable

Re: Using User-ID XML API to get data?

Hello,

I'm curious as to how to set this information. Using the https://<mgmt ip>/api API browser, I don't see where or how I may set this information. Using IMAP/POP3 logs, I have a plethora of IP<->username mappings - just need to know how to get them into our 2050.

Thanks in advance. =)

Not applicable

Re: Using User-ID XML API to get data?

Disregard -- I've found ye olde DOC-1348.

L4 Transporter

Re: Using User-ID XML API to get data?

We send syslog data from our PA devices that include the username field populated and the IP address they're coming from, and we heavily use our SIEM to normalize that data to provide username-IP mappings all the time.

You could build a home grown web interface search that could search a syslog server's logs and return username-IP mappings. Or use something like ELSA and get web access to your PA logs that way:

enterprise-log-search-and-archive - Enterprise log search and archive (ELSA) is an industrial-streng...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!