XML API: Panorama: How to Create/Get/Update the field "Audit Comment" of a Security Policy rule?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

XML API: Panorama: How to Create/Get/Update the field "Audit Comment" of a Security Policy rule?

L1 Bithead

Settings

 

What's expected:

  • Similar to how we can edit/read the Description field of a Security Policy rule, we should be able to edit/read the Audit comment field of a rule as well.
  • I believe we should have xpath like "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='paul']/pre-rulebase/security/rules/entry[@name='paul-feb-24']/audit-comment" to read or update here.

HermanEdwards_0-1645759483047.png

 

 


What's happening:

  • From viewing Chrome's network tab (see attached), you can see that we should be able to access "audit-comment" for a Policy rule. However, I cannot access that field via XML API browser or manually calling it via curl.
  • Could you tell me if this is something possible on Panorama?
    • If yes, How do I access this Audit Comment field?
    • If yes, Is this feature available from Panorama 8.0 as well?

 

HermanEdwards_1-1645759483043.png

 

 

Your help is much appreciated.

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @HermanEdwards, audit comments are not stored in the configuration, hence you don't see it in the API browser. There is an operational CLI command that shows the audit comments (show config list audit-comments xpath {{xpath to security policy rule}}) and this translates to XML API call:

 

 

https://{{host}}/api/?key={{key}}&type=op&cmd=<show><config><list><audit-comments><xpath>/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{device-group-name}}']/pre-rulebase/security/rules/entry[@name='{{rule-name}}']</xpath></audit-comments></list></config></show>

 

 


Sometimes external XML API calls are not exact replicas of the web GUI behaviour.

 

Hope that helps!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

View solution in original post

5 REPLIES 5

L1 Bithead

Reposting the 2 images, since the first 2 look very blurry:

1. Missing Audit comment field under the Policy rule

HermanEdwards_0-1645759643867.png

 

2. Network tab proves that we should have that field

HermanEdwards_1-1645759654949.png

 

 

L5 Sessionator

Hi @HermanEdwards, audit comments are not stored in the configuration, hence you don't see it in the API browser. There is an operational CLI command that shows the audit comments (show config list audit-comments xpath {{xpath to security policy rule}}) and this translates to XML API call:

 

 

https://{{host}}/api/?key={{key}}&type=op&cmd=<show><config><list><audit-comments><xpath>/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{device-group-name}}']/pre-rulebase/security/rules/entry[@name='{{rule-name}}']</xpath></audit-comments></list></config></show>

 

 


Sometimes external XML API calls are not exact replicas of the web GUI behaviour.

 

Hope that helps!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

L1 Bithead

@JimmyHolland  Thank you very much! This is working.

It looks like Audit comment need to be created only after a policy has been created. This is b/c it relies on a separate API call (i.e. type='op') here.

Also, the CLI is great! I find that we can perform the Audit comment create/update with `set audit-comment comment "my update via cli" xpath <path_to_policy_node"`
It's also displayed under Web API explorer:

HermanEdwards_0-1645817082732.png

 

L1 Bithead

@JimmyHolland  When you have time, do you know if a Device entry name (e.g. 'localhost.localdomain') is always required in the xpath? Can it be left as blank? If blank, does it default to some values?

For more info, when submitting the Audit comment update without specifying the Device entry name, the update is still successful. However, the update is applied to the wrong path, resulting in no update on the UI. This makes sense, as the xpath should represent a path to certain object.


However, I see examples where Device entry name is left as blank on XML API guide. I'm wondering if some default value get used when entry is blank. Or if I should always default the Device entry name to 'localhost.localdomain' (i.e. I assume all Panorama come with the device entry name 'localhost.localdomain')

Hi @HermanEdwards, I answered this in your separate thread, and the localhost.localdomain is indeed required.

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂
  • 1 accepted solution
  • 3496 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!