Description

This article will provide a BASH script that will help make a mass retrieval of FortiGate configurations from FortiManager.

Scope

FortiManager.

Solution

The following programs are required on the GNU/Linux distribution in use.

• AWK.
• SED.
• SSHPASS.
• SSH Client.

The following links can be used to give more information, options, and some security tips:

Technical Tip: Continuous debug monitoring with Bash and Crontab

Technical Tip: BASH script to retrieve debug information periodically with SSH and SSH multiplexing

To achieve the retrieval of all of the current configurations from all of the FortiGates on board from the FortiManager, the following script will be made in two parts.

First, retrieve through SSH connection the list of FortiGates and parse their OIDs.

Second, make a connection to the FortiManager and request to retrieve the current configuration using the OIDs of the FortiGates.

#!/bin/bash
# Author: vraev
# Source: https://community.fortinet.com

USERNAME="json"
HOSTS=('10.5.144.44')
COMMAND='diagnose dvm device list'

 function sshtofmg()
 {
 export SSHPASS='SomePassH3R3!' 
 sshpass -e ssh -ttn -o BatchMode=no -o StrictHostKeyChecking=no ${USERNAME}@${HOSTNAME} ${@}
 }

function parser()
{
tail +5 | column -t | awk '{print $2}' | grep ^[1-9] 
}

function retrieve()
{
for HOSTNAME in "${HOSTS[@]}"
do
sshtofmg $COMMAND | (parser) > outputfmg.log
sed -i 's/^/diagnose test deploymanager reloadconf /g' outputfmg.log

while read -r line; do
   sshtofmg "$line" </dev/null
done < "outputfmg.log" 

done
exit 1
} 

#cd ~/ssh_test/
retrieve > retrieve.log

To review the logs regarding the operations.
Go to System settings -> Event logs.