Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LiorL
Explorer

How to find "creation-time" when using jq to show access-rulebase

Hi All, 

We have an issue where we cant find a way to filter "creation-time".

Query we are using : 

mgmt_cli -d 1.1.1.1 show access-rulebase name "Network" details-level "full" offset 0 limit 500 use-object-dictionary true show-hits true hits-settings.from-date "2000-01-01" hits-settings.to-date "2021-06-09"  --format json -u admin |jq -r '.rulebase[].rulebase[]|select(.hits.value == 0)| [."rule-number", ."name", ."comments", ."enabled", ."uid" ]|@csv' > Unusedrules.csv

When we run this with out the jq output will be: 

- uid: "XXXXXXXXXXXXXXX"

  name: "XX"

  type: "XX"

  domain:

    uid: "XX"

    name: "XX"

    domain-type: ""XX

  comments: "XX"

  color: "black"

  icon: ""

  tags: []

  meta-info:

    lock: "unlocked"

    validation-state: "ok"

    last-modify-time:

      posix: 1496773657035

      iso-8601: "2017-06-07T06:27+1200"

    last-modifier: "System"

    creation-time:

      posix: 1490915014155

      iso-8601: "2017-03-31T12:03+1300"

    creator: "System"

  read-only: false

from: 1

to: 500

 

The value we would like to add to the jq is the values under "iso-8601" == "2017-06-07T06:27+1200".

When we tried the following there was no output (as part of the query above with the jq): 

,"enabled" ,."creation-time", ."uid"

,"enabled" ,." iso-8601", ."uid"

,"enabled" ,."creation-time"." iso-8601", ."uid"

 

But nothing works. 

Version is R80.20 JHF is 188 and it is an MDM

Any ideas? 

BTW the main purpose is to get the zero hits reports generated with this info, and based on this we can check when the rule was added. 

 

Thanks in advance, 

Lior

0 Kudos
1 Reply
LiorL
Explorer

Hi All, 

I ended up finding a way to do this the correct syntax was: 

,"enabled" ,."meta-info"."creation-time"."iso-8601", ."uid"

I found this "meta-info" in the following discussion: 

https://community.checkpoint.com/t5/API-CLI-Discussion/API-call-to-show-Custom-Applications-Categori...

Thanks, 

Lior

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events