Dear,
I'm trying out the webservices of the FortiAnalyzer to retrieve an IPS packet from the FortiAnalyzer.
I'm basing my code on the following example: "Searching and retrieving Fortigate IPS packets logs" pg 247 from fortianalyzer-cli-40-mr3.pdf .
This is my code (dont worry about password and username it's in a lab environment ;-)):
]#!/usr/bin/perl
use strict;
use SOAP::Lite +trace => 'debug';
use SOAP::WSDL;
my $NS= "urn:FortiAnalyzerWS";
my $WSDL_URL= "https://10.0.111.1:8080/FortiAnalyzerWS?wsdl";
my $URI= "https://10.0.111.1:8080/FortiAnalyserWS";
my $PROXY=$URI;
my $USERNAME="soap";
my $PASSWORD="soap";
my $Client = SOAP::Lite
->service($WSDL_URL)
->proxy($PROXY);
$Client->readable(1);
my $Serializer = $Client->serializer();
$Serializer->register_ns($NS, 'ns2');
my $header = SOAP::Data->name("ns2:Header" =>
\SOAP::Data->value(
SOAP::Data->name("ns2:UserName" => $USERNAME),
SOAP::Data->name("ns2:Password" => $PASSWORD)
)
)
;
my $body =
SOAP::Data->name("ns2:Body" =>
\SOAP::Data->value(
SOAP::Data->name("ns2:FortiAnalyzerGetArchive" =>
\SOAP::Data->value(
SOAP::Data->name('ns2:Type' => 'IPS')
->type('ns2:ArchiveTypes')
,
SOAP::Data->name('ns2:DeviceID' => 'FGT60C3G11022932')
->type('ns2:string63')
,
SOAP::Data->name('ns2:FileName' => '670277741')
->type('ns2:string63')
,
SOAP::Data->name('ns2:Compression' => 'None')
->type('ns2:CompressionType')
,
SOAP::Data->name('ns2:Password' => '')
->type('ns2:string255')
)
)
)
)
;
#my $body = SOAP::Data->name("ns2:Body" =>
# \SOAP::Data->value(
# SOAP::Data->name("ns2:FortiAnalyzerGetSystemStatus")
# )
# )
#;
my $Response = $Client->call( SOAP::Data->name('ns2:FortiRequestEl')
=> ($header, $body)
);
print $Response->result();
This is the output:
SOAP::Transport::HTTP::Client::send_receive: POST https://10.0.111.1:8
+080/FortiAnalyserWS HTTP/1.1
Accept: text/xml
Accept: multipart/*
Accept: application/soap
Content-Length: 1195
Content-Type: text/xml; charset=utf-8
SOAPAction: "urn:FortiAnalyzerWS#FortiRequestEl"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope
xmlns:ns2="urn:FortiAnalyzerWS"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<ns2:FortiRequestEl>
<ns2:Header>
<ns2:UserName xsi:type="xsd:string">soap</ns2:UserName>
<ns2:Password xsi:type="xsd:string">soap</ns2:Password>
</ns2:Header>
<ns2:Body>
<ns2:FortiAnalyzerGetArchive>
<ns2:Type xsi:type="ns2:ArchiveTypes">IPS</ns2:Type>
<ns2:DeviceID xsi:type="ns2:string63">FGT60C3G11022932</ns2:DeviceID>
<ns2:FileName xsi:type="ns2:string63">670277741</ns2:FileName>
<ns2:Checksum xsi:type="ns2:string63" />
<ns2:Compression xsi:type="ns2:CompressionType">None</ns2:Compression>
+
<ns2:Password xsi:type="ns2:string255" />
</ns2:FortiAnalyzerGetArchive>
</ns2:Body>
</ns2:FortiRequestEl>
</soap:Body>
</soap:Envelope>
SOAP::Transport::HTTP::Client::send_receive: HTTP/1.1 500 Internal Ser
+ver Error
Connection: close
Server: gSOAP/2.7
Content-Length: 672
Content-Type: text/xml; charset=utf-8
Client-Date: Mon, 14 May 2012 13:57:48 GMT
Client-Peer: 10.0.111.1:8080
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /CN=FL10VM0000000000/O=Fortinet/OU=Fortilog/C=
+US/ST=California/L=Sunnyvale/emailAddress=support@fortinet.com
Client-SSL-Cert-Subject: /CN=FL10VM0000000000/O=Fortinet/OU=Fortilog/C
+=US/ST=California/L=Sunnyvale/emailAddress=support@fortinet.com
Client-SSL-Cipher: AES256-SHA
Client-SSL-Warning: Peer certificate not verified
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/env
+elope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xm
+lns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http:/
+/www.w3.org/2001/XMLSchema" xmlns:ns1="http://localhost:8080/FortiAna
+lyzerWS.wsdl" xmlns:ns2="urn:FortiAnalyzerWS"><SOAP-ENV:Body><SOAP-EN
+V:Fault><faultcode>SOAP-ENV:Client</faultcode><faultstring xsi:type="
+xsd:string">Fatal error</faultstring><faultactor xsi:type="xsd:string
+"/><detail/><SOAP-ENV:Code/><SOAP-ENV:Reason/><SOAP-ENV:Node/><SOAP-E
+NV:Role/><SOAP-ENV:Detail/></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-EN
+V:Envelope>
Anyone a clue why I get a fatal error? If I run FortiAnalyzerGetSystemStatus I don't have any problems.
Thanks in advance for your help!
With kind regards,
Geert
PS Below the wsdl
type="xsd:string"/><element name="service" minOccurs="0" type="xsd:str
+ing"/><element name="status" minOccurs="0" type="xsd:string"/><elemen
+t name="hostname" minOccurs="0" type="xsd:string"/><element name="url
+" minOccurs="0" type="xsd:string"/><element name="from" minOccurs="0"
+ type="xsd:string"/><element name="to" minOccurs="0" type="xsd:string
+"/><element name="rulename" minOccurs="0" type="xsd:string"/><element
+ name="action" minOccurs="0" type="xsd:string"/><element name="msg" m
+inOccurs="0" type="xsd:string"/><element name="NonDefFields" minOccur
+s="0" maxOccurs="unbounded" type="ns:LogFields"/><!-- any new fields
+not defined yet, In XML format string --></sequence></complexType><co
+mplexType name="AppCtrlLogsType"><sequence><element name="itime" minO
+ccurs="0" type="xsd:int"/><element name="date" minOccurs="0" type="xs
+d:date"/><element name="time" minOccurs="0" type="xsd:time"/><element
+ name="device_id" minOccurs="0" type="xsd:string"/><element name="clu
+ster_id" minOccurs="0" type="xsd:string"/><element name="devname" min
+Occurs="0" type="xsd:string"/><element name="log_id" minOccurs="0" ty
+pe="xsd:string"/><element name="type" minOccurs="0" type="xsd:string"
+/><element name="subtype" minOccurs="0" type="xsd:string"/><element n
+ame="pri" minOccurs="0" type="xsd:string"/><element name="vd" minOccu
+rs="0" type="xsd:string"/><element name="policyid" minOccurs="0" type
+="xsd:string"/><element name="user" minOccurs="0" type="xsd:string"/>
+<element name="group" minOccurs="0" type="xsd:string"/><element name=
+"src" minOccurs="0" type="xsd:string"/><element name="src_port" minOc
+curs="0" type="xsd:int"/><element name="src_int" minOccurs="0" type="
+xsd:string"/><element name="dst" minOccurs="0" type="xsd:string"/><el
+ement name="dst_port" minOccurs="0" type="xsd:int"/><element name="ds
+t_int" minOccurs="0" type="xsd:string"/><element name="service" minOc
+curs="0" type="xsd:string"/><element name="status" minOccurs="0" type
+="xsd:string"/><element name="from" minOccurs="0" type="xsd:string"/>
+<element name="to" minOccurs="0" type="xsd:string"/><element name="ac
+tion" minOccurs="0" type="xsd:string"/><element name="msg" minOccurs=
+"0" type="xsd:string"/><element name="app" minOccurs="0" type="xsd:st
+ring"/><element name="app_type" minOccurs="0" type="xsd:string"/><ele
+ment name="app_list" minOccurs="0" type="xsd:string"/><element name="
+reason" minOccurs="0" type="xsd:string"/><element name="kind" minOccu
+rs="0" type="xsd:string"/><element name="carrier_ep" minOccurs="0" ty
+pe="xsd:string"/><element name="content" minOccurs="0" type="xsd:stri
+ng"/><element name="count" minOccurs="0" type="xsd:int"/><element nam
+e="dir" minOccurs="0" type="xsd:string"/><element name="dst_name" min
+Occurs="0" type="xsd:string"/><element name="src_name" minOccurs="0"
+type="xsd:string"/><element name="duration" minOccurs="0" type="xsd:i
+nt"/><element name="filename" minOccurs="0" type="xsd:string"/><eleme
+nt name="filesize" minOccurs="0" type="xsd:int"/><element name="fwver
+" minOccurs="0" type="xsd:string"/><element name="message" minOccurs=
+"0" type="xsd:string"/><element name="phone" minOccurs="0" type="xsd:
+string"/><element name="profile" minOccurs="0" type="xsd:string"/><el
+ement name="req" minOccurs="0" type="xsd:string"/><element name="NonD
+efFields" minOccurs="0" maxOccurs="unbounded" type="ns:LogFields"/><!
+-- any new fields not defined yet, In XML format string --></sequence
+></complexType><complexType name="NetScanLogsType"><sequence><element
+ name="itime" minOccurs="0" type="xsd:int"/><element name="date" minO
+ccurs="0" type="xsd:date"/><element name="time" minOccurs="0" type="x
+sd:time"/><element name="device_id" minOccurs="0" type="xsd:string"/>
+<element name="cluster_id" minOccurs="0" type="xsd:string"/><element
+name="devname" minOccurs="0" type="xsd:string"/><element name="log_id
+" minOccurs="0" type="xsd:string"/><element name="type" minOccurs="0"
+ type="xsd:string"/><element name="subtype" minOccurs="0" type="xsd:s
+tring"/><element name="pri" minOccurs="0" type="xsd:string"/><element
+ name="vd" minOccurs="0" type="xsd:string"/><element name="ip" minOcc
+urs="0" type="xsd:string"/><element name="action" minOccurs="0" type=
+"xsd:string"/><element name="service" minOccurs="0" type="xsd:string"
+/><element name="proto" minOccurs="0" type="xsd:string"/><element nam
+e="severity" minOccurs="0" type="xsd:string"/><element name="os" minO
+ccurs="0" type="xsd:string"/><element name="os_family" minOccurs="0"
+type="xsd:string"/><element name="os_gen" minOccurs="0" type="xsd:str
+ing"/><element name="os_vendor" minOccurs="0" type="xsd:string"/><ele
+ment name="port" minOccurs="0" type="xsd:int"/><element name="vuln" m
+inOccurs="0" type="xsd:string"/><element name="vuln_cat" minOccurs="0
+" type="xsd:string"/><element name="vuln_id" minOccurs="0" type="xsd:
+string"/><element name="start" minOccurs="0" type="xsd:int"/><element
+ name="end" minOccurs="0" type="xsd:int"/><element name="engine" minO
+ccurs="0" type="xsd:string"/><element name="plugin" minOccurs="0" typ
+e="xsd:string"/><element name="asset" minOccurs="0" type="xsd:string"
+/><element name="NonDefFields" minOccurs="0" maxOccurs="unbounded" ty
+pe="ns:LogFields"/><!-- any new fields not defined yet, In XML format
+ string --></sequence></complexType><!-- System Status --><complexTyp
+e name="FortiAnalyzerSystemStatusResults"><annotation><documentation>
The System Status
</documentation></annotation><sequence><element name="SerialN
+umber" type="xsd:string"/><element name="UpTime" type="xsd:string"/><
+element name="HostName" type="xsd:string"/><element name="FirmwareVer
+sion" type="xsd:string"/><element name="LicenseInfo_RVSEngine" type="
+xsd:string"/><element name="LicenseInfo_RVPPlugins" type="xsd:string"
+/><element name="DeviceLicense_FortiGateSyslogs_reg" type="xsd:int"/>
+<element name="DeviceLicense_FortiGateSyslogs_unreg" type="xsd:int"/>
+<element name="DeviceLicense_FortiManagers_reg" type="xsd:int"/><elem
+ent name="DeviceLicense_FortiManagers_unreg" type="xsd:int"/><element
+ name="SystemResources_mem" type="xsd:int"/><element name="SystemReso
+urces_cpu" type="xsd:int"/><element name="SystemResources_HD" type="x
+sd:int"/><element name="NumRaidDisks" type="xsd:int"/><element name="
+RaidLevel" type="xsd:string"/><element name="RaidDisk" minOccurs="0"
+maxOccurs="12"><complexType><sequence><element name="DiskNum" type="x
+sd:int"/><element name="MemberOfRaid" type="ns:YesNo"/><element name=
+"Status" type="ns:DiskStatus"/><element name="Size" type="xsd:int"/><
+!-- in MB --></sequence></complexType></element><element name="DiskSp
+aceFree" type="xsd:int"/><!-- in MB --><element name="DiskSpaceUsed"
+type="xsd:int"/><!-- in MB --></sequence></complexType><!-- Configura
+tions --><complexType name="FortiGetConfigurationsResults"><annotatio
+n><documentation>
The Configurations in CLI syntax
</documentation></annotation><all><element name="Configuratio
+ns" type="xsd:string"/></all></complexType><complexType name="FortiSe
+tConfigurationsResults"><annotation><documentation>
Set configurations in CLI syntax
</documentation></annotation><all minOccurs="0"><element name
+="Status" type="ns:SuccessFailed"/><element name="CLIError" type="xsd
+:string"/><element name="ErrorLineNumber" type="xsd:int"/></all></com
+plexType></schema></types><message name="FortiRequest"><part name="re
+q" element="ns:FortiRequestEl"/></message><message name="FortiRespons
+e"><part name="res" element="ns:FortiResponseEl"/></message><portType
+ name="FortiAnalyzerWSPortType"><operation name="FortiRequest"><docum
+entation>Service definition of function ns__FortiRequest</documentati
+on><input message="tns:FortiRequest"/><output message="tns:FortiRespo
+nse"/></operation></portType><binding name="FortiAnalyzerWS" type="tn
+s:FortiAnalyzerWSPortType"><SOAP:binding style="document" transport="
+http://schemas.xmlsoap.org/soap/http"/><operation name="FortiRequest"
+><SOAP:operation soapAction=""/><input><SOAP:body use="literal"/></in
+put><output><SOAP:body use="literal"/></output></operation></binding>
+<service name="FortiAnalyzerWS"><documentation>gSOAP 2.7.7 generated
+service definition</documentation><port name="FortiAnalyzerWS" bindin
+g="tns:FortiAnalyzerWS"><SOAP:address location="https://localhost:808
+0/FortiAnalyzerWS"/></port></service></definitions>