Retrieve Configuration - *show* and *get*
=========================================
The **panxapi.py** **-s** option performs the
``type=config&action=show`` API request to get the *active* (also
called *running*) configuration. The **-g** option performs
the ``type=config&action=get`` API request to get the *candidate* configuration.
*xpath* selects the parts of the configuration
to return and is the last argument on the command line.
Example: Retrieve Administrator Accounts using *get* and *show*
---------------------------------------------------------------
::
$ panxapi.py -xs "/config/mgt-config/users"
show: success
$1$fniyibcj$0tm9SixJw/wOkFkDnEqVw/
yes
yes
$1$rhprpgfp$JiYMvTDuUUWW4F7ND06JI1
$ panxapi.py -xg "/config/mgt-config/users"
get: success [code="19"]
$1$fniyibcj$0tm9SixJw/wOkFkDnEqVw/
yes
yes
$1$rhprpgfp$JiYMvTDuUUWW4F7ND06JI1
.. note::
See the
`Abbreviated Syntax
`_
section of
https://www.w3.org/TR/1999/REC-xpath-19991116/
for examples of path selection.
The *get* response contains additional XML attributes
(e.g., ``code`` and ``count``) in the ``response`` and ``result`` nodes.
Lab 4
-----
#. Use **panxapi.py** to perform a *get* (**-g**) request to display
the XML output of the *rule1* security policy.
#. Use **panxapi.py** to perform a *show* (**-s**) request to display
the XML output of the *rule1* security policy.
#. Review the output and identify differences.
.. tip:: SSH to your firewall and use ``> debug cli on`` then ``>
configure`` and ``# show rulebase security rules rule1`` to
determine the XPath to use in the request.
You can use shell output redirection to redirect the output to a
file (e.g., ``> get.xml``) and compare using a utility like
``diff``.
Both *get* and *show* XML documents are in a *pretty* format,
however the indentation and format can vary. The ``diff -b``
option can be used to ignore changes in white space.
Shell quoting for the XPath is important.
Using double outer quotes and single inner quotes for
the XPath is recommended; for example::
$ panxapi.py -s "/config/mgt-config/users/entry[@name='admin']"
show: success
.. admonition:: Solution
:class: toggle
::
admin@PA-VM> debug cli on
admin@PA-VM> configure
admin@PA-VM# show rulebase security rules rule1
$ panxapi.py -sx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']" >show.xml
show: success
$ panxapi.py -gx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']" >get.xml
get: success [code="19"]
$ diff -bu show.xml get.xml
--- show.xml Tue Apr 10 07:33:16 2018
+++ get.xml Tue Apr 10 07:33:29 2018
@@ -1,4 +1,5 @@
-
+
+
untrust
@@ -27,4 +28,5 @@
any
allow
-
+
+
Lab 5
-----
#. The **panxapi.py** **-r** option removes the outer ``response`` and
``result`` nodes from the XML response. Repeat the *get* and
*show* requests, but this time add a **-r** (Note that **-r** implies **-x**,
so you can replace **-x** with **-r**).
#. The **panxapi.py** **-j** option displays the XML response in JSON.
Repeat the *get* and *show* requests with **-j** and **-jr**.