Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Get ARP Table via API

Hi everyone,

I want to grab the dynamic neighbor cache of the Sophos XG via the API for a script, but it's not quite clear to me how it is done. There is a entry in the Sophos API Help for "Get Dynamic Neighbour Entries", but is does not seem to be complete. It is lacking a sample configuration, so I am not sure about the syntax. The only attribute seems to be "IPFamily"... So I tried the following query:

"https://FIREWALL:4444/webconsole/APIController?reqxml=<Request><Login><UserName>USER</UserName><Password>PASS</Password></Login><Get><GetDynamicNeighbourEntries><IPFamily>IPv4</IPFamily></GetDynamicNeighbourEntries></Get></Request>"

My logfile says...

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.2" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<GetDynamicNeighbourEntries>
<Status code="529">Input request module is Invalid</Status>
</GetDynamicNeighbourEntries>
</Response>

Any ideas? If this does not work, I guess I will have to ssh into the advanced shell via inputs and send an "arp" command, which is rather slow...

Cheers



This thread was automatically locked due to age.
Parents Reply
  • Hi Lucar,

    thanks, I see. I connected a XG Cluster with Sophos Central, turned on reporting and signed on the data lake EAPs.

    I can request logdata in data lake, it seems that queries "Network: ARP cache" do not return any data. The xdr_data table seems to be empty and I assume that it is the table for endpoint data. I do not have any endpoints installed. Is there a document for the database schema of the xgfw_data table available or is it only the logs as of now? I seems the data lake for XG is still work in progress.

    Cheers

Children