Difference between revisions of "cpmiquerybin"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(jumbled examples)
(jumbled examples)
Line 9: Line 9:
  
 
  cpmiquerybin object "" network_objects "type='cluster_member'"
 
  cpmiquerybin object "" network_objects "type='cluster_member'"
  cpmiquerybin object "" network_objects "type='gateway_cluster'"
+
  cpmiquerybin attr "" network_objects "type='gateway_cluster'" -a __name__
  
 
  cpmiquerybin object "mdsdb" pv1_administrators ""
 
  cpmiquerybin object "mdsdb" pv1_administrators ""

Revision as of 08:39, 17 November 2013

Contents

Usage

cpmiquerybin <query_result_type> <database> <query> [-a <attributes_list>]

jumbled examples

indentify firewall objects

cpmiquerybin attr "" network_objects "firewall='installed'" -a __name__
cpmiquerybin object "" network_objects "type='cluster_member'"
cpmiquerybin attr "" network_objects "type='gateway_cluster'" -a __name__
cpmiquerybin object "mdsdb" pv1_administrators ""

get name of all objects of type cluster member

cpmiquerybin attr "" network_objects "type='cluster_member'" -a __name__

To get a list of names of all VALID cluster members from cluster object name

cpmiquerybin object "" network_objects "" |grep -A 12 cluster_members |grep Name | awk -F "(" '{printf $2}' | sed -e 's/)/|/g'

or

cpmiquerybin attr "" network_objects "name='cluster_name'" -a cluster_members

anti-spoofing check on all firewall interfaces

cpmiquerybin object "" network_objects "name='<firewall_name>'" |grep anti_spoof


query all objects for an ip address

cpmiquerybin attr "" network_objects "ipaddr='192.168.1.2'" -a __name__,ipaddr

from cma env, list management/cma objects

# cpmiquerybin attr "" network_objects "management='true'" -a __name__,ipaddr 

All members of a group

cpmiquerybin object "" network_objects "name='group_name_goes_here'" | grep ":Name"

All members of a group formatted

 cpmiquerybin object "" network_objects "name='$GROUP_NAME'" | grep -E ":Name" | sed -n 's/.*(\([^ ]*\))/\1/p'

List services with 'Match for Any' ticked

cpmiquerybin attr "" services "include_in_any='true'" -a __name__

MDS queries

list all MDSs

cpmiquerybin attr "mdsdb" mdss "" -a __name__

list primary MDS

cpmiquerybin attr "mdsdb" mdss "primary='true'" -a __name__

list CMAs

cpmiquerybin attr "mdsdb" network_objects "management='true'" -a __name__,ipaddr

get IP for CLM name

cpmiquerybin attr "mdsdb" network_objects "name='clm_name_goes_here'" -a __name__,ipaddr

get list of firewalls / cp devices

cpmiquerybin attr "mdsdb" network_objects "cp_products_installed='true'" -a __name__
      • not sure how well the one above works...

CMA queries

List CLMs / log servers from CMA env

cpmiquerybin attr "" network_objects "(log_server='true') & (management='false')" -a __name__,ipaddr
***note*** above is example of a compound query

get CMA policy names

cpmiquerybin attr "" fw_policies "" -a __name__

dump MDS admin account info

cpmiquerybin attr "mdsdb" pv1_administrators "type='pv1_administrator'" -a __name__,auth_method,msp_perm

same as above plus formatting

cpmiquerybin attr "mdsdb" pv1_administrators "type='pv1_administrator'" -a __name__,auth_method,msp_perm \
| awk '{ printf $1 ",";  for (i=2; i<NF; i++) printf $i; printf ","; if ($NF==80000000) print "Provider-1 Superuser"; \
if ($NF==40000000) print "Customer Superuser"; if ($NF==20000000) print "Global Manageer";  \
if ($NF==10000000) print "Customer Manager"; if ($NF==00000000) print "None"; } '

get secondary CMA

cpmiquerybin attr "" network_objects "(primary_management='false') & (management='true')" -a __name__

Tables

queryable tables can be gleaned from tables.C
 cat tables.C |grep ": ("


Default Queries for mdsquerydb

mdsquerydb is utilizes cpmiquerybin. The table below defines all the queries it uses. It is included here as a reference for cpmiquerybin.

$MDSDIR/conf/queries.conf

# (c) Copyright 1993-2005 Check Point Software Technologies Ltd.
# All rights reserved.
#
# This is proprietary information of Check Point Software Technologies
# Ltd., which is provided for informational purposes only and for use
# solely in conjunction with the authorized use of Check Point Software
# Technologies Ltd. products.  The viewing and use of this information is
# subject, to the extent appropriate, to the terms and conditions of the
# license agreement that authorizes the use of the relevant product.
#
# This configuration file is a part of Provider-1/SiteManager-1 Database Query Tool
#
# each line in queries.conf is:
# $1 - query environment [ MDS | CMA | ANY ]
# $2 - dbname
# $3 - key
# $4 - display format [ attr | object ]
# $5 - tablename
# $6 - query
# $7 - fields to be printed
#
CMA ""          NetworkObjects                  attr    network_objects         ""                                      __name__,type   # Get name and type of all network objects
MDS ""          GlobalNetworkObjects    attr    network_objects         ""                                      __name__,type   # Get name and type of all global network objects
MDS "mdsdb"     NetworkObjects                  attr    network_objects         ""                                      __name__,type   # Get all customers' internal Check Point installed network objects
MDS "mdsdb"     Customers                               attr    pv1_customers           ""                                      __name__                # Get names of all PV-1 Customers
MDS "mdsdb"     Administrators                  attr    pv1_administrators      ""                                      __name__                # Get names of all PV-1 Administrators
MDS "mdsdb"     MDSs                                    attr    mdss                            ""                                      __name__,ipaddr # Get names and IPs of all MDSs
MDS "mdsdb"     CMAs                                    attr    network_objects         "management='true'" __name__            # Get names of all CMAs
CMA ""          Gateways                                attr    network_objects         "type='gateway'"        __name__,ipaddr # Get names and IPs of all gateways
MDS "mdsdb"     GuiClients                              attr    pv1_guiclients          ""                                      __name__,ipaddr # Get names and IPs of all gui clients
CMA ""          Status                                  attr            statuses   ""   __name__ 
CMA "" Policies object fw_policies ""