- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Show changes from session => from a single session
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Show changes from session => from a single session
Hello guys,
I want to write a small script that lists all the created, deleted and modified rules and host objects for a given session/revision uid. The management API reference guide includes two possible commands that should do the job:
- show session uid <session_uid>
>> This lists all the general details of a session like e.g. the user, the change sum, the description, the application that has been used in order to publish the given session etc. Here everything is working as expected
- show changes from-session <session_uid> to-session <session_uid>
>> This command lists all changes in a given time or session frame... so this means I can use the above mentioned "from-session" => "two-sessions" arguments or the "from-date" => "to-date" arguments. However it seems like that it is not possible to list all changes from just one single session. The seemingly required arguments have default values if no UIDs for the sessions are specified:
from-session | string |
to-session | string Default: The last published session |
But here lays another problem - as the from-session defaults to "the session before to-session" while the to-session argument defaults to "the last published session", this leads to the result that the command gives you the last two sessions if you do not specify any arguments. Still, it does not allow you to just see the changes from a single session. My idea was to give the from and to argument the same session uid, but this results in the following error:
> show changes from-session <my_session_uid1> to-session <my_session_uid1> --------------------------------------------- Time: [15:43:07] 27/3/2019 --------------------------------------------- "Show Changes" failed (100%) tasks: - task-id: "abcdef01-2345-6789-b58a-3559264bf1dc" task-name: "Show Changes" status: "failed" progress-percentage: 100 progress-description: "Diff operation failed: Unable to build the diff reply." suppressed: false
So the command requires a diff in between both parameters while a simple "show changes from-uid" or "show changes uid" does not exist. Do I miss something or is there really no possibility to track the changes of a given single session?
Regards,
Maik
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you run: mgmt_cli show changes to-session UID
Then it will compare the session to the previously published session right before it. I know it seems really backwards but if you read the API guide it is oddly worded that way. If you don't specify the 'from-session' then it defaults: The session before to-session
Make sure to set your details-level to get the detail you want
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Maik, everyone,
We haven't released Changes Report extension officially yet since we are creasing out a few last issues.
In the meantime you are invited to start using it and provide us with your feedback.
In order to install it, please follow the below instructions:
1. On SmartConsole, got to Manage & Settings > Preferences > SmartConsole Extensions > +.
The “Import SmartConsole Extension…” window opens.
Enter the web-service manifest URL for the manifest file:
https://extensions.checkpoint.com/changes-report/extension.json
Click ‘OK’.
2. A verification message will pop-up – press ‘OK’.
The extension is now installed.
“Changes” button will appear at:
- The upper toolbar in Security Policies tab and in Gateways and Servers tab - showing changes performed in the current private session
- The upper toolbar in Manage & Settings > Sessions > Session view - showing the changes performed in the selected session
- A “Changes” menu will appear at the upper toolbar in Manage & Settings > Sessions > Revisions view. It allows you to compare the selected revision with its previous, or with the current revision.
The extension is supported on top of R80.30 and up.
Let me know what you think 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maik,
if you just run 'show changes' it will compare the last published session vs the session prior to it. Which would show you the changes of the last published session. I just tested it after adding a single network and publishing;
mgmt_cli -r true show changes
---------------------------------------------
Time: [07:25:43] 27/3/2019
---------------------------------------------
"Show Changes" succeeded (100%)
tasks:
- task-id: "abcdef01-2345-6789-81ad-4d56c2e27f11"
task-name: "Show Changes"
status: "succeeded"
progress-percentage: 100
progress-description: "Operation Complete"
suppressed: false
task-details:
- limit: 10
offset: 0
from: 1
to: 2
total: 2
changes:
- session:
session-uid: "5ca78a82-4e2b-4315-ab73-7fede5598e81"
user-name: "WEB_API"
publish-time:
posix: 1553689514200
iso-8601: "2019-03-27T07:25-0500"
domain-info:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
operations:
added-objects:
- uid: "3f8fde7a-077b-4ab3-ae45-cac29e36a20a"
name: "net-1.1.1.1"
type: "network"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
subnet4: "1.1.1.0"
mask-length4: 24
subnet-mask: "255.255.255.0"
modified-objects: []
deleted-objects: []
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Adam,
Thanks for your reply and suggestion. But this still does not allow me to view the changes of a specific given session - it just lists the last one. This is a step in the direction that I am aiming for but still not the actual goal.
Maybe some background; I have created a script that validates some management CLI strings and gives you feedback on found errors or just says that the string is okay to push if no errors are found. In the end you will receive a list of all created objects (access rules + their related policies to be pricise) as well as a string and the revision id that can be copy pasted into a change ticket that is linked to the changes. Now I want to create an additional script that should allow an "easy review" of a given change by just giving the session (or revision) uid as a parameter in order to do a "four eyes check" of the changes via the cli and not the smartconsole. Thats why I require the change uid of not the latest session, or of multiple sessions but just one specific one.
Best regards,
Maik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll be able to trigger an action when someone attempts to publish a session.(e.g. Run a script).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks PhoneBoy and Adam 🙂
Especially for thinking over it again on the weekend. Would be great to find a solution - even if it will be a little bit more trickier to achieve than with just running one api call. Have a great weekend and looking forward to hearing from you.
By the way, as it is possible to paste a session uid into the audit log in order to receive all required objects it should be possible with the api as well I guess? Maybe I could use the generic object api somehow... but I need to dig deeper into the usage of it as I have zero experience regarding generic api call so far.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you run: mgmt_cli show changes to-session UID
Then it will compare the session to the previously published session right before it. I know it seems really backwards but if you read the API guide it is oddly worded that way. If you don't specify the 'from-session' then it defaults: The session before to-session
Make sure to set your details-level to get the detail you want
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Following the upcoming release of R80.30, we will publish the 'Changes Report' SmartConsole extension which uses the show-changes API command to visualize single session (private/published) changes.
The extension source code would be published as well in our GitHub repository post its release.
Check out How to extend and enhance SmartConsole?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The smartconsole extension looks very interesting - R80.30 has been out for some time now, is there any chance you could release the code for this extension?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if that was the final GA version, though, I will have to check.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would be needing to view the delta changes between the most recent and last published session.
Regards,
Simon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
or, even better, to show all changes between 2 selected time period.
Like all changes (NOT done only by me, instead by all admins (maybe report the name of admin) ) performed from 30.3.2020 10:00 till 1.4.2020 08:00. This makes the idea perfectly fit, also for auditing purposes.
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no succinct report that will show all changes between two published sessions. However what you can do is look at the individual Audit Logs for all sessions published between two particular sessions. This is described in Part 3 of my article R80+ Change Control: A Visual Guide.
Another thing you could try is bringing up the raw Audit Log as described in Part 4, then implement a date range filter spanning the time period between the two sessions you want to compare. Once again this would just be looking at individual Audit Logs and not a nice report as shown earlier in this thread.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Maik, everyone,
We haven't released Changes Report extension officially yet since we are creasing out a few last issues.
In the meantime you are invited to start using it and provide us with your feedback.
In order to install it, please follow the below instructions:
1. On SmartConsole, got to Manage & Settings > Preferences > SmartConsole Extensions > +.
The “Import SmartConsole Extension…” window opens.
Enter the web-service manifest URL for the manifest file:
https://extensions.checkpoint.com/changes-report/extension.json
Click ‘OK’.
2. A verification message will pop-up – press ‘OK’.
The extension is now installed.
“Changes” button will appear at:
- The upper toolbar in Security Policies tab and in Gateways and Servers tab - showing changes performed in the current private session
- The upper toolbar in Manage & Settings > Sessions > Session view - showing the changes performed in the selected session
- A “Changes” menu will appear at the upper toolbar in Manage & Settings > Sessions > Revisions view. It allows you to compare the selected revision with its previous, or with the current revision.
The extension is supported on top of R80.30 and up.
Let me know what you think 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are currently having an issue with the latest update of the extension.
I'll update once it will be resolved.
Sorry for the inconvenience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Issue is now resolved.
Please contact me if you have additional issues.
Sorry for the inconvenience.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Are you using a standalone environment? extensions are not supported on it.
If not, please verify that the correct ip is configured on your management object.
Also try to login to SmartConsole using the server ip instead of name.
If all of the above doesn't help - please send me SmartConsole and server logs (cpm, fwm and api) so that we can investigate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
> Are you using a standalone environment? extensions are not supported on it.
Ah thanks, just added a note to the Preface of my article R80+ Change Control: A Visual Guide noting this limitation.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Supporting hostname/FQDN is in the server's roadmap for one of the future releases.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is not available for offline customers, but we plan to support it in the future (using a server hotfix).