Difference between revisions of "r80 api notes"
(→display only the rule number for a rule with uid = xxx) |
(→display only the rule number for a rule with uid = xxx) |
||
| Line 34: | Line 34: | ||
mgmt_cli -s id.txt show access-rule layer "My_policy Network" uid "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" | mgmt_cli -s id.txt show access-rule layer "My_policy Network" uid "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" | ||
| + | |||
| + | display src/dst/service from rule with uid | ||
| + | for i in source destination service; do echo $i; mgmt_cli -s id.txt show access-rule layer "<policy_name> <layer_name>" uid "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --format json | jq .$i[].name; done | ||
alternate(inferior) way with jq | alternate(inferior) way with jq | ||
Revision as of 17:57, 28 March 2018
Contents |
examples
logging in
login and redirect session info to a file for reuse
# mgmt_cli login user admin > id.txt
search existing object
search objects by IP, return all objects that contain the ip explicitly or within a nework address space/range.
# mgmt_cli -s id.txt show objects filter "192.168.1.1" ip-only true --format json | jq '.objects[] | {name: .name, subnet: .subnet4, mask: ."mask-length4"}'
return only objects with the EXACT ip
# mgmt_cli -s id.txt show objects filter "192.168.1.1" ip-only true details-level full --format json | jq '.objects[] | select(."ipv4-address" == "192.168.1.1") | .name'
- details-level full will include more objects, including other stuff like type CpmiHostCkp (built in smartcenter object)
access rules
notes before you begin
when using the parameter "name" to refer to a particular package, it appears to require the following... <package name> <layer name>
as show in by the sho access-layers command below
show access layers?
[Expert@chmkmgr1:0]# mgmt_cli show access-layers -s id.txt --format json | jq '."access-layers"[].name' "dropall Network" "Network"
where "Network" represents the default policy package Standard
display rule by number
show rule 1 from policy named Standard
mgmt_cli show access-rulebase name "Network" -s id.txt package "Standard" show-hits true --format json | jq '.rulebase[0]'
display only the rule number for a rule with uid = xxx
mgmt_cli -s id.txt show access-rule layer "My_policy Network" uid "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
display src/dst/service from rule with uid
for i in source destination service; do echo $i; mgmt_cli -s id.txt show access-rule layer "<policy_name> <layer_name>" uid "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx" --format json | jq .$i[].name; done
alternate(inferior) way with jq
mgmt_cli show access-rulebase name "Network" -s id.txt package "Standard" show-hits true --format json | jq '.rulebase[] | select (.uid == "1de8fab0-4858-4067-977d-1cbb5cd2e55d") | ."rule-number"'
1
display rule number with comment containing a string haha
mgmt_cli show access-rulebase name "Network" -s id.txt package "Standard" show-hits true --format json | jq '.rulebase[] | select (.comments | contains("haha")) | {rulenum: ."rule-number", comment: .comments}'
"rulenum": 1,
"comment": "hahahlol"
links
official python open source api
parsing json return output jq
[https://community.checkpoint.com/thread/1083 Parsing the output of mgmt_cli'
