10-03-2014 11:35 AM
Hello All,
I have a hot case(248797) where customer has upgraded panorama from 5.1.x to 6.0.x where in log forwarding process has stopped from firewalls after upgrade.
After some troubleshooting I did notice that firewalls show as connected but below command for log-collector status show as No
>debug management-server log-collector-agent-status
whereas on panorama device show as connected.
For this I had to restart management-server process on one firewall and that started log forwarding process.
debug software restart management-server
Since customer has around 200 firewalls he won't login to all the firewalls and do the above step and he is looking for an automated way or script to run such that management server process can be restarted without login into firewalls.
Regards,
Hari Yadavalli
10-03-2014 12:47 PM
Hyadavalli,
Wouldn't we need to have root access in order to run scripts?
I don't believe there can be an easy way to automate this, if there is at all..
I'm open to all ideas though, but as far as I understand, I don't see a way to do this.
Any one else?
10-03-2014 01:15 PM
You should be able to script that quite easily with a network configuration manager like ManageEngine, Solarwinds Orion NCM, or HP Network Automation. You could have them download a demo of Solarwinds Orion NCM although there might be easier ways even with some expect scripting from a Linux or Mac calling a list of firewall IP addresses. I am not skilled in expect scripting but there are tools to assist in making device drivers for network configuration managers. I developed some for HP NA but the Solarwinds NCM option is easier and they have a community on thwack.com for more assistance. I've used tools like this to do mass changes to QoS policies, schedule reboots, detect and change default passwords, modify SNMP strings, create accounts, etc. for many years.
It wouldn't be too difficult really @hyadavalli. Network Configuration & Change Management Software
10-03-2014 02:18 PM
Here is a good example of how to perform this with just a Linux box using expect scripting and a list of system IP's.
Here is how to install Expect:
Expect comes with special pre installed script called multixterm expect. If you are using Debian Linux then use apt-get as follows :
# apt-get install expect # apt-get install expectk
If you are using Red hat Linux then use up2date command as follows:
# up2date -i expect
Fedora core (RHEL 5) / CentOS Linux user can use yum:
# yum install expect expectk
You can use ports to install expect under FreeBSD or use following command:
# pkg_add -v -r expect
Please note you can download expect from offical web site.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
