This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MichaelGur
Explorer
‎2022-05-01 06:19 AM

how to find in which groups a network object exists

Hello everyone

I need to find a Linux command with which I can see in which groups there is an object that I give like the existing function in the Smart-Console "where-used"

I have this script and I want to get for each object in which groups he exists. like as I get the name

mgmt_cli -r true show-group name "group" --format json | jq -r '.members[] | [.name, ."ipv4-address", .subnet4, .type ] | @csv' -r

 

0 Kudos
3 Replies
Danny
Champion
Champion
‎2022-05-06 09:02 AM

Maybe these community solutions are of help?

0 Kudos
Alex-
Advisor
‎2022-05-06 10:49 AM

Danny pointed you to very good resources but I'm jumping in the ring  for the challenge.

I'm not much of a bash coding pro and much less with jq so here's a simple bash script that will collect your hosts and networks, log them in a CSV, display in which group(s) they can be found if any then deletes the CSV. I use grep with jq as playing with the latter's syntax was breaking the mood of my Friday evening.

don't forget to chmod +x the file before running it.

I named it obj2grp but make your pick.

 

 

 

#!/bin/bash
mgmt_cli -r true show hosts --format json |jq -r '.objects[] | [.name] | @csv' -r > obj.csv
mgmt_cli -r true show networks --format json | jq -r '.objects[] | [.name] | @csv' -r >> obj.csv

while read line
do
        a=`mgmt_cli -r true where-used name $line --format json | jq -r '."used-directly"[]' | grep name | grep -v SMC`
        echo "Object $line is found in $a"
done < obj.csv
rm obj.csv

 

 

 

 

Here's a sample output.

 

 

 

Object "cphost-1" is found in     "name": "cpgroup-1",
Object "cphost-100" is found in     "name": "cpgroup-5",
Object "cphost-2" is found in     "name": "cpgroup-2",
    "name": "cpgroup-1",
Object "cphost-200" is found in     "name": "cpgroup-5",
Object "CP_default_Office_Mode_addresses_pool" is found in
Object "cpnet_172.16.15.0-25" is found in     "name": "cpgroup-4",
Object "IPv6_Link_Local_Hosts" is found in
Object "net_10.20.10.0-24" is found in     "name": "cpgroup-1",

 

 

 

 

You can certainly improve it from there.

0 Kudos
Alex-
Advisor
‎2022-05-07 12:02 PM
In response to Alex-

Here's an improved version of code which should increase readability. It uses the maximum limit of 500 objects processed at once, if you have more, use offset.

 

#!/bin/bash
mgmt_cli -r true show hosts limit 500 --format json |jq -r '.objects[] | [.name] | @csv' -r > obj.csv
mgmt_cli -r true show networks limit 500 --format json | jq -r '.objects[] | [.name] | @csv' -r >> obj.csv

while read line
do
        a=(`mgmt_cli -r true where-used name $line --format json | jq -r '."used-directly"[]' | grep name | grep -v SMC`)
        if [ -z "$a" ]; then
                echo "$line is not used in any group" | sed 's/"//g'
        else
                echo "$line is found in ${a[*]}" | sed 's/"name"//g' | sed 's/://g' | sed 's/"//g'
        fi
done < obj.csv
rm obj.csv

 

Sample output

cphost-1 is found in  cpgroup-1,
cphost-100 is found in  cpgroup-5,
cphost-2 is found in  cpgroup-1,  cpgroup-2,
cphost-200 is found in  cpgroup-5,
host_used_everywhere is found in  cpgroup-2,  cpgroup-5,  cpgroup-6,  cpgroup-3,  cpgroup-4,  cpgroup-1,
CP_default_Office_Mode_addresses_pool is not used in any group
cpnet_172.16.15.0-25 is found in  cpgroup-4,
IPv6_Link_Local_Hosts is not used in any group
net_10.20.10.0-24 is found in  cpgroup-1,

 

0 Kudos