Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rabindra_Khadka
Contributor

How to list and export the objects member from the network group in checkpoint management server

Jump to solution

Hello everyone,

 

We need to list all the objects members along with the name and IP-Address from the particular network group to the CSV format. The checkpoint management server is in R80.20 version. Is there any way from commandline or others to exports the object members along with the name and ip address from the particular network group in csv format.

Please help if there is any solution.

@phoneboy 

 

 

 

Thanks 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

With the correct command, it's not difficult to get CSV output:

mgmt_cli -r true show-group name "groupname" --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r

Just to explain:

  • mgmt_cli -r true is how you can utilize the API from a CLI (-r true means "login as root user" which only works on the local management server)
  • show-group is the API command for showing a specific group specified by the name parameter.
  • --format json tells mgmt_cli to output the data in JSON format.
  • jq parses the JSON output from mgmt_cli, in this case pulling out the all the "name" and "ipv4-address" entries from members and outputting to CSV.

View solution in original post

17 Replies
Vincent_Bacher
Advisor

Hi,

i am not Phoneboy but nevertheless i take the liberty to answer 😊

I'd suggest to have a look at the R8x-export-import-api-scripts on GitHub.

Cheers
Vincent

and now to something completely different
0 Kudos
Rabindra_Khadka
Contributor

thanks vincent,

 

but is there documents or process to follow to run this script

0 Kudos
Danny
Champion
Champion

Consider using JSON over CSV format for exporting group contents that can be nested (groups within groups).

Use the following command on expert mode of your SmartCenter Server to export the first 500 members of a group object:

mgmt_cli login -r true show group name [GROUP] –format json details-level full offset 0 limit 500 –port 443
0 Kudos
Rabindra_Khadka
Contributor

Thanks Danny

 

let me try this one. i will update you regarding this.

0 Kudos
PhoneBoy
Admin
Admin

With the correct command, it's not difficult to get CSV output:

mgmt_cli -r true show-group name "groupname" --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r

Just to explain:

  • mgmt_cli -r true is how you can utilize the API from a CLI (-r true means "login as root user" which only works on the local management server)
  • show-group is the API command for showing a specific group specified by the name parameter.
  • --format json tells mgmt_cli to output the data in JSON format.
  • jq parses the JSON output from mgmt_cli, in this case pulling out the all the "name" and "ipv4-address" entries from members and outputting to CSV.

View solution in original post

Rabindra_Khadka
Contributor

Thanks Phoneboy

 

this is what i am looking for 

 

0 Kudos
Darren_Fishwick
Explorer

Hi i have been testing this and all looks really good. However what does the @csv command do at the end

i.e. mgmt_cli -r true show-group name "groupname" --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r

I was expecting a csv file to be created but i cant find it

Thanks

0 Kudos
PhoneBoy
Admin
Admin
Normally jq will output results in JSON format.
@csv will convert the output to CSV.
If you want it to a file, you'll have to pipe the output from the command to a file.
Darren_Fishwick
Explorer
Thank you for the update
Regards
0 Kudos
JED
Explorer

Hi, I'm new to checkpoint this week and have some issues with the R80.30 platform. I have a need to extract the members ( hostname and ipv4) details from certain groups ( some seem to have more than a couple of hundred entries) from specific groups.  I have navigated to the respective Group and indeed a .csv is produced. The only issue is that the .csv output only contains (from memory) the last modified date with the respective user name of who made the last change.  I now need a method to extract the members and have found this article. Now I have no test env to test your suggested commands. Can you confirm that these are non intrusive to any normal operations and will give me the correct outputs.

Is this command executable from the "admin" account ?

 

 

Hi Phoneboy,

I'm making some further extractions from the Db from the specific Network Group called "GP_WinUpdates_Exceptions".

I run the following and get the output shown:-

"mgmt_cli -r true show-group name "GP_WinUpdates_Exceptions" offset 500 --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r

I get the following error: can you please advise on what may be the issue please?

"jq: error: Cannot iterate over null"

 

0 Kudos
PhoneBoy
Admin
Admin

These are read-only commands and shouldn't cause any issues.
That said, if you want to try and rehearse this in an entirely test environment, you can do this and more using the Automation and Orchestration lab in CheckMates Labs.

One caveat: if a group has too many items in it, you may have to execute the command multiple times with different offset values.
If I recall correctly, the limit is 500 items, so to get the next 500 items, you'd do:

mgmt_cli -r true show-group name "groupname" offset 500 --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r

JED
Explorer

Hi PhoneBoy, The above worked great , I have a further request now which I have tried but had no success with.  I need to list the Object Group and as the contained output need the results for the Service Port/ Socket id.  Can you please advise on the string that I would need to extract this data. ( We have recently upgraded to R80.40 but again the CSV export from GUI seems not to be working)  Your assistance is greatly appreciated.  Thanks JED.

 

0 Kudos
PhoneBoy
Admin
Admin

The above is for network object groups.
Service groups are a different type, but a similar type of command is used:

mgmt_cli -r true show-service-group name "NBT" --format json | jq '.members[] | [.name, .type, .port] | @csv' -r

 

0 Kudos
eliascoranti
Explorer

Is it the same for R80.10, because I can't find the CCV file. Could you please help me ?  

0 Kudos
Sec_Boy
Explorer

am getting below error while phrasing above command.

 

[Expert@FX:0]# mgmt_cli -r true show-group name "EXT-MOVEiT" --format json | jq '.members[] | [.name, ."ipv4-address"] |@csv' -r >EXT_MOVEiT.json
Logout failed
parse error: Invalid numeric literal at line 1, column 9


API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 31143
CPM Started 16920 Check Point Security Management Server is running and ready
FWM Started 18638
APACHE Started 3908

Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 4434 (a non-default port)
When running mgmt_cli commands add '--port 4434'
When using web-services, add port 4434 to the URL


--------------------------------------------
Overall API Status: Started

0 Kudos
Sec_Boy
Explorer

am getting below error while phrasing above command. 

parse error: Invalid numeric literal at line 1, column 9
Logout failed

 

 

0 Kudos
Kola_CP
Explorer

Thank you for this.

An additional question if I may...

Is it possible to recursively do this for all the network groups where I have a large number of network groups set up?

Or alternatively to extract all the network group names passing them on to this command to extract for each network group?

0 Kudos