Get IronPort Delivery Status With PowerShell

The Cisco IronPort E-mail Security Appliance (ESA) makes various statuses available in an XML format and you can use PowerShell to parse the XML data and get some useful information.  With this technique you can create a report about the IronPort delivery status in your environment.  Forget about trying to force PowerShell into using some sort of SSH connection method.  I’ve tried it and it isn’t pretty.  There is a security concern with the following method but it is a proof of concept that may work well in your environment.  Here are the ingredients to get you started:

  • A Cisco IronPort E-mail Security Appliance (ESA) and a need to access the status pages.
  • An account that can authenticate to the ESA, preferably with the guest role.
  • A locked down environment that will reduce attack surfaces within your organization.

The methodology is rather simple, use PowerShell to grab an XML status page and parse it into an object that can be massaged for your benefit.  Think of having a script send you a periodic report about the IronPort delivery status of your appliance, awesome!  To illustrate, I’ll be looking at the tophosts status since I really want to know about my partner organizations that could be having problems.  Why not automate and be proactive at the same time?

As an aside, when logging into the IronPort ESA and targeting the tophosts status, you will see something similar:TopHosts view for IronPort delivery status

 

 

 

For reference, the available XML status pages:

  • https://IronPort.Get-Mailbox.Net/xml/status
  • https://IronPort.Get-Mailbox.Net/xml/dnsstatus
  • https://IronPort.Get-Mailbox.Net/xml/topin
  • https://IronPort.Get-Mailbox.Net/xml/tophosts
  • https://IronPort.Get-Mailbox.Net/xml/hoststatus?hostname=<somehost>

The script is explained in detail below

First define the variables for use in the script.  This is the part where security is essential.  The account you use in this script should have no more rights in your environment than being able to look at the status on the IronPort ESA.  Use a strong password, something better than I’ve suggested below.  Additionally, you’ll see the URL for the IronPort ESA status page is put into a variable.

[powershell]
$User = “LimitedUser”
$Auth = “Supercalifragilisticexpialidocious”
$IronPort = “https://IronPort/xml/tophosts”
[/powershell]

Using the webclient method create a new object.  Add the credentials from above in the $WebClient.Credentials variable. Using [XML] will force the variable to store the XML status page provided by the IronPort SMA status page in XML format.  The downloadstring function uses the URL stored in the $IronPort variable and actually gets the page.

[powershell]
$WebClient = new-object System.Net.WebClient
$WebClient.Credentials = new-object System.Net.NetworkCredential($User, $Auth)
[[xml]]$XMLIronport = $webclient.DownloadString($IronPort)
[/powershell]

Now you can take the variable $XMLIronport and drill into it for all the status lines.  You can get items such as build, hostname, date/time by using the following:

[powershell]
$XMLIronport.tophosts
[/powershell]

Drill further in and get what you are really after.  This will show a snapshot of the current tophosts:

[powershell]
$XMLIronport.tophosts.tophosts_entry
[/powershell]

You now have a technique to grab XML status from the IronPort ESA.  From this point I will generally rewrite the output into a data table or an array and then send an HTML e-mail on a regular basis.

4 thoughts on “Get IronPort Delivery Status With PowerShell

  1. Please i need help in creating Cisco ironport message tracking monthly report script.These is the instruction given to me below

    Given a CSV file that contain list of e-mail address within the organization, create a specify monthly report (example From Jan to Feb, Feb to March, March to April etc) on message sent and message received by list of e-mail in CSV file.

    Thank you

Leave a Reply