usage: fcpc skybox [-h] [--skybox.url SKYBOX.URL] [--skybox.user SKYBOX.USER]
[--skybox.password SKYBOX.PASSWORD]
[--skybox.crt SKYBOX.CRT] [--skybox.tls.ignore {0,1}]
[--skybox.ignore_errors {0,1}]
[--skybox.reimport_networks {0,1}]
[--skybox.id_prefix SKYBOX.ID_PREFIX]
[--skybox.elastic.url SKYBOX.ELASTIC.URL]
[--skybox.elastic.user SKYBOX.ELASTIC.USER]
[--skybox.elastic.password SKYBOX.ELASTIC.PASSWORD]
[--skybox.elastic.indices SKYBOX.ELASTIC.INDICES]
[--skybox.elastic.max_index_age SKYBOX.ELASTIC.MAX_INDEX_AGE]
[--skybox.cleanup.months SKYBOX.CLEANUP.MONTHS]
[--skybox.cleanup.days SKYBOX.CLEANUP.DAYS]
[--skybox.cleanup.weeks SKYBOX.CLEANUP.WEEKS]
{download-and-import-all,import-locations,report-firewall-changes,get-last-elastic-index,list-skybox-indexes,elastic-query,elastic-sql,thinout-indices,list-thinout-indices}
[skyboxobjects ...]
positional arguments:
{download-and-import-all,import-locations,report-firewall-changes,get-last-elastic-index,list-skybox-indexes,elastic-query,elastic-sql,thinout-indices,list-thinout-indices}
Choices:
download-and-import-all
import-locations
report-firewall-changes
get-last-elastic-index
list-skybox-indexes
elastic-query
elastic-sql
thinout-indices
list-thinout-indices
skyboxobjects
optional arguments:
-h, --help show this help message and exit
--skybox.url SKYBOX.URL
Skybox base URL[Defined:fcplib.module.skybox.cmd]
(default: None)
--skybox.user SKYBOX.USER
Skybox username[Defined:fcplib.module.skybox.cmd]
(default: None)
--skybox.password SKYBOX.PASSWORD
Skybox password[Defined:fcplib.module.skybox.cmd]
(default: None)
--skybox.crt SKYBOX.CRT
Skybox certificate to use for
TLS[Defined:fcplib.module.skybox.cmd] (default: None)
--skybox.tls.ignore {0,1}
Skybox ignore TLS
errors[Defined:fcplib.module.skybox.cmd] (default: 0)
Choices:
0
1
--skybox.ignore_errors {0,1}
Skybox ignore API
errors[Defined:fcplib.module.skybox.cmd] (default: 0)
Choices:
0
1
--skybox.reimport_networks {0,1}
Reimport all networks. If set to 0, only network which
are not in model yet are
indexed.[Defined:fcplib.module.skybox.cmd] (default:
0)
Choices:
0
1
--skybox.id_prefix SKYBOX.ID_PREFIX
Skybox prefix to prefix each id. Can be used for same
objects touched by different
tasks.[Defined:fcplib.module.skybox.cmd] (default: s)
--skybox.elastic.url SKYBOX.ELASTIC.URL
Skybox elastic URL[Defined:fcplib.module.skybox.cmd]
(default: None)
--skybox.elastic.user SKYBOX.ELASTIC.USER
Skybox elastic
username[Defined:fcplib.module.skybox.cmd] (default:
None)
--skybox.elastic.password SKYBOX.ELASTIC.PASSWORD
Skybox elastic
password[Defined:fcplib.module.skybox.cmd] (default:
None)
--skybox.elastic.indices SKYBOX.ELASTIC.INDICES
Skybox indices pattern - contains all indices related
to skybox[Defined:fcplib.module.skybox.cmd] (default:
csv_*,model_*,trend_*,config_*,metadata_*,system_*,adm
in_*)
--skybox.elastic.max_index_age SKYBOX.ELASTIC.MAX_INDEX_AGE
Skybox maximum index age to search in
days.[Defined:fcplib.module.skybox.cmd] (default: 2)
--skybox.cleanup.months SKYBOX.CLEANUP.MONTHS
How many months back to keep indexes. After this
months, indices are DELETED. If set to 0, do not
cleanup old monthly.[Defined:fcplib.module.skybox.cmd]
(default: 24)
--skybox.cleanup.days SKYBOX.CLEANUP.DAYS
How many days back to keep indexes with full data.
After this days, indices are thined out. If set to 0,
do not cleanup old
daily.[Defined:fcplib.module.skybox.cmd] (default: 7)
--skybox.cleanup.weeks SKYBOX.CLEANUP.WEEKS
How many weeks back to keep indexes with thined data.
During this period, only 1 idices per week is left
(every Monday), rest is deleted. If set to 0, do not
cleanup old weekly[Defined:fcplib.module.skybox.cmd]
(default: 4)
This module can fetch data from Skybox.
In future, we can even modify objects.
It uses new (mostly undocummented) REST API. See https://:8443/skybox/webservice/swagger-ui/index.html
For now, we import:
fcpc skybox download-and-import-all
fcpc skybox elastic-search index "SOLR"
fcpc skybox elastic-sql "SQL"
You need to have fresh data within these elastic indexes! Run corresponding tasks before!
fcpc skybox report-firewall-changes ["changesolr" ["rulesolr"]]
fcpc --output.format=csv --skybox.ignore_errors=1 skybox report-firewall-changes 'ChangeType: ( "Modified" "New")' 'violationsCountRulePolicy: [ 1 TO * ]' >changes.csv
fcpc skybox get-last-elastic-index <indexprefix>
fcpc skybox get-last-elastic-index 'model_net_interfaces*'
fcpc skybox list-elastic-indexes '*'
fcpc skybox list-elastic-indexes 'csv_*'
Thinout works by this alghoritm:
To thinout old skybox indexes, first check them
fcpc skybox list-thinout-indices
# And after review, run
fcpc skybox thinout-indices