cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee
Employee

run-script output

Hi,

How can we retreive output for run-script API command ?

I can see result on Dashboard but it's possible to have this by API ?

Thanks

Labels (1)
Tags (3)
10 Replies
Employee
Employee

Re: run-script output

I've find the solution.

Get task with full details :

{

  "task-id" : "29118dcb-d3e2-4096-a8ad-e3e2451db891",

  "details-level" : "full"

}

And you have in responseMessage field the output in base64.

Highlighted
Employee+
Employee+

Re: run-script output

Hi Marc,

Yes, it is possible to retrieve output from run-script API command. It's returned being encoded to base64 inside the show-task API command response.

Getting run-script output through HTTP request

  1. ​Run run-script command (it's asynchronous) and save the task-id from the response.
  2. Run show-task command providing task-id that was saved in step 1. You have to run show-task command several times until response will contain status "succeeded". You have to run show-task with details-level set to "full".
  3. Parse show-task response and extract the base64 encoded result by following path showTaskResult.tasks[0]["task-details"][0].responseMessage
  4. Decode the base64 encoded result (In Javascript it can be done with atob function).

      

Getting run-script output through mgmt_cli tool (full example)

mgmt_cli -r true run-script script-name "list root" script "ls -l /" targets.1 "my-management" --format json 2> /dev/null \

| $CPDIR/jq/jq -r '(.tasks[0]["task-details"][0].responseMessage)' \

| base64 -di

Useful links

https://sc1.checkpoint.com/documents/R80/APIs/index.html#web/run-script

https://sc1.checkpoint.com/documents/R80/APIs/index.html#web/show-task

https://sc1.checkpoint.com/documents/R80/APIs/index.html#mgmt_cli

https://sc1.checkpoint.com/documents/R80/APIs/index.html#ws

Admin
Admin

Re: run-script output

Hey Robert Decker‌ can you update the above example for R80.10/R80.20.M1?

When I try to run something like:

mgmt_cli -r true show-task task-id 0490542b-e741-40b9-be65-45e1e00c9f79 details-level full --format json | $CPDIR/jq/jq -r '(.tasks[0]["task-details"].responseMessage)' | base64 -di

I get:

jq: error: Cannot index array with string
0 Kudos
Employee
Employee

Re: run-script output

Hi Dameon,

tasks-details is an objects list so try this command :

mgmt_cli -r true show-task task-id 0490542b-e741-40b9-be65-45e1e00c9f79 details-level full --format json | $CPDIR/jq/jq -r '(.tasks[0]["task-details"][0].responseMessage)' | base64 -di
Employee++
Employee++

Re: run-script output

Dameon,

You have missed the index notation for the ["task-details"], it should be ["task-details"][0], as it is a collection.

Robert.

0 Kudos
Admin
Admin

Re: run-script output

Ah, yes, I did! 

Gotta love JSON Smiley Happy

Re: run-script output

Gotta love jq being included on the Check Point manager! I did not realize it was in there, I may do more in the shell versus remote through the API because of this!

0 Kudos

Re: run-script output

What would be the secret to getting this to work with multiple targets? When I run the command below the output only gives me the output for one firewall no matter how many targets I add. 

mgmt_cli -r true run-script script-name "Show State" script "cphaprob state" targets.1 fw1 targets.2 fw2 --format json 2> /dev/null | $CPDIR/jq/jq -r '(.tasks[0]["task-details"][0].responseMessage)' | base64 -di

0 Kudos
Admin
Admin

Re: run-script output

Right, because run-script creates a separate task for each target and you're only printing the first task details with jq.
Something like this should work:

mgmt_cli -r true run-script script-name "Show State" script "cphaprob state" targets.1 fw1 targets.2 fw2 --format json 2> /dev/null | $CPDIR/jq/jq -r '(.tasks[]["task-details"][].responseMessage)' | base64 -di

Re: run-script output

Thx you were right.  However it still didn't work for me. I figured out after you fixed my task issue that base64 didn't like the output from multiple firewalls. I had to add a while loop to get the output from both firewalls.

mgmt_cli -r true run-script script-name "Show State" script "cphaprob state" targets.1 fw1 targets.2 fw2 --format json | $CPDIR/jq/jq -r '(.tasks[]["task-details"][].responseMessage)' | while read line; do base64 -di <<< "$line"; done

 

 

0 Kudos