Can't get src.user field via API.

punkrokk — Tue, 05 Dec 2017 19:50:10 GMT

In the below code - I"m using the API to query the URL logs. It works great.

What isn't returning though is the src.user field, if it's mapped. How can I get this value? Do I need to do a separate query?

# Build PAN API Connection and get token
pan_conn = pan.xapi.PanXapi(api_username=args.pan_username,
                            api_password=args.pan_password,
                            hostname=args.pan_hostname,
                            timeout=5.000,
                            ssl_context=None)

url = args.url

tld = get_tld(url.replace("\\", ""), fail_silently=True)
if tld is None:
    logger.warning('No TLD Returned, falling back to URL')
    tld = url
elif tld:
    logger.info('Found TLD')

# Set time window to look back
if args.lookback == '15m':
    lookback_window = '15-minutes'
elif args.lookback == '1h':
    lookback_window = 'hour'

query = "(url contains '{0}') and (time_generated in last-{1})".format(tld, str(lookback_window))
action = 'log'
log_type = 'url'

options = {
    'log': log_type,
    'filter': query,
    'print_xml': False,
    'print_json': True,
    'print_result': True,
    'print_python': False,
    'print_text': True
}
logger.info(url)
logger.info(query)
log = pan_conn.log(log_type=options['log'], filter=options['filter'], nlogs=20, timeout=30)

print_status(pan_conn, action)
print_response(pan_conn, options)

topic Can't get src.user field via API. in Automation/API Discussions

Can't get src.user field via API.