Use WebSockets for session monitoring
You can use WebSockets to monitor connections, block lists, VPN SAs, users, routing, SSL VPNs, and neighbors.
Steps
Example
For example, to open a channel to monitor the BLOCK_LIST on the Plano FW NGFW Engine and output the result as text, send the command:
{"query": {"definition":"BLOCK_LIST","target":"Plano FW"}, "fetch":{}, "format":{"type":"texts"}}
The resulting entries contain a delta_key value. The delta_key value identifies an event, such as a block listed connection. Several entries can be associated with an event. Each entry corresponds to a state of the event, such as creation (added), update, and delete.
Additionally, each BLOCK_LIST entry contains a reference:
“block_list_href":http://localhost:8082/5.9/elements/single_fw/1649/block_list/MQ==
This reference allows you to retrieve a specific BLOCK_LIST entry and delete it using the SMC API:
>>>{"fetch":-
1616514795,"records":{"added":[{"SessionEvent":"1","BlackListEntrySourcePort":"1024","CompId":
"Plano FW node 1","ReceptionTime":"2015-05-29 12:35:15",
"block_list_href":"http://localhost:8082/7.0/elements/single_fw/1649/block_list/MQ==",
"DataType":"7","DataTags":"INFO: BLOCK_LIST Monitoring","BlackListEntryDestinationIp":"1.1.1.0",
"BlackListEntryDuration":"0","BlackListEntryProtocol":"TCP","SenderDomain":"Shared Domain",
"BlackListEntrySourceIp":"1.1.1.0","BlackListEntryId":"MQ==","NodeId":"Plano FW node 1",
"BlackListEntrySourceIpMask":"255.255.255.0","delta_key":"AgE=",
"BlackListEntrySourcePortRange":"65535","RefEvent":"2015-05-29 12:35:12",
"Timestamp":"2015-05-29 12:35:15","BlackListEntryDestinationIpMask":"255.255.255.0",
"blackListEntryDestinationPort":"80"}],"updated":[],"deleted":[]}}