Pulling reports using the XML API

by ‎05-17-2017 03:20 AM - edited ‎05-17-2017 09:57 AM (6,046 Views)

Network and security admins usually spend their days putting out fires and fixing problems. Scripts and automated tasks are our little helpers that ensure that at the end of the day, we managed to clear the important tasks even though we were interrupted 5 thousand times because 'the firewall broke something' again.

 

Jobs need to be run, backups need to be taken and reports need to be created.

 

In this video tutorial, Jason Yates from the Global Enablement Team shows you how to access the API interface, which options are available, how the XML API works and how to leverage the API to fetch reports.

 

 

Some key commands and pointers:

 

  • Create a separate admin account for the API access with an appropriately restrictive admin role
  • Generate an API key
    https://<hostname>/api/?type=keygen&user=<username>&password=<password>
  • Add the key to the GET command
    https://<hostname>/api/?type=report&reporttype=predefined&reportname=<ReportName>&key=<APIkey>

 

Why not make your life a little easier? Feel free to leave a comment or ask a question in the comments below.

 

Reaper out!

Comments
by James.Christian
on ‎05-17-2017 01:18 PM

Excellent video Jason. Thanks.

by networkzeus
on ‎05-19-2017 03:16 AM

Hi Jason,

 

Great video!

 

Out of interest what software/application  do you recommend importing the XML code into to view the reports?

 

I'm just after something simple to set up in a lab fairly quickly to see how I could use the reports in a single pain of glass.

 

Thanks

 

NetworkZeus

by zormond
on ‎06-01-2017 03:20 PM

Thanks for the video!

 

As I've worked with Palo Alto api I've come across an issue.

 

I'm interested in getting the list of predefined reports through the api. I am running version 7.1.2 of the api.

 

As I've looked through documentation I've found this: https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/pan-os-xml-api-request-types/predef....

 

This page says that this is a valid api request: https://firewall/api/?type=report&reporttype=predefined.

 

When I run this request though, I'm told that I need to define the reportname. I'm not interested in defining the report name, however, and just interested in getting the list of the reports. Any idea of how I can do this?

by
on ‎06-02-2017 12:37 AM

Hi @zormond

the command you're using is intended to fetch the content of a report, while if you want a list of all the available reports, you can use the API browser :

https://firewall/php/rest/browse.php/report::predefined 

 

you can access the API browser root by navigating to https://firewall/api 

by zormond
on ‎06-02-2017 06:53 AM

All right, thanks!

 

Just to verify that I understand, you're saying that this url "https://firewall/api/?type=report&reporttype=predefined" was never intended to give back the list of available reports, but only to give back the requested report defined by the reportname field?

 

The reason I ask this is because I'm making my own API right now and I want to try to get the list of reports dynamically instead of hardcoding into my API. 

 

Thanks again.

by DerekYuen
Thursday

Hi, 

It's a really great and informational video. I'm trying to put together a few scripts to automate my tasks and I've run into a few issues which aren't really covered by the video.

 

If there's a particluarly lengthy report job e.g. detailed traffic stats over the last year, is there any way using the job ID to query the status of the job? From what I've found, this is possible when generating a tech support dump but I've yet to find this for reports.

 

Is it possible to call an existing custom report on a specific firewall vsys using the API but provide a different start and end time to the times defined in the configuration? 

 

Thank you

Ask Questions Get Answers Join the Live Community