michelep/fg_wificlient.py

## fg_wificlient.py
#!/usr/bin/env python
#
######################################################
# Fortigate WiFi client monitor
# v0.0.1 - Michele "O-Zone" Pinassi
#
# This script, tested with Fortigate API 6.4.x, check if an user
# is connected on wifi network with more than CLIENT_TRIGGER clients.
# At the end, send a mail with username and device MACs connected
#
######################################################

import pprint
import requests
import sys
import urllib
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
import datetime
from time import strftime,gmtime

CLIENT_TRIGGER=2

#
# MAIN
#
def main():
    fortigate_host = 'FORTIGATE_HOST'
    fortigate_token = 'FORTIGATE_TOKEN'

    whitelist = ['anonymous@...']

    # Disable HTTPS warnings
    requests.packages.urllib3.disable_warnings()

    wifiUsers = {}

    try:
	    r = requests.get("https://%s/api/v2/monitor/wifi/client?access_token=%s"%(fortigate_host,fortigate_token), verify=False)
	    jsonResponse = r.json()

	    apClients = jsonResponse[u'results']

	    for client in apClients:
	      for key, value in client.items():
		      if key == u'user':
		        if wifiUsers.get(value) is not None:
			        wifiUsers[value]=wifiUsers[value]+1
		        else:
			        wifiUsers[value]=1

    except Exception as err:
	    print('Oh oh! Something wrong happens: %s'%err)

    mail_sender = "irt@..."
    mail_receivers = ["sysadmin@..."]

    userslist=""
    userscount=0

    for key, value in wifiUsers.items():
	    if key not in whitelist:
	      endpoint_macs=""

      if value > CLIENT_TRIGGER:
		    # Fetch USER's endpoint MACs...
		    for client in apClients:
		      if client.get(u'user') == key:
			      endpoint_macs = client.get(u'mac')+"; "+endpoint_macs
    		#
		    print("User %s logged in from %d endpoints: %s"%(key,value,endpoint_macs))
		    userslist = userslist + "<li>User %s logged in from %d endpoints: %s</li>"%(key,value,endpoint_macs)
		    userscount=userscount+1

    if userscount > 0:
	    msg = MIMEMultipart('alternative')
	    msg['Subject'] = "[IRT] WiFi client monitor - %d users detected"%(userscount)
	    msg['From'] = "irt@..."
	    msg['To'] = "irt@..."

	    text_message = """Visualizza la mail in HTML"""

	    html_message = """
	    <p>In data {datetime} sono stati individuati i seguenti utenti connessi da pi&ugrave; di 3 clients alla rete WiFi di Ateneo:</p>
	    <ul>
		{userslist}
	    </ul>
	    """.format(datetime=strftime("%Y-%m-%d %H:%M:%S", gmtime()),userslist=userslist)

	    part1 = MIMEText(text_message, 'plain')
	    part2 = MIMEText(html_message, 'html')
	    msg.attach(part1)
	    msg.attach(part2)

	    try:
	      smtpObj = smtplib.SMTP('SMTP_SERVER')
	      smtpObj.sendmail(mail_sender, mail_receivers, msg.as_string())
	      print "Successfully sent email"
	      smtpObj.quit()
	    except:
	      print "Oh oh! Something wrong happens :-("
      else:
	      # print "No users to warn"

if __name__ == "__main__":
    main()
	#!/usr/bin/env python
	#
	######################################################
	# Fortigate WiFi client monitor
	# v0.0.1 - Michele "O-Zone" Pinassi
	#
	# This script, tested with Fortigate API 6.4.x, check if an user
	# is connected on wifi network with more than CLIENT_TRIGGER clients.
	# At the end, send a mail with username and device MACs connected
	#
	######################################################

	import pprint
	import requests
	import sys
	import urllib
	import smtplib
	from email.mime.multipart import MIMEMultipart
	from email.mime.text import MIMEText
	import datetime
	from time import strftime,gmtime

	CLIENT_TRIGGER=2

	#
	# MAIN
	#
	def main():
	fortigate_host = 'FORTIGATE_HOST'
	fortigate_token = 'FORTIGATE_TOKEN'

	whitelist = ['anonymous@...']

	# Disable HTTPS warnings
	requests.packages.urllib3.disable_warnings()

	wifiUsers = {}

	try:
	r = requests.get("https://%s/api/v2/monitor/wifi/client?access_token=%s"%(fortigate_host,fortigate_token), verify=False)
	jsonResponse = r.json()

	apClients = jsonResponse[u'results']

	for client in apClients:
	for key, value in client.items():
	if key == u'user':
	if wifiUsers.get(value) is not None:
	wifiUsers[value]=wifiUsers[value]+1
	else:
	wifiUsers[value]=1

	except Exception as err:
	print('Oh oh! Something wrong happens: %s'%err)

	mail_sender = "irt@..."
	mail_receivers = ["sysadmin@..."]

	userslist=""
	userscount=0

	for key, value in wifiUsers.items():
	if key not in whitelist:
	endpoint_macs=""

	if value > CLIENT_TRIGGER:
	# Fetch USER's endpoint MACs...
	for client in apClients:
	if client.get(u'user') == key:
	endpoint_macs = client.get(u'mac')+"; "+endpoint_macs
	#
	print("User %s logged in from %d endpoints: %s"%(key,value,endpoint_macs))
	userslist = userslist + "<li>User %s logged in from %d endpoints: %s</li>"%(key,value,endpoint_macs)
	userscount=userscount+1

	if userscount > 0:
	msg = MIMEMultipart('alternative')
	msg['Subject'] = "[IRT] WiFi client monitor - %d users detected"%(userscount)
	msg['From'] = "irt@..."
	msg['To'] = "irt@..."

	text_message = """Visualizza la mail in HTML"""

	html_message = """
	<p>In data {datetime} sono stati individuati i seguenti utenti connessi da più di 3 clients alla rete WiFi di Ateneo:</p>
	<ul>
	{userslist}
	</ul>
	""".format(datetime=strftime("%Y-%m-%d %H:%M:%S", gmtime()),userslist=userslist)

	part1 = MIMEText(text_message, 'plain')
	part2 = MIMEText(html_message, 'html')
	msg.attach(part1)
	msg.attach(part2)

	try:
	smtpObj = smtplib.SMTP('SMTP_SERVER')
	smtpObj.sendmail(mail_sender, mail_receivers, msg.as_string())
	print "Successfully sent email"
	smtpObj.quit()
	except:
	print "Oh oh! Something wrong happens :-("
	else:
	# print "No users to warn"

	if __name__ == "__main__":
	main()