Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-23-2013 10:12 AM
I'm writing a script to disable a rule using panxapi. I'm trying to check to make sure the rule exists. I've found if I have a typo in the rule name, panxapi will create the rule as a blank, so I need to make sure the rule exists before running panxapi to disable it. I started testing how to do this and have run across something I don't understand. Options -g and -s look to be what I would need, but I'm not understanding their results. If I enter a non-existent rule "Rule.junk" they return different results.
| -g | get candidate config at xpath |
| -s | show active config at xpath |
panxapi -h 192.168.x.x -s "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"
show: No such node status="error"
panxapi -h 192.168.x,x -g "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"
get: success
My candidate and running config are identical, yet -s says the rule doesn't exist, and -g says it does?
Thanks,
Bart
10-17-2013 08:26 AM
The results are showing you that the config you're looking for is in candidate config - but not in the active config (i.e. committed to the device). Is that possibly why you're seeing those results?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
