forked from DirkDuesentrieb/fgsniffer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fgsniffer-live.sh
102 lines (87 loc) · 2.17 KB
/
fgsniffer-live.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/sh
set -e
CLInoMOREhack=' | grep ^' # Choose if some of your units are configured config-system-console; set-output-more (FGT default)
#CLInoMOREhack='' # Choose if ALL your units are configured "set output normal". This may reduce latency.
default_vdom="Prod" # Will be tab-completed, first few letters are sufficient
#################################
host=""
vdom="$default_vdom"
interface="any"
outfilter=""
userfilter=""
localfilter=""
mode=6
count=0
usage() {
echo "Usage: $0 [-n count] [-d vdom] [-i interface|any] [-o interface|in|out|any] host [filter [local-filter]]"
exit $1
}
while getopts "hn:d:i:o:" opt; do
case "$opt" in
h) usage 0 ;;
n) count="$OPTARG" ;;
d) vdom="$OPTARG" ;;
i) interface="$OPTARG" ;;
o) outfilter="$OPTARG" ;;
*) usage 1 ;;
esac
done
shift `expr $OPTIND - 1`
case "$#" in
3) host="$1"; userfilter="$2"; localfilter="$3";;
2) host="$1"; userfilter="$2" ;;
1) host="$1";;
0) echo "Missing mandatory argument: Host" >&2
usage 1
;;
*) echo "Too many arguments" >&2
usage 1
;;
esac
case "$host" in
# Fortigate 1-HA cluster
1a|fw1a) hostIP=10.0.0.8 ;;
1b|fw1b) hostIP=10.0.0.9 ;;
1|fw1) hostIP=10.0.0.10 ;;
# Fortigate 2
2|fw2) hostIP=10.1.0.10 ;;
# Fortigate 3
3|fw3) hostIP=10.2.0.10 ;;
*) cat <<END
Unsupported host \"$host\", try one of:
UNCONFIGURED, edit the script
1 fw1 fw1a fw1b
2 fw2
3 fw3
END
exit 1 ;;
esac
fgcommand_vdom='
config vdom
edit '"$vdom"' '
fgcommand_sniff="$fgcommand_vdom"'
diag sniffer packet %s "%s" %s %s a'"$CLInoMOREhack"
if ! [ 0 -le "$count" ]; then
echo "ERROR: count \"$count\" is not a number"
exit 1
fi
# Prevent us from capturing OUR OWN ssh connection
sshfilter="(not (host $hostIP and port 22))"
if [ -n "$userfilter" ]; then
filter="($userfilter) and ($sshfilter)"
else
filter="$sshfilter"
fi
# Prepare livecommand and its args
if [ -n "$outfilter" ]; then
livecommand="tcpdump"
if [ -n "$localfilter" ]; then
set -- -nr - "$localfilter"
else
set -- -nr -
fi
else
livecommand="cat"
set -- '-'
fi
printf "$fgcommand_sniff" "$interface" "$filter" "$mode" "$count" | ssh "$hostIP" | sed 's/^[^#]\+ # *//' | fgsniffer-converter "$outfilter" | "$livecommand" "$@"