Re: Management unused objects script

the_rock

Hey guys,

Wondering if someone would be kind enough to try this script in their lab? I ran it on mine, but it comes up emoty and its cause I dont have any unused objects in my lab policy.

Below is what I get:

[Expert@CP-MANAGEMENT:0]# ./cp_unused_objects.sh --user admin --password 'maxwe!!' --limit 1000
[Expert@CP-MANAGEMENT:0]# ls
cp_unused_2026-02-08_121753 cp_unused_2026-02-08_121806 cp_unused_objects.sh
[Expert@CP-MANAGEMENT:0]# cd cp_unused_2026-02-08_121753/
[Expert@CP-MANAGEMENT:0]# ls
unused_all.json
[Expert@CP-MANAGEMENT:0]# more unused_all.json
[]
[Expert@CP-MANAGEMENT:0]#

Best,
Andy

Vincent_Bacher

Just had a view on the script using my mobile and have two thoughts.

I was wondering, does it make sense to check for jq right at the start and just exit if it's missing instead of checking nd exiting in the middle of the script?

Also, could it be that the script is a bit inefficient when many many objects come Into the gane by constantly reading and rewriting large data files? Perhaps appending the new data would be much faster. Correct me if I m wrong because misread the script.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock

Yea...thats why Im trying to see if I can test it on management with lots of unused objects. Let me try my standalone lab and see.

Best,
Andy

Vincent_Bacher

Just tested on a test domain using

time ./cpunused.sh --user <my user> --password <my pass> --domain "TEST"

Script ran and created empty directory.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

simonemantovani

Hello

executing the script using bash -x cp_unused_objects.sh ... returns the error: jq: Unknown option --argjson

I tested the script on an MDS R81.20, JQ version is 1.4 and this version doesn't provide argjson option.

Vincent_Bacher

On our R82 server i get the same error.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vincent_Bacher

Did some modifications and this version worked on a test domain in our environment:

================================================================================
CHECK POINT UNUSED OBJECTS REPORT
================================================================================
Generated: 2026-02-09 11:13:14
Domain: TEST

================================================================================
SUMMARY
================================================================================
Total unused objects:          9
Unused services:               4
Unused non-services:           5

================================================================================
TOP 10 OBJECT TYPES
================================================================================
  host                               4 ( 44.4%) ######################
  service-tcp                        4 ( 44.4%) ######################
  group                              1 ( 11.1%) #####

================================================================================
OUTPUT FILES
================================================================================
  - ./cp_unused_2026-02-09_111310/unused_all.json
  - ./cp_unused_2026-02-09_111310/unused_all.csv
  - ./cp_unused_2026-02-09_111310/unused_services.csv
  - ./cp_unused_2026-02-09_111310/unused_non_services.csv
  - ./cp_unused_2026-02-09_111310/unused_report.txt
================================================================================
[INFO]
[INFO] ================================================================================
[INFO] ✓ SUCCESS - All files exported to: /home/m4sebbl/cp_unused_2026-02-09_111310
[INFO] ================================================================================
[INFO]
[INFO] Cleaning up session...

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vincent_Bacher

@the_rock fyi:

Just tested this version on a CMA with more objects.

================================================================================
SUMMARY
================================================================================
Total unused objects:       2058
Unused services:             144
Unused non-services:        1914

Time used:

real    0m27.392s
user    0m2.945s
sys     0m2.828s

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock

Will test it shortly.

Best,
Andy

Filters

Sort By

Categories

Management unused objects script

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.