I might be missing it however does anyone know if the configuration table export option  is available through the api?
my goal is to obtain this via api if that is an option. after going through the api browser and check export/show command I am not seeing this functionality anywhere.
Solved! Go to Solution.
I do not have a direct answer to your question, but in the past (7.1.x, as it did not have an export to csv option) I have obtained the xml from the api and parsed it into a csv with a script - this may be an alternative for you.
that might work, I was not able to satisfactorily use python3.x to convert it correctly, very likely it is my lack of knowledge though which is why I was trying this alternative method. have any literature you can share that may assist?
I do not know what you have available in your environment, but I use PowerShell in windows 10 for my API work.
Powershell has a cmdlet Invoke-RestMethod that makes it relatively easy to run the API calls and store the resulting XML in a variable. This is important because Powershell will automatically parse the XML into a collection of collections, so each branch is a property of the branch above, like the x-path, allowing you to use a for loop to iterate throuhg each policy.
I have outlined the steps here https://live.paloaltonetworks.com/t5/General-Topics/Panorama-Security-Rules-Export-in-Human-Readable...
once you have your XML as a variable (let's say $config) powershell represents xml as a collection of collections, so each "branch" in the XML is a property of it's parent, so for isntance $config.vsys.entry.ruleset.security.entry.name is the name of the second (computers count from 0) security policy in the ruleset of your first vsys (even in a single vsys firewall the vsys branch exists) $config.vsys.entry.ruleset.security.entry.action would be it's action (allow, deny, etc) $config.vsys.entry.ruleset.security.entry.name would be the 101st rule's name, etc
First, write some "pseudo-code" of what you want to do, the major steps, then you can try to figure out how to do them.
for each $rule in $config
write $rule.name, $rule.from, $rule.to, $rule.source, $rule.dest, $rule.action to a file (you may have other properties that are valuable to you)
A few resources to get you started, if you are interested:
Palo API documentation: https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api
Invoke-RestMethod, to make the API calls and get information from firewall: https://blogs.technet.microsoft.com/heyscriptingguy/2013/10/21/invokerestmethod-for-the-rest-of-us/
ForEach, to loop through items in a collection: https://blogs.technet.microsoft.com/heyscriptingguy/2014/04/28/basics-of-powershell-looping-foreach/
Export-CSV, to create your csv file once you have teh information you want to put in it: https://blogs.technet.microsoft.com/heyscriptingguy/2014/02/04/use-powershell-to-create-csv-file-to-...
I have parsed xml with python on another project - it was difficult but doable if the format is predictable (the format of these configs is very predictable, thankfully)
Regarding your original query... Most of my sites run 7.1 so I cannot give specific guidance, but maybe there is a CLI version of the csv export that you could pass to the API as an "op" command?
You could do this with Device Framework, which parses the API XML into python dictionaries that you can easily output via CSV. Here is a code example in python3: https://gist.github.com/btorresgil/0fa16f2e67de67e313e2f66f401c7c4b
The outputed fields are in alphabetical order, but you could change the order if you like.
this is great, will spend time wrapping my head around this.
EDIT: after looking at some of this I was not even aware of this library, wow this is really great. Thank you again for sharing!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!