Script to restart management server process on firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Script to restart management server process on firewalls

L5 Sessionator

Hello All,

I have a hot case(248797) where customer has upgraded panorama from 5.1.x to 6.0.x where in log forwarding process has stopped from firewalls after upgrade.

After some troubleshooting I did notice that firewalls show as connected but below command for log-collector status show as No

>debug management-server log-collector-agent-status

whereas on panorama device show as connected.

For this I had to restart management-server process on one firewall and that started log forwarding process.

debug software restart management-server

Since customer has around 200 firewalls he won't login to all the firewalls and do the above step and he is looking for an automated way or script to run such that management server process can be restarted without login into firewalls.

Regards,

Hari Yadavalli

3 REPLIES 3

L4 Transporter

Hyadavalli,

Wouldn't we need to have root access in order to run scripts?

I don't believe there can be an easy way to automate this, if there is at all..

I'm open to all ideas though, but as far as I understand, I don't see a way to do this.

Any one else?

L4 Transporter

You should be able to script that quite easily with a network configuration manager like ManageEngine, Solarwinds Orion NCM, or HP Network Automation. You could have them download a demo of Solarwinds Orion NCM although there might be easier ways even with some expect scripting from a Linux or Mac calling a list of firewall IP addresses. I am not skilled in expect scripting but there are tools to assist in making device drivers for network configuration managers. I developed some for HP NA but the Solarwinds NCM option is easier and they have a community on thwack.com for more assistance. I've used tools like this to do mass changes to QoS policies, schedule reboots, detect and change default passwords, modify SNMP strings, create accounts, etc. for many years.

It wouldn't be too difficult really @hyadavalli. Network Configuration & Change Management Software

Here is a good example of how to perform this with just a Linux box using expect scripting and a list of system IP's.

Here is how to install Expect:

Install expect

Expect comes with special pre installed script called multixterm expect. If you are using Debian Linux then use apt-get as follows :

# apt-get install expect # apt-get install expectk

If you are using Red hat Linux then use up2date command as follows:

# up2date -i expect

Fedora core (RHEL 5) / CentOS Linux user can use yum:

# yum install expect expectk

You can use ports to install expect under FreeBSD or use following command:

# pkg_add -v -r expect

Please note you can download expect from offical web site.

  • 3326 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!