Useful firewall one liners
From cpwiki.net
Contents |
state sync sent/rec packets check
fw ctl pstat | grep -A 1 "Sync p" | awk '{print $1,$2,$3}'
fw ctl pstat | grep -A 1 "Sync packets sent" | grep total | awk '{print $3}' | awk -F , '{print $1}'
fw ctl pstat | grep -A 1 "Sync packets received" | grep total | awk '{print $3}' | awk -F , '{print $1}'
VRRP
get VRIDs
clish -c "show vrrp interfaces" | grep VRID | tr -d '\n' ; echo ""
nokia validation
Interfaces
ssh -l username desthostname "/bin/ifconfig -a | grep broadcast | grep -v vrrpmac" | awk '{ i = NF-2; print $i }'
Routes on ipso 6.x (remote command from jumpbox)
ssh -l username firewall_name "netstat -rn | grep user | sort -n" | awk '{print $1, $4,$8}'
Route on ipso 4.x
ssh -l username firewall_name "netstat -rn | grep iCSU | sort -n" | awk '{print $1, $2,$6}'
routes
cat /config/active | grep "default:gateway:address"
grab active interfaces only
clish -c "show interfaces" | grep -B 1 On | grep Interface|awk '{print $3}'
grab active interfaces and produce clish commands for logical interface stats
clish -c "show interfaces" | grep -B 1 On | grep Interface | grep -v loop | grep -v Tunnel | awk '{print "clish -c \"show interface "$3, "statistics\" |grep -C 1 Bytes;"}'
grab active interfaces and produce clish commands for physical interface stats unfiltered
clish -c "show interfaces" | grep -B 1 Up | grep Interface | grep -v loop | grep -v Tunnel | awk '{print "clish -c \"show interface "$3, "statistics\" ;"}'
error check
clish -c "show interfaces" | grep -B 1 Up | grep Interface | grep -v loop | grep -v Tunnel | awk '{print "clish -c \"show interface "$3, "statistics\" |grep -A 3 Errors;"}'
VRRP verfication vrrp pre-upgrade recon
script that looks for any foreign vrrp advertisement
???
MDS commands
Customer list - useful for determining mdscmd startcma/stopcma first parameter (not given by mdsstat)
mdsquerydb Customers
list firewall logs, sorted with backslash for copy/paste into gzip command
# ls -t *.log |awk '{print $1,"\\"}'|sort -n|more
