This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jon_Pahl1
Employee
Employee
‎2021-06-30 01:13 PM

Script using API and JQ exporting simple-gateway interface data

To achieve this request we are going to use the Show-Simple-gateways api call with detail-level full, and jq to format the response.  The output will be a file that can be imported into excel by using the built-in delimitation.

 

 

Step 1 we login to the API server

Step 2 we execute the API call

Step 3 open the file via excel.

 

Note: this doesn’t work with SMB devices, only full Gaia.

Note: this script was developed for a client that has more than 500 gateways in there management system.

 

 

 

Mgmt_cli login -u <userID> -p <password> > ses.txt 

mgmt_cli show-simple-gateways details-level full limit 500 --format json -s ses.txt | jq '.objects[] |.interfaces[] as $i | [.name,$i.name,$i."ipv4-address",$i."ipv4-network-mask",$i.topology] | @csv ' > gateway.txt 

 

You will see errors around SMBs but I believe the script will bound over them  

 

Gateway.txt output should look like this  

 

"\"Gw-Gaia\",\"Eth1\",\"1.1.1.1\",\"255.255.255.0\",\"external\"" 

"\"Gw-Gaia\",\"Eth2\",\"10.0.0.1\",\"255.255.255.0\",\"internal\"" 

"\"GW-Gaia-2\",\"eth1\",\"2.2.2.2\",\"255.255.255.0\",\"automatic\"" 

"\"GW-Gaia-2\",\"eth2\",\"10.2.2.1\",\"255.255.255.0\",\"automatic\"" 

 

 

 

Show-simple-gateway Interfaces sub-object RAW data

 

interfaces: 

- name: "Eth1" 

  ipv4-address: "1.1.1.1" 

  ipv4-network-mask: "255.255.255.0" 

  ipv4-mask-length: 24 

  ipv6-address: "" 

  comments: "" 

  color: "black" 

  icon: "NetworkObjects/network" 

  topology: "external" 

  anti-spoofing: false 

  security-zone: false 

- name: "Eth2" 

  ipv4-address: "10.0.0.1" 

  ipv4-network-mask: "255.255.255.0" 

  ipv4-mask-length: 24 

  ipv6-address: "" 

  comments: "" 

  color: "black" 

  icon: "NetworkObjects/network" 

  topology: "internal" 

  topology-settings: 

    ip-address-behind-this-interface: "not defined" 

    interface-leads-to-dmz: false 

  anti-spoofing: false 

  security-zone: false 

 

 

Breaking down the cli and how jq works

 

Full CLI:

mgmt_cli show-simple-gateways details-level full limit 500 --format json -s ses.txt | jq '.objects[] |.interfaces[] as $i | [.name,$i.name,$i."ipv4-address",$i."ipv4-network-mask",$i.topology] | @csv ' > gateway.txt 

 

 

mgmt_cli this is simple the API interface call from the Gaia CLI.

 

Show-simple-gateway details-level full limit 500 – format json –s ses.txt | jq …

  • Show-simple-gateway is an API call that pulls information about gateways in the MDS or management environment. You can also use show-simple-cluster for clustered devices.  These 2 command only work on full Gaia devices SMB or embedded Gaia devices are cannot be queried via this method.
  • Details-level full
    • This part of the command sets the return details level, if not full the individual interfaces would not be returned.
  • Limit 500
    • Limit 500 expands the default limit of 50 for a larger environment. We do have environments that are larger than 500 so a larger number would be needed. One thing to remember is the higher the limit the more memory and cpu necessary to complete the API call.
  • -- format json
    • Simple formats the output as json
  • -s ses.txt
    • –s tells the mgmt_cli application to use the session key in the ses.txt file. To create the ses.txt file use ‘mgmt_cli login -u <userID> -p <password> > ses.txt
  • | jq
    • Sends the json generated by ‘mgmt_cli show-simple-gateway …’  to jq for processing.

 

Jq:

 

Jq is a Linux application designed to parse json and provide formatted text out. In this case we are reading in json and exporting a delimited file with data on defined interfaces. When looking at the jq command in this case we are creating and array of interfaces and references that array as $i.  When you see $i.name we are exporting interfaces.name (with the example data below we should see Eth1 as the output to $i.name) to the csv formatted output.

 

Jq command and example data, I have removed some of the extra data to concentrate on the interfaces section.

 

 jq '.objects[] |.interfaces[] as $i | [.name,$i.name,$i."ipv4-address",$i."ipv4-network-mask",$i.topology] | @csv ' > gateway.txt 

 

 

Data example:

 

interfaces: 

- name: "Eth1" 

  ipv4-address: "1.1.1.1" 

  ipv4-network-mask: "255.255.255.0" 

  ipv4-mask-length: 24 

  ipv6-address: "" 

  comments: "" 

  color: "black" 

  icon: "NetworkObjects/network" 

  topology: "external" 

  anti-spoofing: false 

  security-zone: false 

- name: "Eth2" 

  ipv4-address: "10.0.0.1" 

  ipv4-network-mask: "255.255.255.0" 

  ipv4-mask-length: 24 

  ipv6-address: "" 

  comments: "" 

  color: "black" 

  icon: "NetworkObjects/network" 

  topology: "internal" 

  topology-settings: 

    ip-address-behind-this-interface: "not defined" 

    interface-leads-to-dmz: false 

  anti-spoofing: false 

  security-zone: false 

 

CSV output:

 

"\"Gw-Gaia\",\"Eth1\",\"1.1.1.1\",\"255.255.255.0\",\"external\"" 

"\"Gw-Gaia\",\"Eth2\",\"10.0.0.1\",\"255.255.255.0\",\"internal\"" 

"\"GW-Gaia-2\",\"eth1\",\"2.2.2.2\",\"255.255.255.0\",\"automatic\"" 

"\"GW-Gaia-2\",\"eth2\",\"10.2.2.1\",\"255.255.255.0\",\"automatic\"" 

 

 

Jq references:

 

 

0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events