-1

I am having an issue with getting my python script to return or print any output for the following command run on my fortigate firewall

'diagnose sniffer packet any "host X.X.X.X and port 53" 4 0 a

def dns_pcap():
    device = ConnectHandler(device_type="fortinet", ip="X.X.X.X", username="xxxxxxxx", password="xxxxxxxxx")
    lines = []
    gi_pcap = device.send_command('diagnose sniffer packet GI "host X.X.X>X and port 53" 4 0 a')
    output = device.read_channel()

    print(output)

dns_pcap()

The script outputs nothing to my terminal, anyone have any idea how to get the output of this to command to print to my screen?

(Also please note I am using python2.7)

I have many scripts running to both fortinet and cisco devices, and they all print outputs from variable assigned commands to screen when i execute my scripts, but not in this case

I am assuming it is because the output is not static like a 'show system interface' but I am not sure how to handle dynamic output from a command.

mkrieger1
  • 19,194
  • 5
  • 54
  • 65
Dunner1991
  • 19
  • 3

3 Answers3

0

The output is the result of the method device.send_command. output = device.read_channel() is not necessary. Replace print(output) with print(gi_pcap) and you'll be on the right track.

If the command requires any sort of interaction, that can also cause it to freeze up because the script is waiting for a prompt that will never come. You can see if this is happening by saving the session log output. You can do this by adding session_log="device.txt" to your session arguments, with device.txt being any filename relevant to you. The contents of that file will be whatever is being sent back and forth in the SSH session to the device.

  • Hi Richard, thank you for your response, i will try your suggestions out now – Dunner1991 Apr 04 '22 at 17:22
  • So i changed my script tp print gi_pcap but i get the same issue, nothing is printed to screen, interesting if issue an incorrect command like 'diagnose sniffer packet GI "host X.X.X>X and kport 53" 4 0 a' it prints a response – Dunner1991 Apr 04 '22 at 17:30
  • What's the result of issuing the command `diagnose sniffer packet GI "host X.X.X>X and kport 53` on the device? Does it produce a finite amount of information or does it print information indefinitely? –  Apr 04 '22 at 17:32
  • it just responds with a #> – Dunner1991 Apr 04 '22 at 17:39
  • If `#>` is the normal prompt of the machine, then the results of `send_command` would strip the prompt from the result, resulting in a blank string being returned. It sounds like the netmiko portion is working alright, it's the command that needs to be adjusted in order to give the output you're looking for. –  Apr 04 '22 at 17:42
  • #> is the normal prompt if there is an error with the command. I can get output from most other commands i.e. sh system interface, but because the diagnose sniffet packet essentally outputs until the command is stopped it seems the script does not know how to handle the output – Dunner1991 Apr 04 '22 at 17:50
  • I don't think netmiko is going to work for you. When you are running `send_command`, it's going to read the output until it gets back to the prompt. If the output is indefinite, it will never receive that prompt. Check out this thread on using paramiko to receive streaming output: https://stackoverflow.com/questions/31834743/get-output-from-a-paramiko-ssh-exec-command-continuously The short of it is, because the output is technically "infinite", you have to read and process one chunk out output at a time. –  Apr 04 '22 at 17:54
0

The answer was indeed found in this post

Get output from a Paramiko SSH exec_command continuously

using paramiko and the get_pty=True argument in the function allowed me to print the pseudu terminal

Thanks very much to Richard Dodson for the help

Dunner1991
  • 19
  • 3
0

Can you share what is the interval time of getting an output in your Fortigate device for this command? Depending on the interval time, netmiko should have also worked.

What I have also tested in a different vendor using Netmiko for an dynamic output that I tried to get data in 10 seconds interval (Totally 100 seconds), it worked without an issue, I was able to get the output properly. However, when I have increased time of the interval of getting data as 11 or 12, I get some errors so it did not work.

Can you also try with Netmiko "timing" method to get your data? If the interval is shorter than 1-2 seconds, this method should also help. (For example, I can get ping output with 100 count without an error using timing method. Did you also try to get ping output in your network box if it works?)

I think that the size of the data you expect from your output is also important in your case. If the size is too big to be shown in a CLI screen, this may cause also a problem. In that case, you might need to open a file to save your data and use it from that file might be another option.

Better if you can advise if there is a regular time interval of this command along with the expected size of the data.

In addition, what I have also figure it out that in case the output takes more than 100 seconds, it might cause the problem. Here is the sample of how to this option following:

{
        'device_type': 'device_type',
        'ip': '135.243.92.119',
        'username': 'admin',
        'password': 'admin',
        'port': port,
        "fast_cli": False, # fast_cli
        "global_delay_factor": 2 # if the outputs takes more than 100 seconds. 
    }
Baris Ozensel
  • 433
  • 1
  • 3
  • 11