All,
Most of the examples and guidance provided on this forum are Packet centric. So, In an attempt to share some of the things that I have been able to get working, I'm going to share some PERL source code.
#!/usr/bin/perl
use Time::ParseDate qw(parsedate);
@sessions;
# Extract the session ids for a particular input criteria - This is very basic criteria. Please add your own specific criteria here
@session_string=`/usr/bin/curl --user "xxxx:xxxx" "http://concentrator_ip:50105/sdk?msg=query&id1=0&id2=0&size=100&query=select%20sessionid+where+device.type='ciscoasa'"`;
# Loop through Each and every session string to extract the session ids
foreach $session(@session_string){
if ($session =~ /sessionid/) {
($session_id) = ($session=~ /(>[0-9]{1,15}<)/);
$session_id =~ s/[>,<]//g;
push (@sessions,$session_id);
}
}
# Debug Message to see that all the session ids were extracted
foreach $session(@sessions) {
print "The session is $session\n";
}
# Create a comma delimited string that will be directly consumed by the REST API
$session_id_commas = join(',',@sessions);
print " $session_id_commas\n";
# Extract the Raw Log Messages based on the criteria stated above and save that to the output.txt file
@session_line=`curl --user 'admin:netwitness' -o output.txt 'http://decoder_ip:50102/sdk/packets?&sessions=$session_id_commas&render=logs'`
