Hi David, Your ip4log assumption is correct.
The ip4log table contains a 1-to-1 relationship with the node table with the latest IPv4 address. Previous IPv4 addresses are moved to the ip4log_archive and ip4log_history tables. The PacketFence admin UI can be used with a browser debugger to inspect the network traffic when a Node is viewed. This page give a good example of how to consume many API endpoints for a specific MAC. Cheers, Darren Satkunas Sr. Software Engineer [signature_1594592603] Office: +1.617.444.1234 Cell: +1.617.444.1234 Akamai Technologies 145 Broadway Cambridge, MA 02142 Connect with Us: [signature_1141431524]<https://community.akamai.com/> [signature_92240047] <http://blogs.akamai.com/> [signature_4182596858] <https://twitter.com/akamai> [signature_3180933309] <http://www.facebook.com/AkamaiTechnologies> [signature_1228908487] <http://www.linkedin.com/company/akamai-technologies> [signature_3470234279] <http://www.youtube.com/user/akamaitechnologies?feature=results_main> From: David Herselman via PacketFence-users <packetfence-users@lists.sourceforge.net> Reply-To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Date: Friday, December 23, 2022 at 2:08 PM To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Cc: David Herselman <d...@syrex.co> Subject: Re: [PacketFence-users] Unregistering user's devices via API call? Hi Darren, I appear to have a working solution but would love some comments on any dangerous assumptions I’m making. Namely, that searching by IP will show the most recent entry in the ip4log for a given IP’s node MAC address. The following attempts to: * Sanitize the input from CheckPoint SmartEvents * Extract the source IP * Obtains an authentication token * Searches the ip4logs for the relevant IP to learn the node’s MAC * Looks up the category (role) ID for ‘REJECT’ * Updates the node PS: Do I need to somehow signal to PacketFence that it should re-evaluate the node and kick it off or is that automatically handled when the role changes? #!/bin/bash # CheckPoint SmartEvent custom correlation rule calls script - $RTDIR/bin/ext_commands/block_on_packetfence INPUT=$(cat); STRIPPED="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}"; API='https://packetfence.redacted.com:1443/api/v1' APIUSER='****************'; APIPSWD='****************'; NEWROLE='REJECT'; MAC=''; NEWROLEID=''; CURL_OUTPUT=''; CURL_HEADER='-H "accept: application/json"'; USERIP=`echo "$STRIPPED" | sed -r '/; IP: / s/.*; IP: ([0-9.]+).*/\1/'`; #USERID=`echo "$STRIPPED" | sed -r '/user_name: / s/.*user_name: ([[:alnum:]_-]+).*/\1/'`; if [ ${#USERIP} -ge 7 ] && [ ${#USERIP} -le 15 ]; then TOKEN=`curl_cli -fsX POST "$API/login" "$CURL_HEADER" -d '{"username":"'$APIUSER'","password":"'$APIPSWD'"}' 2> /dev/null | jq -r .token` || exit 1; DATA='{"fields":["mac"],"query":{"op":"and","values":[{"op":"or","values":[{"field":"ip","op":"equals","value":"'$USERIP'"}]}]},"limit":1}'; MAC=`curl_cli -fsX POST "$API/ip4logs/search" "$CURL_HEADER" -H "Authorization: $TOKEN" -d "$DATA" 2> /dev/null | jq -r '.items[].mac'` || exit 1; NEWROLEID=`curl_cli -fsX GET "$API/node_categories" "$CURL_HEADER" -H "Authorization: $TOKEN" 2> /dev/null | jq -r '.items[] | select(.name|test("'$NEWROLE'")) | .category_id'`; CURL_OUTPUT=`curl_cli -fsSX PATCH "$API/node/$MAC" "$CURL_HEADER" -H "Authorization: $TOKEN" -d '{"category_id":"'$NEWROLEID'"}' 2>&1`; fi if [ ${#CURL_OUTPUT} -gt 0 ]; then echo -e "Source: $USERIP - MAC: $MAC - Role ID: $NEWROLEID - Curl debug data:\n$CURL_OUTPUT"; else echo -e "Source: $USERIP - Curl return code: $? - Sanitised event data:\n$STRIPPED"; fi Herewith an image, in case the text block above is garbled: [cid:image009.png@01D91F5B.70B586D0] PS: Hope the above helps someone else… Regards David Herselman
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users