Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Newbie
    Join Date
    Mar 2011
    Posts
    4

    Unhappy View config and rules via SSH Telnet

    On a Cisco ASA I can use a 'show running-config' and see al the rules and config settings for the firewall.

    I am confused as to whether the UVM is where all the rules are filed and whether this can be viewed with a cat or other command?

    Can I use tftp to get the config off the appliance to backup?

    Thanks - I have read extensively about the Backup Application but I want to track changes to the config in our central CMDB which I do for other devices using a Telnet listing of the config or TFTP dump of it.

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Its better to use the "PDM" , via browser :-).
    Take in mind a lot of app installed in the untangle, each one with config, rules, tables, and so.
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    Newbie
    Join Date
    Mar 2011
    Posts
    4

    Default

    Thanks and understand "Its better to use the "PDM" but do you mean it cant be done via a scripted Telnet/SSH Telnet interaction?

    My CMDB only uses a scripted Telnet/SSH Telnet interaction so browser isn't my preferred option.

    As a Linux appliance I am guessing the config is stored in a series of files that I can copy or Cat?

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,235

    Default

    Untangle's configuration is stored in the postgres database. There is a command line utility, ucli, but it's incomplete.

    The only real way to configure Untangle at this time is via the GUI.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Mar 2011
    Posts
    4

    Default

    Thanks Rob - just to be clear, I don't want to configure Untangle, just view rules and other 'running config' type settings. I am starting to think it isn't possible?

  6. #6
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    Over time we are converting all of the configurations to JSON text in /usr/share/untangle/conf but at present, the configuration is stored mostly in the postgres database.

    You could dump the postgres database called settings to disk nightly and diff that I suppose.
    Code:
    pg_dump -U postgres -D -a -n settings uvm > /usr/share/untangle/conf/dbdump.pg
    How readable is that? Probably not very. Especially since there is no guarantee that any single configuration update won't change the order of the database dump dramatically.

    In short, there isn't really a way to support the tool you describe.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Mar 2011
    Posts
    4

    Default

    I like the sound of the /usr/share/untangle/conf!

    Probably my final query on this piece then - is there a way to schedule the database dump?

    Maybe using standard Linux Kron or other?

  8. #8
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    make a script with that command and drop it into /etc/cron.daily

    ie:
    Code:
    cat >/etc/cron.daily/dumpsettings.sh <<EOF
    #!/bin/sh
    pg_dump -U postgres -D -a -n settings uvm > /usr/share/untangle/conf/dbdump.pg
    EOF
    chmod a+x /etc/cron.daily/dumpsettings.sh
    I don't recommend this for the reasons stated above.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,235

    Default

    Quote Originally Posted by mrunkel View Post
    Over time we are converting all of the configurations to JSON text in /usr/share/untangle/conf but at present, the configuration is stored mostly in the postgres database.

    You could dump the postgres database called settings to disk nightly and diff that I suppose.
    Code:
    pg_dump -U postgres -D -a -n settings uvm > /usr/share/untangle/conf/dbdump.pg
    How readable is that? Probably not very. Especially since there is no guarantee that any single configuration update won't change the order of the database dump dramatically.

    In short, there isn't really a way to support the tool you describe.
    Does this mean a long term goal of removing postgres entirely? Well, I assume for everything short of the reports.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,040

    Default

    The goal is to bring some sanity to our settings and save the database for say, data.
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.

    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2