- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-18-2013 11:17 AM
Hi all.
Thanks to excellent guidance found elsewhere (using panxapi to update a custom-url-category profile from a file), I was successfully and reliably able to add and update custom URL categories via the API. Recently something changed that caused my scripts to fail. Whenever the API is used to update a custom URL category, it returns "Edit breaks config validity". This happens when updates are made to existing ones or when new lists are added. I can import the file via the GUI or do the same thing via the command line, and they work fine. I've removed the categories, saved, committed, everything I can think of, but the API always returns the same result. I cannot think of a change recently that would have caused this to happen.
Below is a transcript of a config attempt I just made:
eric@leela:~$ cat testurl.xml
<list><member>www.foobarbaz.com</member></list>
eric@leela:~$ ~/PAN-perl-20120107/bin/panxapi -t panorama -e testurl.xml "/config/shared/profiles/custom-url-category/entry[@name='BrandNewList']/list"
edit: Edit breaks config validity status="error" code="12"
eric@leela:~$
eric@leela:~$ ssh panapi@panorama
Password:
Welcome panapi.
panapi@Panorama> configure
Entering configuration mode
[edit]
panapi@Panorama# set shared profiles custom-url-category BrandNewList list [ www.foobarbaz.com ]
[edit]
panapi@Panorama# commit
.99%.......100%
Configuration committed successfully
[edit]
panapi@Panorama#
Thanks for your help.
Eric
11-18-2013 11:36 AM
The API is a community-supported function, and you may have better luck at the DevCenter, where scripts and such are posted:
https://live.paloaltonetworks.com/community/devcenter
You can always take a look at your config from a time you knew the script was working under Device > Config Audit, and selecting the current config and comparing it to one at a time the script worked. Maybe a change to something on the firewall is preventing the script from running correctly.
Hope this helps,
Greg
11-18-2013 12:09 PM
Yes, I have done a config audit and nothing stands out at this time.
10-22-2014 08:36 AM
Were you ever able to figure this out?
11-03-2014 10:12 AM
I did... I think it turned out to be a bug in my script, but I can't remember exactly what it was.
11-03-2014 08:26 PM
I think the problem is '-e testurl.xml' should be '-e ./testurl.xml'; otherwise it is not read as a file.
using the Python panxapi.py you could specify '-e testurl.xml'
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!