This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
abr
Explorer
‎2024-08-07 04:33 AM
Jump to solution

mgmt_cli: domains-to-process - Valid values are: CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER

Hi CheckMates

Can anyone provide a working example of how to use “domains_to_process”. I just came across this parameter and was wondering how to use it correctly.

As I understand it, the intention is to search across domains for fx. hosts.

Doing something like this:
mgmt_cli show hosts domains-to-process "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" --format json -s id.txt


I just can’t seem to make it work. I tried using it with id.txt set to “System Data” but without success.

Guessing that I’m misunderstanding the intended use case.

 

Much appreciated if anyone have examples to share.

0 Kudos
1 Solution

Accepted Solutions
Omer_Kleinstern
Employee
Employee
‎2024-08-13 07:47 AM
In response to PhoneBoy
Jump to solution

Hi @abr ,

Since domains-to-process is a list, it should be something like this:
mgmt_cli show hosts domains-to-process.1 "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" ignore-warnings true --format json -s id.txt

View solution in original post

(1)
10 Replies
_Val_
Admin
Admin
‎2024-08-09 05:25 AM
Jump to solution

"domains-to-process"  does not seem to be a part of any valid command in the first place. Where are you taking this example from?

0 Kudos
Henrik_Noerr1
Advisor
‎2024-08-09 07:57 AM
In response to _Val_
Jump to solution

The documentation:

https://sc1.checkpoint.com/documents/latest/APIs/?#cli/show-hosts~v1.9.1%20

domains-to-process List: string
Default: CURRENT_DOMAIN		 Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are: CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-12 11:56 AM
Jump to solution

What's the exact output when you try to use that command?
Also see the note about including ignore-warnings true in the API docs.

0 Kudos
abr
Explorer
‎2024-08-12 11:15 PM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy

Result of trying the command with domain set to "System Data" in my id.txt file on API version "1.9.1".
I assume that by "ignore-warnings true" they mean "--ignore-errors true" .


------------------------------------------------------------------------------------------------------------------------------------
Command:
mgmt_cli show hosts domains-to-process "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" --format json --ignore-errors true -s id.txt

Output:
{
"code" : "generic_err_invalid_parameter",
"message" : "Parameter [domains-to-process] value is not valid"
}

------------------------------------------------------------------------------------------------------------------------------------

To me it seems like the parameter "domains-to-process" simply is not an option

0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-13 07:27 AM
In response to abr
Jump to solution

ignore-warnings and ignore-errors are actually different things.
@Omer_Kleinstern any other ideas?

0 Kudos
Omer_Kleinstern
Employee
Employee
‎2024-08-13 07:47 AM
In response to PhoneBoy
Jump to solution

Hi @abr ,

Since domains-to-process is a list, it should be something like this:
mgmt_cli show hosts domains-to-process.1 "ALL_DOMAINS_ON_THIS_SERVER" filter "1.1.1.1" ignore-warnings true --format json -s id.txt

(1)
Bob_Zimmerman
MVP Gold
MVP Gold
‎2024-08-13 08:46 AM
In response to Omer_Kleinstern
Jump to solution

I can confirm this works, though in testing it I found what seems likely to be a bug in mgmt_cli's processing of session files. I'll open a ticket about that.

The "ignore-warnings" key doesn't appear in any of the API documentation I've checked, though I haven't checked exhaustively.

[Expert@MyMDS:0]# mgmt_cli -f json -d "MDS" -r true login >session.txt

[Expert@MyMDS:0]# mgmt_cli -f json -s session.txt show hosts limit 2 domains-to-process.1 ALL_DOMAINS_ON_THIS_SERVER ignore-warnings true
{
  "objects" : [ {
    "uid" : "08f0e998-b092-49ef-83cb-f56b367e4c5c",
    "name" : "SomeHost",
    "type" : "host",
    "domain" : {
      "uid" : "f538d6a9-dd21-40cc-b400-c758b2a05882",
      "name" : "CMA_1",
      "domain-type" : "domain"
    },
    "ipv4-address" : "2.3.4.5",
    "icon" : "Objects/host",
    "color" : "black"
  }, {
    "uid" : "ccb0a948-c5ed-43e3-9e2f-f8aa331b3bcb",
    "name" : "SomeHost_2",
    "type" : "host",
    "domain" : {
      "uid" : "11415233-c3d4-4c3b-bc8b-6413ba75f64d",
      "name" : "CMA_2",
      "domain-type" : "domain"
    },
    "ipv4-address" : "3.4.5.6",
    "icon" : "Objects/host",
    "color" : "black"
  } ],
  "from" : 1,
  "to" : 2,
  "total" : 55184
}

Note that this only makes sense on an MDS, and the "System Domain" is named "MDS".

It technically works on SmartCenters when you log in to the "System Data" domain, but a SmartCenter can only contain one domain, so there's no real point to doing it. You may as well log in to the functional domain directly.

0 Kudos
abr
Explorer
‎2024-08-14 12:58 AM
In response to Bob_Zimmerman
Jump to solution

@Bob_Zimmerman 
Thanks for testing command and explaining the "System Domain" for MDS environments.

It make sense to use this for looking up hosts across domains within a MDS environment.

Help and input much appreciated!

0 Kudos
abr
Explorer
‎2024-08-14 12:53 AM
In response to Omer_Kleinstern
Jump to solution

Hi @Omer_Kleinstern

Thanks for explaining this to me. Much appreciated!

I had no idea on how to "represent" a list with "strs" in the mgmt_cli. I tried all kinds of list formats. I had never guessed that it had to be represented using ".1"

I did not find any direct documentation on the "ignore-warnings true" in the documentation. It is stated to apply it to this command. Still it is not documented as an argument/option.

I think it might be helpfull for others if documentation was updated with an examples for "List: String" and "ignore-warnings true"

0 Kudos
jo-xxx
Participant
‎2025-07-31 11:48 AM
In response to Omer_Kleinstern
Jump to solution

Btw when using REST domains-to-process is used like this:

POST {{server}}/show-groups
Content-Type: application/json
X-chkp-sid: {{session}}

{
  "filter" : "some-name",
  "ignore-warnings" : "true",
  "domains-to-process": ["ALL_DOMAINS_ON_THIS_SERVER"],
  "details-level" : "standard"
}

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events