Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[network::stormshield::api::plugin] - mode(uptime): API fail on some conditions #5347

Open
guillaumechardin opened this issue Dec 12, 2024 · 3 comments
Open

[network::stormshield::api::plugin] - mode(uptime): API fail on some conditions #5347

guillaumechardin opened this issue Dec 12, 2024 · 3 comments
Labels
bug in-backlog

Comments

@guillaumechardin
Copy link

Hello,
it seems that the stormshield API plugin fail to fetch some info on a recent firmware upgrade :

old firmware version : 4.1.x
New stormshield firmware : 4.3.32

when using API, and requesting uptime with --add-system-info option. Script fails.
Removing --add-system-info seems to works but there are some data missing.

/usr/lib/centreon/plugins/centreon_stormshield_api.pl --plugin=network::stormshield::api::plugin  --hostname='192.168.17.202' --port '31443' --api-username='centreon-stormshield' --api-password='secret'  --mode=uptime  --insecure --add-system-info
UNKNOWN: Command error: request error

/usr/lib/centreon/plugins/centreon_stormshield_api.pl --plugin=network::stormshield::api::plugin  --hostname='192.168.17.202' --port '31443' --api-username='centreon-stormshield' --api-password='secret'  --mode=uptime  --insecure
OK: uptime is: 34m 28s | 'system.uptime.seconds'=2068s;;;0;

Any idea ?

Bellow output debug

UNKNOWN: Command error: request error
== Info:   Trying 192.168.17.202:31443...
== Info: Connected to 192.168.17.202 (192.168.17.202) port 31443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info:  CAfile: /etc/pki/tls/certs/ca-bundle.crt
== Info: TLSv1.0 (OUT), TLS header, Certificate Status (22):
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
== Info: TLSv1.2 (IN), TLS header, Certificate Status (22):
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
== Info: TLSv1.2 (IN), TLS header, Finished (20):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
== Info: TLSv1.2 (OUT), TLS header, Finished (20):
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
== Info: SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
== Info: ALPN, server did not agree to a protocol
== Info: Server certificate:
== Info:  subject: [data removed]
== Info:  start date: Nov  2 09:36:00 2023 GMT
== Info:  expire date: Nov  2 09:36:00 2030 GMT
== Info:  issuer: [data removed]
== Info:  SSL certificate verify result: self-signed certificate (18), continuing anyway.
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
=> Send header: GET /api/command?sessionid=CoUXDrAk[data removed]eIyRnZ3VU&cmd=monitor%20system HTTP/1.1
Host: 192.168.17.202:31443
Accept:*/*
Cookie: NETASQ_sslclient=sI6ZPkb[data removed]

== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: old SSL session ID is stale, removing
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: Mark bundle as not supporting multiuse
=> Recv header: HTTP/1.1 200 OK
=> Recv header: Date: Thu, 12 Dec 2024 11:59:12 GMT
=> Recv header: Connection: Close
=> Recv header: Pragma: no-cache
=> Recv header: Cache-Control: no-cache, must-revalidate
=> Recv header: Expires: 0
=> Recv header: X-Content-Type-Options: nosniff
=> Recv header: Content-Type: text/xml; charset=utf-8
=> Recv header:
=> Recv data: <?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Début"><data format="section"><section title="STAT_Result"><key name="date" value="2024-12-12 12:59:12"/><key name="uptime" value="0:0:41:19"/><key name="mem" value="3,0,0,0,0,0,3"/><key name="stattime" value="2024-12-12 12:14:53"/><key name="CPUthermal" value="54,55"/><key name="temperature" value="55"/><key name="CPU" value="2,0,2"/><key name="CPU0" value="2,0,2"/><key name="CPU1" value="3,0,2"/><key name="usermem" value="10"/><key name="log" value="0"/></section><section title="POWERSUPPLY_POWER0"><key name="status" value="OK"/><key name="present" value="1"/><key name="dummy" value="0"/><key name="powered" value="1"/><key name="faulty" value="0"/><key name="status_word" value="0x0"/><key name="status_input" value="0x0"/><key name="status_mfr_specific" value="0x0"/><key name="status_fans_1_2" value="0x0"/><key name="status_fans_3_4" value="0x0"/><key name="status_vout" value="0x0"/><key name="status_iout" value="0x0"/><key name="status_temperature" value="0x0"/><key name="status_other" value="0x0"/><key name="status_cml" value="0x0"/><key name="temperature" value="0.000000"/><key name="fan_speed" value="0"/><key name="input_watts" value="0"/><key name="output_watts" value="0"/></section><section title="POWERSUPPLY_POWER1"><key name="status" value="OPTIONAL_NOT_POWERED"/><key name="present" value="1"/><key name="dummy" value="0"/><key name="powered" value="0"/><key name="faulty" value="0"/><key name="status_word" value="0x0"/><key name="status_input" value="0x0"/><key name="status_mfr_specific" value="0x0"/><key name="status_fans_1_2" value="0x0"/><key name="status_fans_3_4" value="0x0"/><key name="status_vout" value="0x0"/><key name="status_iout" value="0x0"/><key name="status_temperature" value="0x0"/><key name="status_other" value="0x0"/><key name="status_cml" value="0x0"/><key name="temperature" value="0.000000"/><key name="fan_speed" value="0"/><key name="input_watts" value="0"/><key name="output_watts" value="0"/></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS alert, close notify (256):
== Info: Closing connection 0
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
== Info: Hostname 192.168.17.202 was found in DNS cache
== Info:   Trying 192.168.17.202:31443...
== Info: Connected to 192.168.17.202 (192.168.17.202) port 31443 (#1)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info:  CAfile: /etc/pki/tls/certs/ca-bundle.crt
== Info: TLSv1.0 (OUT), TLS header, Certificate Status (22):
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
== Info: TLSv1.2 (IN), TLS header, Certificate Status (22):
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
== Info: TLSv1.2 (IN), TLS header, Finished (20):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
== Info: TLSv1.2 (OUT), TLS header, Finished (20):
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
== Info: SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
== Info: ALPN, server did not agree to a protocol
== Info: Server certificate:
== Info:  subject: [data removed]
== Info:  start date: Nov  2 09:36:00 2023 GMT
== Info:  expire date: Nov  2 09:36:00 2030 GMT
== Info:  issuer: [data removed]
== Info:  SSL certificate verify result: self-signed certificate (18), continuing anyway.
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
=> Send header: GET /api/command?sessionid=CoU[data removed]RnZ3VU&cmd=globaladmin%20getinfos HTTP/1.1
Host: 192.168.17.202:31443
Cookie: NETASQ_sslclient=sI2[data removed]
Accept:*/*

== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: old SSL session ID is stale, removing
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: Mark bundle as not supporting multiuse
=> Recv header: HTTP/1.1 200 OK
=> Recv header: Date: Thu, 12 Dec 2024 11:59:12 GMT
=> Recv header: Connection: Close
=> Recv header: Pragma: no-cache
=> Recv header: Cache-Control: no-cache, must-revalidate
=> Recv header: Expires: 0
=> Recv header: X-Content-Type-Options: nosniff
=> Recv header: Content-Type: text/xml; charset=utf-8
=> Recv header:
=> Recv data: <?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="200" code="00100200" msg="Commande inconnue"></serverd></nws>
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS alert, close notify (256):
== Info: Closing connection 1
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):

Reading this doc explain that globaladmin command is deprecated/removed in v4.3.30.
https://documentation.stormshield.eu/SNS/v4/en/Content/PDF/SNS-UserGuides-PreviousVersions/sns-en-cli_serverd_commands_reference_guide-v4.3-LTSB.pdf

How to get the other info available with --add-system-info
info should at least be
firmware version
product name
@lucie-dubrunfaut
Copy link
Contributor

Hello :)

Thank you for this feedback. In order to enable us to conduct our investigation on the subject, do you still have an example of data received (the xml output) when the plugin was working correctly (for example on your version 4.1.x) that you would be willing to share with us? (You can anonymise the fields that require it)

@guillaumechardin
Copy link
Author

Bellow a --debug command return from another working device (before v4.3.30).

OK: product: SN310, firmware: 4.3.27 - uptime is: 30d 17h 36m 13s | 'system.uptime.seconds'=2655373s;;;0;
== Info:   Trying <IPSTORMSHIELD>:31443...
== Info: Connected to <IPSTORMSHIELD> (<IPSTORMSHIELD>) port 31443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info:  CAfile: /etc/pki/tls/certs/ca-bundle.crt
== Info: TLSv1.0 (OUT), TLS header, Certificate Status (22):
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
== Info: TLSv1.2 (IN), TLS header, Certificate Status (22):
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
== Info: TLSv1.2 (IN), TLS header, Finished (20):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
== Info: TLSv1.2 (OUT), TLS header, Finished (20):
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
== Info: SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
== Info: ALPN, server did not agree to a protocol
== Info: Server certificate:
== Info:  subject: C=FR; O=Stormshield; OU=SN310-A; CN=SN310__SERIAL__
== Info:  start date: Feb  7 10:28:04 2017 GMT
== Info:  expire date: Feb  8 10:28:04 2027 GMT
== Info:  issuer: C=FR; L=Issy-Les-Moulineaux; O=Stormshield; OU=Stormshield Network Security; CN=Stormshield Network Security Products CA
== Info:  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
=> Send header: GET /api/command?sessionid=w__truncated___VdaQ&cmd=monitor%20system HTTP/1.1
Host: <IPSTORMSHIELD>:31443
Cookie: NETASQ_sslclient=__truncated___xa8McQ==
Accept:*/*

== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: old SSL session ID is stale, removing
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: Mark bundle as not supporting multiuse
=> Recv header: HTTP/1.1 200 OK
=> Recv header: Date: Thu, 12 Dec 2024 15:31:33 GMT
=> Recv header: Connection: Close
=> Recv header: Pragma: no-cache
=> Recv header: Cache-Control: no-cache, must-revalidate
=> Recv header: Expires: 0
=> Recv header: X-Content-Type-Options: nosniff
=> Recv header: Content-Type: text/xml; charset=utf-8
=> Recv header:
=> Recv data: <?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Début"><data format="section"><section title="STAT_Result"><key name="date" value="2024-12-12 16:31:33"/><key name="uptime" value="30:17:36:13"/><key name="mem" value="1,0,0,0,0,0,4"/><key name="stattime" value="2024-11-11 22:57:11"/><key name="CPUthermal" value="70,70"/><key name="temperature" value="70"/><key name="CPU" value="0,0,1"/><key name="CPU0" value="0,0,1"/><key name="CPU1" value="0,0,1"/><key name="usermem" value="3"/><key name="log" value="0"/></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS alert, close notify (256):
== Info: Closing connection 0
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):
== Info: Hostname <IPSTORMSHIELD> was found in DNS cache
== Info:   Trying <IPSTORMSHIELD>:31443...
== Info: Connected to <IPSTORMSHIELD> (<IPSTORMSHIELD>) port 31443 (#1)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info:  CAfile: /etc/pki/tls/certs/ca-bundle.crt
== Info: TLSv1.0 (OUT), TLS header, Certificate Status (22):
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
== Info: TLSv1.2 (IN), TLS header, Certificate Status (22):
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
== Info: TLSv1.2 (IN), TLS header, Finished (20):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
== Info: TLSv1.2 (OUT), TLS header, Finished (20):
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
== Info: SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
== Info: ALPN, server did not agree to a protocol
== Info: Server certificate:
== Info:  subject: C=FR; O=Stormshield; OU=SN310-A; CN=SN310A__SERIAL__
== Info:  start date: Feb  7 10:28:04 2017 GMT
== Info:  expire date: Feb  8 10:28:04 2027 GMT
== Info:  issuer: C=FR; L=Issy-Les-Moulineaux; O=Stormshield; OU=Stormshield Network Security; CN=Stormshield Network Security Products CA
== Info:  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
=> Send header: GET /api/command?sessionid=w__truncated___aQ&cmd=globaladmin%20getinfos HTTP/1.1
Host: <IPSTORMSHIELD>:31443
Cookie: NETASQ_sslclient=wl__truncated___8McQ==
Accept:*/*

== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
== Info: old SSL session ID is stale, removing
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: Mark bundle as not supporting multiuse
=> Recv header: HTTP/1.1 200 OK
=> Recv header: Date: Thu, 12 Dec 2024 15:31:34 GMT
=> Recv header: Connection: Close
=> Recv header: Pragma: no-cache
=> Recv header: Cache-Control: no-cache, must-revalidate
=> Recv header: Expires: 0
=> Recv header: X-Content-Type-Options: nosniff
=> Recv header: Content-Type: text/xml; charset=utf-8
=> Recv header:
=> Recv data: <?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Début"><data format="section"><section title="Information"><key name="Serial" value="SN310__SERIAL__"/><key name="Name" value="SN310-OGA"/><key name="ProductModel" value="SN310"/><key name="Firmware" value="4.3.27"/><key name="OEM" value="NETASQ"/><key name="Model" value="S"/><key name="Target" value="FW"/><key name="GMTBootDate" value="2024-11-11 21:57:11"/><key name="GMTDate" value="2024-12-12 15:31:34"/><key name="GMTOffset" value="+0100"/><key name="HA" value="Off"/><key name="CurrentPartition" value="Main"/><key name="OtherPartitionVersion" value="3.11.17"/><key name="LastSaveToOtherPartition" value="2024-07-11 21:19:26"/><key name="GlobalAdminOption" value="0"/></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>
== Info: TLSv1.2 (IN), TLS header, Unknown (23):
== Info: TLSv1.3 (IN), TLS alert, close notify (256):
== Info: Closing connection 1
== Info: TLSv1.2 (OUT), TLS header, Unknown (23):
== Info: TLSv1.3 (OUT), TLS alert, close notify (256):

@lucie-dubrunfaut
Copy link
Contributor

Perfect, we'll let you know when we've made any progress on the subject :) thanks

@lucie-dubrunfaut lucie-dubrunfaut changed the title network::stormshield API uptime fail on some conditions [network::stormshield::api::plugin] - mode(uptime): API fail on some conditions Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug in-backlog
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guillaumechardin @lucie-dubrunfaut