Returning xpath information using panxapi

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Returning xpath information using panxapi

L2 Linker

I'm writing a script to disable a rule using panxapi.  I'm trying to check to make sure the rule exists.  I've found if I have a typo in the rule name, panxapi will create the rule as a blank, so I need to make sure the rule exists before running panxapi to disable it.  I started testing how to do this and have run across something I don't understand.  Options -g and -s look to be what I would need, but I'm not understanding their results.  If I enter a non-existent rule "Rule.junk" they return different results.

-g                get candidate config at xpath
-s                show active config at xpath

panxapi -h 192.168.x.x -s "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"

show: No such node status="error"

panxapi -h 192.168.x,x -g "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"

get: success

My candidate and running config are identical, yet -s says the rule doesn't exist, and -g says it does?

Thanks,

Bart

1 REPLY 1

L1 Bithead

The results are showing you that the config you're looking for is in candidate config - but not in the active config (i.e. committed to the device).  Is that possibly why you're seeing those results?

  • 2294 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!