- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: dbedit Script for bulk object creation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dbedit Script for bulk object creation
Hello
Does anybody have a script to create Network Objects in bulk via CLI using dbedit?
I have used the below script to create hosts and it did not work. My device is Smart 1-50 running Gaia R77.30
create host_plain web_server
modify network_objects web_server ipaddr 192.168.1.1
update network_objects web_server
update_all
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actual dbedit commands look correct. The question is how do you execute them and what error do you get.
Hopefully you have read the SK Editing the objects_5_0.C file via Check Point database editing utilities
Here's output of your own commands:
[Expert@ms01:0]# dbeditEnter Server name (ENTER for 'localhost'):Please enter a command, -h for help or -q to quit:dbedit> create host_plain web_serverdbedit> modify network_objects web_server ipaddr 192.168.1.111dbedit> update network_objects web_serverweb_server updated successfully.dbedit> update_alldbedit> print network_objects web_serverObject Name: web_serverObject UID: {D864991F-7B18-B641-A6E1-503D440952F2}Class Name: host_plainTable Name: network_objectsLast Modified by: SystemLast Modified from: localhostLast Modification time: Mon Jun 18 22:05:21 2018Fields Details--------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kaspars Zibarts show it correctly. You have right syntaxe, but problem must be in execution. I usually pushing configuration from file, so I'm able to add thousands rows at once.
- In case you want to run script from file, make sure that you have there UNIX end of lines (when you copied file from different filesystem)
- In production make database revision first!
- DBEDIT fails and stop in case of first error in your code. This could be annoying when you are using update_all. For better visibility where the problem is you can update each element separately (you'll see which update line failed). It takes you much more time especially if you run something really big, but it is best for troubleshooting.
How to run file?
On localhost:
dbedit -s localhost -f /somepath/import-file.txt
Under MDS on certain domain:
dbedit -s <domain server IP> -f /somepath/import-file.txt
In case you need to add more objects, but some with same names already exist in your database, then you can ingnore errors:
dbedit -s localhost -f /somepath/import-file.txt -ignore_script_failure
Here are some simple object code examples (host, network, ip range, group):
Create host 10.0.0.3
create host_plain host10.0.0.3modify network_objects host10.0.0.3 ipaddr 10.0.0.3modify network_objects host10.0.0.3 comments "Company Host"update network_objects host10.0.0.3
Create network 10.0.0.128/25
create network net10.0.0.128m25modify network_objects net10.0.0.128m25 ipaddr 10.0.0.128modify network_objects net10.0.0.128m25 netmask 255.255.255.128modify network_objects net10.0.0.128m25 comments "Company network"update network_objects net10.0.0.128m25
Create IP range 10.0.0.2-10.0.0.25
create address_range range10.0.0.2-10.0.0.25modify network_objects range10.0.0.2-10.0.0.25 ipaddr_first 10.0.0.2modify network_objects range10.0.0.2-10.0.0.25 ipaddr_last 10.0.0.25modify network_objects range10.0.0.2-10.0.0.25 comments "server range"update network_objects range10.0.0.2-10.0.0.25
Put all previous to simple group:
create network_object_group branchSubnetGroupaddelement network_objects branchSubnetGroup '' network_objects:host10.0.0.3addelement network_objects branchSubnetGroup '' network_objects:net10.0.0.128m25addelement network_objects branchSubnetGroup '' network_objects:range10.0.0.2-10.0.0.25modify network_objects branchSubnetGroup comments "Group of objects"update network_objects branchSubnetGroup
More examples you can find in Multi-Domain Security Management R77 Versions Administration Guide . There are examples of rules, renaming, etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best is wait and see what Ravindra Katragadda has to say i suspected the same but it's good to give people some time to chew on info provided as in turn if you can suss out the problem yourself you might actually remember it instead of someone serving you answer on the plate But yes all info you provided is correct and helpful of course
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Petr Hantak
Thank you so much for such a detailed explanation.
I used the below lines to create a script.
create host_plain Block_80.80.80.80
modify network_objects Block_80.80.80.80 ipaddr 80.80.80.80
update network_objects Block_80.80.80.80
update_all
I saved this into a text file.
I copied this file to /var/log/ in the MDS.
Then, I log into MDS, went to the CMA context using mdsenv xx.xx.xx.xx command. Then I ran the below commands
dos2unix /var/log/test.txt
dbedit -local -globallock -f /var/log/test.txt &> test_output.txt
The output file shows the below error.
create <object_type> <object_name>
Error in line: 1
Can you please help me why am I seeing this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all, try to execute the commands manually and see if you get the same error, could it be that object already exists?
SK30383:
- When using the –globallock flag, savedb should be added at the end of the script (like save button in SmartDashboard).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That Object doesn't exist. It's a new one.
if I change the update_all to savedb, will it work?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it is an additional command, not a replacement, however it will not remove the error
we recently added a lot of Office 365 hosts and networks and used this format for the host:
create host_plain O365-H-94.245.88.28
modify network_objects O365-H-94.245.88.28 ipaddr 94.245.88.28
update network_objects O365-H-94.245.88.28
update_all
savedb
And this for the networks:
create network O365-N-94.245.120.64_26
modify network_objects O365-N-94.245.120.64_26 ipaddr 94.245.120.64
modify network_objects O365-N-94.245.120.64_26 netmask 255.255.255.192
update network_objects O365-N-94.245.120.64_26
update_all
savedb
These are just the single host and a single network, but if you copy the text above and use VI on the MDS instead of notepad or make sure to use notepad++ or a similar product that can store the file as a linux file so you dont have strange characters in the file.
Double check by doing a cat of you text file on the MDS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried exactly on MDS R77.30 your object and it worked without issues.
- I created file for import on the MDS as new file via VIM editor, paste commands from clipboard and save it.
- Make sure that there are no special characters there or unexpected spaces
- I switched MDS context with mdsenv as well.
- It worked fine with –globallock flag and savedb