Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Unused Objects Cleanup - Python Script

SmartEvent Type: Integrations, SmartConsole,

danielcol
Employee
Employee

Hello!

Firstly, I'd like to introduce myself - I'm Daniel, and I've worked with Check Point for 11(nearly 12!) years.

I'm always interested in making life easier, or more automated - which makes a great paring for Python. 

I had a problem, in that I noticed the SmartConsole unused objects view is limited to 500 objects and bulk deletions were slow.. and not that easy to know what has and hasn't been deleted without going in and out of the object view, and publishing. 

I wrote

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




(1)
6 Replies

Danny
Champion Champion
Champion

Thanks!

A bash version of this is available here.

I'd like if your script would be more interactive to:

  • show the total number of unused objects first
  • provide an option to list all unused objects rather than directly start to delete them
  • create a backup before deletion
  • verify the total number of unused objects after deletion (before / after comparison)

I'd also be great if your script would read out the SmartCenter IP and Port automatically.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


danielcol
Employee
Employee

Your first point is on my list of things to do, it's hard because of the iterative nature of it (I found I was getting a non-true value of the total amounts from the queries.. probably because there was just so many in my test) but I can add that. 

Can easily dump out the contents to say a CSV. 

I don't see too much value in the backup (but that's my opinion) as the changes are made in sessions, which can be restored through the management sessions (and each session, is one object t

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Henrik_Noerr1
Advisor

We have something similar - I would recommend that you implement handling of the creation date of the objects.

No need to delete unused objects that was created let's say yesterday, thereby removing all work done by a colleague.

/Henrik

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

danielcol
Employee
Employee

I've got a date check function, so could add something like that. 

There's not much "sense" applied to the objects spat out, other than sorting the type. But I should have the creation date in the dictionary, so could sort those out and then leave those to be handled if the user requests.. 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

danielcol
Employee
Employee

13/12/22 - Updated with;

- Reports total objects fetched from request
- Reports MDSCMAIP and PORT in script run

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Hugo_vd_Kooij
Advisor

Daniel,

To be honest a clean installation contains a lot of unused objects and I might not be comfortable with killing those. Is there a provision to do this only for object that were later added and then got discarded.

Obviously another concern is that your hard working colleagues are in the middle of a change and they just painstakingly added a bunch of objects not yet in use and those get tosted out the window because they did a commit just before lunch. And yoou killled them at

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos