Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jin_Zhou
Contributor

how to output factional rule numbers?

Since we have global rules the rules created in local domains have factional rule numbers, such as 22.1,22.2 if we have 21 global rules at the beginning. But mgmt_cli show access-rulebase only output rule numbers in its absolute position. Is there any way to get the factional rule numbers from mgmt._cli or turn off factional rule number on GUI?

0 Kudos
7 Replies
Adam_Forester
Ambassador
Ambassador

Jin Zhou‌ What do you want these for? Just for viewing or are you trying to modify something. JQ can be used to modify the json and insert it in but you can't use that to alter a rulebase.

0 Kudos
Jin_Zhou
Contributor

Hi Adam,

Thanks for your response. I use JQ to filter out some rules with rule number and rule name fields for users to review. But users can’t use the rule number to find the rules on smartconsole. It would be a great help if you have a JQ syntax to translate the absolute number to factional numbers.

Thanks,

Jin

0 Kudos
Adam_Forester
Ambassador
Ambassador

Jin,

I put an interactive script out on my github for you; GitHub - WadesWeaponShed/CMA-Poilcy-Indent 

In short, it does two things;

  1. It filters out the place holder rule in the global policy;
    • $DOMAIN is the IP of the Domain you are searching
    • $GPOLICY is the name of the global policy package
    • mgmt_cli -r true -d $DOMAIN show access-rulebase name "$GPOLICY" details-level full --format json |jq --raw-output '.rulebase[] | select(.type == "place-holder") | ."rule-number"')
      • in the script, this is set up to generate a variable to be used in the second part. You could always run this to get the output manually and use it. 
  2. The second command modifies the JSON output and inserts X. in front of all the rule numbers. X being the global place holder from command 1.
    • $DOMAIN is the IP of the Domain you are searching
    • $DPOLICY is the name of the CMA policy you want to export
    • $FLOBAL is a pre-built variable from the output of command 1.
    • mgmt_cli -r true -d $DOMAIN show access-rulebase name "$DPOLICY" details-level full --format json | jq --raw-output --arg GLOBAL "$GLOBAL"  '.rulebase[] | ."rule-number" = $GLOBAL + "." + (."rule-number"|tostring)' > $DPOLICY-modified.json
      •  ."rule-number" = $GLOBAL + "." + (."rule-number"|tostring) is the bread and butter of it all this is what addes the text to the begining of the .rule-number

0 Kudos
Jin_Zhou
Contributor

Thanks Adam. I was trying to get a quick solution and did not get a chance to try your script yet.  I just did a post-export text editing using sed and prepended the global number to the local rule numbers to get the fractional rule numbers.

0 Kudos
Tomer_Sole
Mentor
Mentor

Use Ctrl+G in SmartConsole to go to rule based on its number. 

Adam_Forester
Ambassador
Ambassador

Tomer, I took a look at Ctrl+G and it goes to a rule but you still have to know the X. number. Jin is exporting the json of a CMA policy and the rules start back at 1in the output and he has users reviewing some rules and they are unable to locate them because of the lack of X. at the beginning.

0 Kudos
Tomer_Sole
Mentor
Mentor

Go to Rule also works with pasting the UID of the domain rule.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events