cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1685
Views
17
Helpful
13
Replies

PI3.1 API - Rogue APs?

biwong
Cisco Employee
Cisco Employee

Hello, is there a way to easily get Rogue AP information through the PI API instead of having to go through the "get alarms" call or "get reports" call?  If not, are there plans to do so in the future to help with PCI compliance reporting?

Or is the better way to go through CMX?

Thanks

Bill

13 Replies 13

Spencer Zier
Cisco Employee
Cisco Employee

I did some tests, is it possible that the .full=true syntax does not work with GET data/RogueAPAlarms ?

I get a 500 internal server error.

.full=true is supported for the RogueApAlarms resource.  The capitalization of the URL does matter, so it should be RogueApAlarms and not RogueAPAlarms, but that would (in this case) yield a 404 error rather than a 500, so I'm guessing that's just a typo.

What is the content of the error?  Do requests without .full=true or requests for particular alarms work?

I did use RogueApAlarms and not RogueAPAlarms.


This is (part of) my script:

If ($getCred -eq $null)

{

  $getCred = Get-Credential

}


$rest_server = "servername"  # replace this with your servername

$decryptedPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($getCred.Password))

$base64password = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("$($getCred.UserName):$decryptedPassword"))

$rest_path = "webacs/api/v3/data"

$rest_module = "RogueApAlarms"


$extraurl = "&severity=ne(CLEARED)&severity=ne(INFORMATION)"

$baseuri = "https://$rest_server/$rest_path/$($rest_module)?.maxResults=1000&.full=true&_ctx.domain=ROOT-DOMAIN$($extraurl)"

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


If ($RestSession -eq $null)

{

  "New rest session started"

  $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -SessionVariable RestSession

}

else

{

  "Excisting rest session used"

  $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession

}

The result I get:

PS H:\> C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1

Excisting rest session used

Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.

At C:\Users\phoving1\Dev\PrimeAPI\rogueapalarms.ps1:25 char:15

+ ...   $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType  ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

PS H:\>

BTW:

If I remove the .full=true syntax, I get results. :-)

PS H:\> $result.queryResponse.entityId

type          url                                                                  #text  

----          ---                                                                  -----  

RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982985 7273982985

RogueApAlarms https://servername/webacs/api/v3/data/RogueApAlarms/7273982986 7273982986

etc...

Paul, PowerShell is dropping some of the error response on the floor.  I can't remember off-the-top how to get it to return the full error response.  Could you please try the same request in a web browser?  In addition to the 500 response code there should be an error response body that will give us more insight.

Thanks for you help.

I cannot use the webbrowser. ("North Bound API users are not allowed to login via the web GUI.")

Though I managed to get more info using powershell. This is a snippet:

$baseuri ="https://servername/webacs/api/v3/data/RogueApAlarms?.full=true&.maxResults=1000&_ctx.domain=ROOT-DOMAIN&severity=ne(CLEARED)&severity=ne(INFORMATION)"

try {

    $result = Invoke-RestMethod -Uri $baseuri -Method Get -ContentType "application/json" -Headers @{"Authorization" = "Basic $base64password"} -WebSession $RestSession

} catch {

    $response = $_.Exception.Response.GetResponseStream()

    $reader = New-Object System.IO.StreamReader($response)

    $reader.BaseStream.Position = 0

    $reader.DiscardBufferedData()

    $responseBody = $reader.ReadToEnd()

}

The data in $responseBody is:

<?xml version="1.0" ?>

<errorDocument>

  <httpResponseCode>500</httpResponseCode>

  <httpMethod>GET</httpMethod>

  <message>could not execute query; SQL [select this_.ID as ID2489_0_, this_.Source as Source2489_0_, this_.Severity as

...

this_.ID asc]; nested exception is org.hibernate.exception.SQLGrammarExcep

tion: could not execute query</exception>

  <uriPath>data/RogueApAlarms</uriPath>

  <queryParams>{.full=[true], .maxResults=[1000], _ctx.domain=[ROOT-DOMAIN], severity=[ne(CLEARED), ne(INFORMATION)]}</queryParams>

</errorDocument>

(full text in the attachment)

It looks like the underlying data structures were not created on your server.  What was your upgrade path?  For example, one upgrade path might be 2.2 fresh install -> 3.0 -> 3.0 MR2 -> 3.2.

My colleague has twice a week contact with the Prime business unit. Maybe it is better if he discuss this issue with them. (It gets a long thread this way.)

When the issue is solved I will post it for others to learn. :-)


Hi Paul,

Did you end up resolving this issue? I am also experiencing the same issue (receiving a "httpResponseCode": 500, when trying to use the .full=true query parameter for /webacs/api/v3/data/RogueApAlarms)

I just tested in the udated PI version 3.2.1, and I do not get any 500 internal server errors! :-)

Next problem to solve is the paging on a volatile dataset. I get a lot of changed data during the query.

Thanks Spencer, will see about upgrading to 3.2.  As a future request, it'll also be good if there's a way to classify rogues directly to PI.  I'm guessing one way to do this is to create a PI template to classify rogues (not sure if you can do that as a template) and then do an API call to the template.

Bill

Thanks for the suggestion.  We'll take it into consideration

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: