Export Users by CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Export Users by CLI

L1 Bithead

Good afternoon,

 

Is it possible to export by CLI the list of users of Palo Alto? At this moment I've only get through Device - Database User Locals but I cannot export.

 

regards 

2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

do you mean the locally configured users ?

 

admin@myNGFW> show authentication local-user-db 
+ disabled   Filter by disabled/enabled
+ username   User name
+ vsys       Virtual System
  |          Pipe through a command
  <Enter>    Finish input

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

@reaper there's the command; I haven't ran a PA for a long time with local-users. @javier.allende reapers command works perfectly and you won't have to export the config and modify it to get the list. 

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

I don't believe that you can; you used to be able to run show user local-user-db but that looks like it's no longer a valid command as you get a depreciated error.

You can export the config and delete everything before <local-user-database> and then everything after </local-user-database and then use the excel import from xml source to generate a nice list of the users with the p-hash, disabled status, and you also get the user groups. 

Cyber Elite
Cyber Elite

do you mean the locally configured users ?

 

admin@myNGFW> show authentication local-user-db 
+ disabled   Filter by disabled/enabled
+ username   User name
+ vsys       Virtual System
  |          Pipe through a command
  <Enter>    Finish input

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

@reaper there's the command; I haven't ran a PA for a long time with local-users. @javier.allende reapers command works perfectly and you won't have to export the config and modify it to get the list. 

L1 Bithead

Many thanks.

 

the version of my PanOs the command that i have to lunch is the following

 

show authentication groupdb | match vsys1

 

regards 

 

PD: appears all the users that are in the database but are not the same as appears in the webGUI. A few delete users from the WEBGUI appears on it

have you tried pushing a 'commit force' ?

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Which is the purpose of this command? 

it may help remove any leftover artefacts

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2 accepted solutions
  • 4879 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!