• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 818 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

How can we build a report to show Cisco ASA problem ACLs based on Net Insight information?

rschroeder

It's great to finally be able to discover ACLs that are built improperly, or deployed in the wrong order, or negated by higher rules.

But doing so by clicking through ten ACL's per screen at a time, and then having to hover over a warning icon and click in it's "Show Details" link isn't the enterprise way of operating that I know NPM 12.2 and NCM 7.7 can provide.

Clicking through that way is an OK way to learn about one problem at a time, but it's inefficient.

I'd prefer to see or build/use a Report that retrieves all Net Insight ACL problem information and shows it all in a single report.

Do you know how we can make this happen--perhaps with SWQL in a Custom Report?  Or is there already a Report for this?  I've not found it yet.

Finally, that report should be adjustable so it can include more than one ASA.  I have 80 ASA's at present, and outside of building Compliance Reports for them, I've no great way to see things about them as a group.

How about it SWQL & SQL Custom Report Masters?  Is this a challenge, or is it easy-peasy-Mac & Cheezy?

  • 0

    So I took this as an opportunity to quickly learn how these new tables are set up... all I can say is I regret that.  Getting down to the ACL was pretty straightforward but the way the rules are in the db is not making much sense to me.  First of all nothing in SWQL will actually show you the content of the line, so nothing will show you anything like 'permit  tcp  any4  host  192.168.xx.xx  eq  https', the whole thing just refers to them by their rule numbers.  What was more frustrating was that the rule numbering scheme seems not to add up.  It seems that the db starts counting at 0 but the UI adds 1 so things can start at 1.  Easy to offset for single values but when a rule is shadowed by multiple other rules they end up in a string and I can't add 1 to a string and get the intended results.

    On the plus side I did find out that if you click on the 1-10 it allows you to pick a number of items to display.  I think that selection doesn't seem to persist though, every time i go to a new ACL I was back to 10 per page.

    pastedImage_5.png

    This is the best I can do for you, it looks up the latest config of each type, and lets you know the summary info about any ACL that has issues and generates a link to that page for you to look it over.  Go ahead and remove the comment marks if you want to see the madness that lies deeper but I fear it won't be too helpful.

    SELECT  n.NodeCaption

    , n.AgentIP

    , n.Vendor

    , n.MachineType

    ,ca.ConfigType

    ,acl.AccessListName

    ,acl.FullyShadowedCount

    ,acl.PartiallyShadowedCount

    ,acl.FullyRedundantCount

    ,acl.PartiallyRedundantCount

    ,concat('/ui/ncm/aclRules/',tostring(n.CoreNodeID),'/',+ca.ConfigID,'?aclName='+acl.AccessListName) as [_linkfor_AccessListName]

    --,(ace.RuleId+1) as [RuleId]

    --,rd.OverlappingRules

    --,rd.OverlappingType

    --,case when rd.OverlappingType = 2 then 'Partially Shadowed'

    --when rd.OverlappingType = 3 then 'Fully Redundant'

    --when rd.OverlappingType = 4 then 'Partially Redundant'

    --end as [Overlap Type]

    FROM NCM.Nodes n

    join (SELECT NodeID, max(DownloadTime) as [DownloadTime], ConfigType

    FROM NCM.ConfigArchive

    group by nodeid, configtype) latest on latest.nodeid=n.nodeid

    join NCM.ConfigArchive ca on ca.NodeID=n.nodeid and ca.DownloadTime=latest.downloadtime

    join NCM.ShadowRuleDetectionAclStatistics acl on acl.ConfigId=ca.ConfigID and (FullyShadowedCount <> 0 or PartiallyShadowedCount <> 0 or FullyRedundantCount <> 0 or PartiallyRedundantCount <> 0)

    --join NCM.ShadowRuleDetectionResult sdrd on sdrd.ConfigId=acl.ConfigId and acl.AccessListName=sdrd.AccessListName

    --join NCM.AceShadowRuleDetectionResult ace on ace.SrdrId=sdrd.srdrid

    --join NCM.RuleDetection rd on rd.ResultId=ace.ResultId

    order by n.nodecaption, ca.configtype, acl.AccessListName--, [RuleId]

    -Marc Netterfield

        Loop1 Systems: SolarWinds Training and Professional Services

  • 0 in reply to mesverrum

    Impressive--most impressive!

    Obi-Wan has taught you well!

    I'm looking forward to testing this on my Net Insight ACLs and seeing what the output looks like.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.