Returning xpath information using panxapi

Reply
L2 Linker

Returning xpath information using panxapi

I'm writing a script to disable a rule using panxapi.  I'm trying to check to make sure the rule exists.  I've found if I have a typo in the rule name, panxapi will create the rule as a blank, so I need to make sure the rule exists before running panxapi to disable it.  I started testing how to do this and have run across something I don't understand.  Options -g and -s look to be what I would need, but I'm not understanding their results.  If I enter a non-existent rule "Rule.junk" they return different results.

-g                get candidate config at xpath
-s                show active config at xpath

panxapi -h 192.168.x.x -s "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"

show: No such node status="error"

panxapi -h 192.168.x,x -g "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"

get: success

My candidate and running config are identical, yet -s says the rule doesn't exist, and -g says it does?

Thanks,

Bart

Tags (1)
L1 Bithead

Re: Returning xpath information using panxapi

The results are showing you that the config you're looking for is in candidate config - but not in the active config (i.e. committed to the device).  Is that possibly why you're seeing those results?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!