I don't know about aigarkais but I would like to be able to get data from the agent so I can do user-id to IP lookups without having to log into a PAN device.
A tool like that would be useful to a number of IT groups for supporting users. Currently, if support needs to do a remote login to a workstation, they need to ask the user what their IP address is. If the user is not very knowledgable about computers, this can be a frustrating task for both the user and the support person. Leveraging the user-id agent to lookup the mapping would make a lot of people happy.
You can poll the firewall for its current list of mappings.
I was able to run:
$ curl -k "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"
from any machine with curl and it outputs all of the mappings on the firewall. It's not polling the agent, but it's close and will probably suffice for what you're wanting. Note, you'll have to have XML API setup, and you'll need to insert your own firewall's IP and XML API key in the above command.
Here is the wget equivalent if you'd prefer:
wget --no-check-certificate "https://x.x.x.x/api/?type=op&cmd=<show><user><ip-user-mapping><all></all></ip-user-mapping></user></show>&key=INSERT_API_KEY_HERE"
After the wget finishes, you'll just need to view the contents of the index file it pulls down as that contains the user info it pulled from the firewall.
I'm curious as to how to set this information. Using the https://<mgmt ip>/api API browser, I don't see where or how I may set this information. Using IMAP/POP3 logs, I have a plethora of IP<->username mappings - just need to know how to get them into our 2050.
Thanks in advance. =)
We send syslog data from our PA devices that include the username field populated and the IP address they're coming from, and we heavily use our SIEM to normalize that data to provide username-IP mappings all the time.
You could build a home grown web interface search that could search a syslog server's logs and return username-IP mappings. Or use something like ELSA and get web access to your PA logs that way:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!