Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomas_Votruba
Participant

How to list all uids with specific comment in rulebase

Hello,

can I ask for help somebody more skilled with json output of mgmt_cli?

I have quite complex access layer policybase with many section titles.

As far as I discovered, every section is separate rulebase, wich again consists from rulebases (every rulebase is access rule).

See here:

  • "uid" : 10e134f5-7c7c-4f20-9fe2-d9af55d443ae,
  • "name" : Company_PROD_1_1 Security,
  • "rulebase" : -[
    • +{ ... },
    • +{ ... },
    • -{
      • "uid" : 0ab76f20-16e4-4a50-a9f9-cc3486161405,
      • "name" : Management Net access,
      • "type" : access-section,
      • "from" : 8,
      • "to" : 20,
      • "rulebase" : -[
        • -{},
          • "uid" : 1dfe28d1-4b84-4443-939c-266289398b44,
          • "name" : CPBRNO_TO_CPMGMT,
          • "type" : access-rule,
          • "domain" : +{ ... },
          • "rule-number" : 8,
          • "source" : +[ ... ],
          • "source-negate" : false,
          • "destination" : +[ ... ],
          • "destination-negate" : false,
          • "service" : +[ ... ],
          • "service-negate" : false,
          • "vpn" : +[ ... ],
          • "action" : 6c488338-8eec-4103-ad21-cd461ac2c472,
          • "action-settings" : +{ ... },
          • "data" : +[ ... ],
          • "data-negate" : false,
          • "data-direction" : any,
          • "track" : 598ead32-aa42-4615-90ed-f51a5928d41d,
          • "track-alert" : none,
          • "time" : +[ ... ],
          • "custom-fields" : +{ ... },
          • "meta-info" : +{ ... },
          • "comments" : rule, central management access for checkpoint gw. tvobruba 29.9.2016, limited
          • "enabled" : true,
          • "install-on" : +[ ... ]
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... },
        • +{ ... }
        ]
      },

Is there easy way how to find and list every access rule uid in whole layer which contains comment with text 'limited' inside?

How can I do it with jq syntax? Is jq capable go through layer recursively? And if yes, how?

Thank you very much

Regards Tomas Vobruba

0 Kudos
1 Reply
Tomas_Votruba
Participant

And after some pain there is a result...

json=`cat /tmp/rule1_base.json`

echo "$json" | $CPDIR/jq/jq -e 'recurse(.rulebase[]) |{comment:.comments, uid:.uid, rule:."rule-number"} |select(.comment | . and contains("limited")) | .uid'

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events