kevinsteves / pan-python Goto Github PK
View Code? Open in Web Editor NEWMulti-tool set for Palo Alto Networks PAN-OS, Panorama, WildFire and AutoFocus
License: Other
Multi-tool set for Palo Alto Networks PAN-OS, Panorama, WildFire and AutoFocus
License: Other
I have used the script as follows, using the Python interpreter:
from pan.xapi import PanXapi
xpath = "/config/devices/entry[@name='localhost.localdomain']/network/virtual-router/entry[@name='VR-Route']/routing-table/ip/static-route/entry[@name='8.8.8.8n32']"
element = "8.8.8.8/32ethernet1/210.0.4.1"
xapi = PanXapi(tag=None, use_get=True)
xapi.set(xpath=xpath,element=element)
print(xapi.status)
'success'
print(xapi.get(xpath=xpath))
None
xapi.commit(cmd="", sync=True, interval=1, timeout=0)
xapi.status
'success'
print(xapi.show(xpath=xpath))
None
xapi.delete(xpath=xpath)
print(xapi.status)
success
xapi.commit(cmd="", sync=True, interval=1, timeout=0)
print(xapi.show(xpath=xpath))
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python3.7/site-packages/pan/xapi.py", line 721, in show
self.__type_config('show', query, extra_qs)
File "/usr/lib/python3.7/site-packages/pan/xapi.py", line 805, in __type_config
raise PanXapiError(self.status_detail)
pan.xapi.PanXapiError: No such node
There is some if that return None all the time even if the element has been configured. I have verified the configuration using panxapi.py right after commiting the changes:
Incredible work, many congratulations¡¡¡
I am testing with the API and I have a question at the moment of moving a rule in a certain position.
To perform this action I perform the following command:
panxapi.py -h 10.0.0.1 -l admin:PASSWORD --move "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='rule-test']" before "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='rule-test1']"
But it gives me the following error:
Invalid where: "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='rule-test1']"
move: error [code="7"]: "no target specified in move"
I have tried several combinations but it gives me error can you show me some examples?
Thanks and Regards
@kevinsteves, I am randomly (i think) getting this error
raise PanXapiError('commit %s: %s' % (cmd, msg)) pan.xapi.PanXapiError: commit show jobs id "161421": URLError: code: 502 reason: Bad Gateway
while commiting via the XAPI.
I am making the request via
xapi.commit(cmd=commit, sync=True, interval=1.0)
And have tried with default interval also.
The error seems to happen when making many consecutive calls to panorama
Hey @kevinsteves - thanks for this lib.
The actual CLI on devices does not produce valid output if users have newlines, quotes, etc in their descriptions, etc. So we recommend our Batfish users to use Panconf to fetch XML and then convert it to SET via panconf: https://pybatfish.readthedocs.io/en/latest/formats.html#from-panorama-preferred
We're running into an issue where XML nodes that contain complicated text (like JSON) make output files that are unparseable. Panconf is better than the device CLI, but it has similar issues. I think the culprit is this code:
Lines 257 to 263 in 0ad1c02
It clearly will do the wrong thing on, e.g., a cell that contains only '"
(single-quote double-quote) -- it will output ''"'
(single/single/double/single) which is still not a valid string (three single-quotes).
Is this desired behavior for some reason? If not, would you be open to a PR that does some escaping to produce parseable output? Do you have an opinion for how that output should look?
Thanks!
https://github.com/kevinsteves/pan-python/blob/master/lib/pan/config.py#L584-L609
This code specifies which xpaths are relevant for different versions of PANOS, but 10.0 and 10.1 are both not in the list. As a result, it seems to fall back to 4.1. Looks like we need to add support for these new versions to get correct behavior.
Hello team we are trying to on board /add the new firewall to panorama via api , can anyone provide the api references for the same ?
Good Kevin
I am performing tests of the Api launched the query against a panorama. Both the panorama and the device have licenses and are synchronized.
When I create the policy "rule1" from Panorama, it is displayed correctly on the remote firewall device correctly.
But when I launch the query using the API, against panorama this does not return the corresponding rule:
Panxapi.py -h 10.0.0.2 -l admin: pass --serial XXXXXXXXXXXXXXX -sxr "/ config / devices / entry / vsys / entry [@ name = 'vsys1'] / rulebase / security / rules / entry [@ name = 'Rule1'] "
Show: error: "No such node"
If I do not use the option "--serial" the error is the same:
Panxapi.py -h 10.0.0.2 -l admin: pass -sxr "/ config / devices / entry / vsys / entry [@ name = 'vsys1'] / rulebase / security / rules / entry [@ name = 'Rule1'] "
Show: error: "No such node"
The redirect works, since the reading is correct, if I create the policy on the remote device(rule3) with the same command if I can see it:
Panxapi.py -h 10.0.0.2 -l admin: pass --serial XXXXXXXXXXXXXXX -sxr "/ config / devices / entry / vsys / entry [@ name = 'vsys1'] / rulebase / security / rules / entry [@ name = 'Rule3'] "
Show: success
With the api I can see and create policy when I launch the Api against panorama and the policy is created on the panorama?
A lot of thanks Kevin
Commiting some candidate configuration to a single Palo Alto using panxapi.py reports the commit job was successful, even though the message reports it failed:
reynolds@admin-1:~/wc/pan-python-0.12.0/bin$ ./panxapi.py -t xapilab -C '' --sync
commit: success: "vsys1
Error: vsys1 decryption: forward decrypt trust cert is not configured
Error: Failed to parse decryption policy
(Module: device)
Commit failed"
I expect the commit to fail, but the panxapi.py script should report this. It doesn't seem to raise a pan.xapi.PanXapiError exception.
Tested in latest version of pan-python: fb9fcc4
Palo Alto version: 7.1.5 (VMWare ESXi)
OS: Debian 8 and Ubuntu 16.04
When trying to display the diff between running and candidate configuration, I get the following:
[/tmp/pan-python] ./bin/panxapi.py -DD -jro '<show><config><diff></diff></config></show>'
element: "<show><config><diff></diff></config></show>"
__parse_path: /home/gohu/.panrc: { 'api_key': '******', 'hostname': '172.16.0.2'}
panrcs: [{ 'api_key': '******', 'hostname': '172.16.0.2'}]
panrc: { 'api_key': '******', 'hostname': '172.16.0.2'}
using legacy urllib
query: {'cmd': '<show><config><diff></diff></config></show>', 'type': 'op', 'key': '******'}
URI: https://172.16.0.2/api/?cmd=<show><config><diff></diff></config></show>&type=op&key=******
method: POST
HTTP response headers:
Server:
Date: Mon, 13 Feb 2017 16:45:49 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 78
Connection: close
ETag: "24004-12b-57e5df77"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Origin:
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: PHPSESSID=33e7b9ed7b247d9151446df11ce47555; path=/; secure; HttpOnly
response_attrib: {'status': 'error'}
path: ./msg/line [<Element 'line' at 0x7f31748898d0>]
op: error: "invalid client cli"
[/tmp/pan-python]
The "invalid client cli" issue only happens with this specific operation command.
Is that expected?
panxapi.py -t TAG -jo 'show session id ID'
ends with error
op: error [code="17"]: " is unexpected"
{
"response": {
"code": "17",
"msg": {
"line": " is unexpected"
},
"status": "error"
}
}
Getting Connection reset by peer error below, PAN 8.0.5, please advice
panxapi.py -h 10.0.0.85 -l admin:jenkins -k
keygen: "URLError: reason: [Errno 54] Connection reset by peer"
Use of the panxapi.py script to update user-id ip-user mappings yields the following errors messages in the ms.log file of PAN-OS 7.1.12 and PAN-OS 8.0.5 firewalls
TIMESTAMP Getting authorization info for user USERNAME succeeded.
TIMESTAMP Error: _pan_schema_verify_node(pan_schema_obj.c:5515): unexpected here , node: value near line 1
TIMESTAMP Error: _pan_schema_verify_node(pan_schema_obj.c:5770): is unexpected , node: hide-ip near line 1
TIMESTAMP Error: _pan_schema_verify_node(pan_schema_obj.c:5770): is unexpected , node: cli near line 1
TIMESTAMP Error: _pan_schema_verify_node(pan_schema_obj.c:5770): is unexpected , node: set near line 1
TIMESTAMP client useridd reported op command was SUCCESSFUL
If the same example is submitted via https://firewall/api under API->user-id -> data, no error is observed in the ms.log and the firewall provides a response status of success.
Note - the error messages do not appear to impact implementation of ip-user-mappings.
To reproduce...
panxapi.py -h firewall --vsys $vsys -U path_of_xml.xml
Sample XML is:
update
1.0
The following template change failed,
commit-all template name MyTemplate
xapi.commit('', action="all")
Error is following:
File "pan-pass.py", line 31, in main
xapi.commit('', action="all")
File "/Library/Python/2.7/site-packages/pan/xapi.py", line 842, in commit
raise PanXapiError(self.status_detail)
I got things a little mixed up between pip install pandevice and installing the newest version of pan-python. What's the best way to upgrade or simply delete the older version and install the latest?
c:\Users\stumuluri>panxapi.py --version
pan-python 0.15.0
c:\Users\stumuluri\AppData\Local\Programs\Python\Python37-32\Lib\site-packages\pan>panxapi.py -t '' -h 10.46.165.136 -l backup -k
C:\Users\stumuluri\AppData\Local\Programs\Python\Python37-32\Scripts\..\lib\getpass.py:100: GetPassWarning: Can not control echo on the terminal.
return fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Password: cseteam
pan.xapi.PanXapi: tag must match regexp "^[\w-]+$"
c:\Users\stumuluri\AppData\Local\Programs\Python\Python37-32\Lib\site-packages\pan>panxapi.py -t '' -h 10.46.165.136 -l backup:cseteam -k
pan.xapi.PanXapi: tag must match regexp "^[\w-]+$"
Can't for the life of me figure out how to pass a filter to a log query. Hoping to avoid picking apart the source to figure it out...
Scripting the use of panxapi.py
by users and services alike it would be great if the .panrc
file could be read from a specified location.
I'm currently having to read the content of .panrc
and parse it using [-K], but this will reveal the API key in the process tree and potentially logging.
Please could an option be added to supply an alternative path to this file?
(python3-venv) [ac043s@sdnautosr12 ~]$ panxapi.py -h ptr120-vfw -l admin -k
Password:
keygen: "URLError: reason: Tunnel connection failed: 503 Service Unavailable"
(python3-venv) [ac043s@sdnautosr12 ~]$
(python3-venv) [ac043s@sdnautosr12 ~]$ ssh -l admin ptr120-vfw
Password:
Last login: Mon Jul 25 16:19:33 2022 from fd:192:168:53::246
Number of failed attempts since last successful login: 0
admin@ptr120-vfw>
Wildfire Cloud API calls for verdict changes since <Date> seems to be pulling ALL verdict changes, not just those tied to my API Key. This may be more of an issue with the API Service than the example code.
If a LLDP neighbor has in its description (and probably other places) the symbol "<" (most likely others symbols as well), PanXapi will return the error:
pan.xapi.PanXapiError: ElementTree.fromstring ParseError: not well-formed (invalid token): line 72, column 26
Here is for example the line 72 of the returned XML:
<port-description>border2<=>fw2:eth1-14</port-description>
Using Python 3.7.3 and Ubuntu 18.04, everything seems to work as described in the docs.
Using Python 3.7.3 and Windows 7, not so much:
~> panxapi.py --help
pan.xapi.PanXapi: hostname argument required
~> panxapi.py -h 10.X.X.X -l apitest:p@ssw0rd -k
pan.xapi.PanXapi: hostname argument required
Am I doing something wrong?
Hi Kevin
I have a problem with how to delete a service defined in a Rule:
With the following command I am able to create the service previously defined in an existing rule:
#panxapi.py -h 10.0.0.1 -l admin:admin -j -S '<service><member>tcp_10007</member></service>' "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='"VIRTUAL"']/pre-rulebase/security/rules/entry[@name='rule-test']"
set: success [code="20"]: "command succeeded"
{
"response": {
"code": "20",
"msg": "command succeeded",
"status": "success"
}
}
But when I want to erase, I get the following error:
#panxapi.py -h 10.0.0.1 -l admin:admin -j -d '<service><member>tcp_10007</member></service>' "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='"VIRTUAL"']/pre-rulebase/security/rules/entry[@name='rule-test']"
Extra options after xpath: ["/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='VIRTUAL']/pre-rulebase/security/rules/entry[@name='rule-test']"]
delete: unauth [code="16"]: "Unauthorized request"
{
"response": {
"code": "16",
"msg": {
"line": "Unauthorized request"
},
"status": "unauth"
}
}
Am I using the commands correctly? , Or should use another methodology to delete the services.
Greetings and thanks
Hi Kevin
I have problems using the rename function. On the "Cli debug all" i can do the chance with this log
#rename shared service RULE to RULE-TEST
<request cmd="rename" obj="/config/shared/service/entry[@name='RULE']" newname="RULE-TEST" cookie="4371695717039205"></request>
<response status="success" code="20"><msg>command succeeded</msg></response>
But the command build does not work for me. How i can pass this new new ? Could you illustrate me with an example?
#panxapi.py -h 10.0.0.1 -l admin:admin -j --rename "/config/shared/service/entry[@name='RULE-TEST']" "/config/shared/service/entry[@name='RULE']"
Extra options after xpath: ["/config/shared/service/entry[@name='RULE']"]
rename: error [code="8"]: "Can rename only one obj at a time"
{
"response": {
"code": "8",
"msg": {
"line": "Can rename only one obj at a time"
},
"status": "error"
}
}
As always thanks for your work¡¡¡¡
Hello,
An error is encountered when an dynamic objects update is done via PANORAMA to a specific TARGET, but it works when it's done directly to a PAN FW.
Error via PANORAMA :f. pan-python_dag_update-via_panorama
pan-python_dag_update-via_panorama.log
Success directly : cf. pan-python_dag_update-direct_to_pan_fw
pan-python_dag_update-direct_to_pan_fw.log
Regards,
Alexis
Hi,
When testing the the following towards 9.x, it does not return any content.
xapi.op(cmd='show system resources', cmd_xml=True)
I suspect that the reason for this is that the output of the top command has changed from: 8.x
----snip----
top - 10:29:54 up 1:14, 2 users, load average: 0.56, 0.78, 1.00
Tasks: 132 total, 2 running, 130 sleeping, 0 stopped, 0 zombie
Cpu(s): 11.6%us, 6.0%sy, 0.4%ni, 81.8%id, 0.1%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 4561772k total, 4150224k used, 411548k free, 46492k buffers
Swap: 0k total, 0k used, 0k free, 2245248k cached
----snip----
to the following in 9.x
----snip----
top - 17:27:58 up 3 days, 9:24, 1 user, load average: 2.18, 2.15, 2.20
Tasks: 135 total, 3 running, 132 sleeping, 0 stopped, 0 zombie
%Cpu(s): 52.5 us, 1.2 sy, 0.7 ni, 45.6 id, 0.1 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4119652 total, 272224 free, 1901384 used, 1946044 buff/cache
KiB Swap: 1972 total, 1972 free, 0 used. 1740796 avail Mem
----snip----
/Kim
"panconf.py --config /path/to/file.xml --set > output.set " does not convert templates to a configuration that uses the set syntax.
i use xapi.edit, but it just override.
how can i Edit Address Group? not Override
$ pip install pan
Collecting pan
Using cached pan-0.1.1.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 1, in
File "/private/var/folders/47/ysvfpggx7fj4wjd3ncvstjdwhzv7dt/T/pip-build-vY9ibG/pan/setup.py", line 1, in
import distribute_setup
ImportError: No module named distribute_setup
Is there any reason for this library would not be compatible with latest update in SW version 8? When I try to generate a .panrc file an error shows up:
keygen: "URLError: reason: EOF occurred in violation of protocol (_ssl.c:645)"
Is there a REST equivalent to:
panxapi.py -t pan-python -h xx.xx.xx.xx -l xxxx -k
When using the log method on the pan.xapi.PanXapi
xapi = pan.xapi.PanXapi (tag = 'FIREWALL')
query = "src in 10.189.169.121 and vsys eq vsys1"
a = xapi.log (log_type = 'traffic' , nlogs = 1, filter = query)
full response xapi.xml_root() as below.
'<response status="success"><result>\n <job>\n <tenq>12:21:26</tenq>\n <tdeq>12:21:26</tdeq>\n <tlast>12:21:26</tlast>\n <status>FIN</status>\n <id>33185</id>\n </job>\n <log>\n <logs count="1" progress="100">\n <entry logid="6785292413440213847">\n <domain>1</domain>\n <receive_time>2020/01/24 12:20:39</receive_time>\n <serial>0011C103892</serial>\n <seqno>127157259159</seqno>\n <actionflags>0x0</actionflags>\n <type>TRAFFIC</type>\n <subtype>end</subtype>\n <config_ver>0</config_ver>\n <time_generated>2020/01/24 12:20:39</time_generated>\n <src>10.189.169.121</src>\n <dst>10.101.136.7</dst>\n <rule>Allow_Usr_SplkUFs</rule>\n <srcuser>au\\heyre</srcuser>\n <srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>\n <dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>\n <app>ssl</app>\n <vsys>vsys1</vsys>\n <from>rdc-ext</from>\n <to>rdc-appsrv</to>\n <inbound_if>ae1</inbound_if>\n <outbound_if>ae3</outbound_if>\n <time_received>2020/01/24 12:20:39</time_received>\n <sessionid>34084684</sessionid>\n <repeatcnt>1</repeatcnt>\n <sport>56822</sport>\n <dport>9998</dport>\n <natsport>0</natsport>\n <natdport>0</natdport>\n <flags>0x104053</flags>\n <flag-pcap>no</flag-pcap>\n <flag-flagged>no</flag-flagged>\n <flag-proxy>no</flag-proxy>\n <flag-url-denied>no</flag-url-denied>\n <flag-nat>no</flag-nat>\n <captive-portal>no</captive-portal>\n <non-std-dport>yes</non-std-dport>\n <transaction>no</transaction>\n <pbf-c2s>no</pbf-c2s>\n <pbf-s2c>no</pbf-s2c>\n <temporary-match>no</temporary-match>\n <sym-return>no</sym-return>\n <decrypt-mirror>no</decrypt-mirror>\n <credential-detected>no</credential-detected>\n <flag-mptcp-set>no</flag-mptcp-set>\n <flag-tunnel-inspected>no</flag-tunnel-inspected>\n <flag-recon-excluded>no</flag-recon-excluded>\n <proto>tcp</proto>\n <action>allow</action>\n <tunnel>N/A</tunnel>\n <tpadding>0</tpadding>\n <cpadding>0</cpadding>\n <dg_hier_level_1>0</dg_hier_level_1>\n <dg_hier_level_2>0</dg_hier_level_2>\n <dg_hier_level_3>0</dg_hier_level_3>\n <dg_hier_level_4>0</dg_hier_level_4>\n <vsys_name>RDC Exchange</vsys_name>\n <device_name>FIREWALL</device_name>\n <vsys_id>1</vsys_id>\n <tunnelid_imsi>0</tunnelid_imsi>\n <parent_session_id>0</parent_session_id>\n <bytes>48613</bytes>\n <bytes_sent>29335</bytes_sent>\n <bytes_received>19278</bytes_received>\n <packets>177</packets>\n <start>2020/01/24 12:19:18</start>\n <elapsed>78</elapsed>\n <category>any</category>\n <padding>0</padding>\n <pkts_sent>86</pkts_sent>\n <pkts_received>91</pkts_received>\n <session_end_reason>tcp-rst-from-client</session_end_reason>\n <action_source>from-policy</action_source>\n <tunnelid>0</tunnelid>\n <imsi />\n <monitortag />\n <imei />\n </entry>\n </logs>\n </log>\n <meta>\n <devices>\n <entry name="localhost.localdomain">\n <hostname>localhost.localdomain</hostname>\n <vsys>\n <entry name="vsys1">\n <display-name>RDC Exchange</display-name>\n </entry>\n <entry name="vsys2">\n <display-name>TAP Zone</display-name>\n </entry>\n <entry name="vsys3">\n <display-name>Perimeter</display-name>\n </entry>\n <entry name="vsys4">\n <display-name>DIGITAL_DELTA</display-name>\n </entry>\n </vsys>\n </entry>\n </devices>\n </meta>\n</result></response>'
In better format
<?xml version="1.0" encoding="UTF-8"?>
<response status="success">
<result>
<job>
<tenq>12:21:26</tenq>
<tdeq>12:21:26</tdeq>
<tlast>12:21:26</tlast>
<status>FIN</status>
<id>33185</id>
</job>
<log>
<logs count="1" progress="100">
<entry logid="6785292413440213847">
<domain>1</domain>
<receive_time>2020/01/24 12:20:39</receive_time>
<serial>0011C103892</serial>
<seqno>127157259159</seqno>
<actionflags>0x0</actionflags>
<type>TRAFFIC</type>
<subtype>end</subtype>
<config_ver>0</config_ver>
<time_generated>2020/01/24 12:20:39</time_generated>
<src>10.189.169.121</src>
<dst>10.101.136.7</dst>
<rule>Allow_Usr_SplkUFs</rule>
<srcuser>au\\heyre</srcuser>
<srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>
<dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>
<app>ssl</app>
<vsys>vsys1</vsys>
<from>rdc-ext</from>
<to>rdc-appsrv</to>
<inbound_if>ae1</inbound_if>
<outbound_if>ae3</outbound_if>
<time_received>2020/01/24 12:20:39</time_received>
<sessionid>34084684</sessionid>
<repeatcnt>1</repeatcnt>
<sport>56822</sport>
<dport>9998</dport>
<natsport>0</natsport>
<natdport>0</natdport>
<flags>0x104053</flags>
<flag-pcap>no</flag-pcap>
<flag-flagged>no</flag-flagged>
<flag-proxy>no</flag-proxy>
<flag-url-denied>no</flag-url-denied>
<flag-nat>no</flag-nat>
<captive-portal>no</captive-portal>
<non-std-dport>yes</non-std-dport>
<transaction>no</transaction>
<pbf-c2s>no</pbf-c2s>
<pbf-s2c>no</pbf-s2c>
<temporary-match>no</temporary-match>
<sym-return>no</sym-return>
<decrypt-mirror>no</decrypt-mirror>
<credential-detected>no</credential-detected>
<flag-mptcp-set>no</flag-mptcp-set>
<flag-tunnel-inspected>no</flag-tunnel-inspected>
<flag-recon-excluded>no</flag-recon-excluded>
<proto>tcp</proto>
<action>allow</action>
<tunnel>N/A</tunnel>
<tpadding>0</tpadding>
<cpadding>0</cpadding>
<dg_hier_level_1>0</dg_hier_level_1>
<dg_hier_level_2>0</dg_hier_level_2>
<dg_hier_level_3>0</dg_hier_level_3>
<dg_hier_level_4>0</dg_hier_level_4>
<vsys_name>Zone1</vsys_name>
<device_name>FIREWALL</device_name>
<vsys_id>1</vsys_id>
<tunnelid_imsi>0</tunnelid_imsi>
<parent_session_id>0</parent_session_id>
<bytes>48613</bytes>
<bytes_sent>29335</bytes_sent>
<bytes_received>19278</bytes_received>
<packets>177</packets>
<start>2020/01/24 12:19:18</start>
<elapsed>78</elapsed>
<category>any</category>
<padding>0</padding>
<pkts_sent>86</pkts_sent>
<pkts_received>91</pkts_received>
<session_end_reason>tcp-rst-from-client</session_end_reason>
<action_source>from-policy</action_source>
<tunnelid>0</tunnelid>
<imsi />
<monitortag />
<imei />
</entry>
</logs>
</log>
<meta>
<devices>
<entry name="localhost.localdomain">
<hostname>localhost.localdomain</hostname>
<vsys>
<entry name="vsys1">
<display-name>vsys1</display-name>
</entry>
<entry name="vsys2">
<display-name>vsys2</display-name>
</entry>
<entry name="vsys3">
<display-name>vsys3</display-name>
</entry>
<entry name="vsys4">
<display-name>vsys4</display-name>
</entry>
</vsys>
</entry>
</devices>
</meta>
</result>
</response>
However, xapi.xml_result () is not in the xml format
\n <job>\n <tenq>12:21:26</tenq>\n <tdeq>12:21:26</tdeq>\n <tlast>12:21:26</tlast>\n <status>FIN</status>\n <id>33185</id>\n </job>\n <log>\n <logs count="1" progress="100">\n <entry logid="6785292413440213847">\n <domain>1</domain>\n <receive_time>2020/01/24 12:20:39</receive_time>\n <serial>0011C103892</serial>\n <seqno>127157259159</seqno>\n <actionflags>0x0</actionflags>\n <type>TRAFFIC</type>\n <subtype>end</subtype>\n <config_ver>0</config_ver>\n <time_generated>2020/01/24 12:20:39</time_generated>\n <src>10.189.169.121</src>\n <dst>10.101.136.7</dst>\n <rule>Allow_Usr_SplkUFs</rule>\n <srcuser>au\\heyre</srcuser>\n <srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>\n <dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>\n <app>ssl</app>\n <vsys>vsys1</vsys>\n <from>Zone1</from>\n <to>rdc-appsrv</to>\n <inbound_if>ae1</inbound_if>\n <outbound_if>ae3</outbound_if>\n <time_received>2020/01/24 12:20:39</time_received>\n <sessionid>34084684</sessionid>\n <repeatcnt>1</repeatcnt>\n <sport>56822</sport>\n <dport>9998</dport>\n <natsport>0</natsport>\n <natdport>0</natdport>\n <flags>0x104053</flags>\n <flag-pcap>no</flag-pcap>\n <flag-flagged>no</flag-flagged>\n <flag-proxy>no</flag-proxy>\n <flag-url-denied>no</flag-url-denied>\n <flag-nat>no</flag-nat>\n <captive-portal>no</captive-portal>\n <non-std-dport>yes</non-std-dport>\n <transaction>no</transaction>\n <pbf-c2s>no</pbf-c2s>\n <pbf-s2c>no</pbf-s2c>\n <temporary-match>no</temporary-match>\n <sym-return>no</sym-return>\n <decrypt-mirror>no</decrypt-mirror>\n <credential-detected>no</credential-detected>\n <flag-mptcp-set>no</flag-mptcp-set>\n <flag-tunnel-inspected>no</flag-tunnel-inspected>\n <flag-recon-excluded>no</flag-recon-excluded>\n <proto>tcp</proto>\n <action>allow</action>\n <tunnel>N/A</tunnel>\n <tpadding>0</tpadding>\n <cpadding>0</cpadding>\n <dg_hier_level_1>0</dg_hier_level_1>\n <dg_hier_level_2>0</dg_hier_level_2>\n <dg_hier_level_3>0</dg_hier_level_3>\n <dg_hier_level_4>0</dg_hier_level_4>\n <vsys_name>Zone1</vsys_name>\n <device_name>FIREWALL</device_name>\n <vsys_id>1</vsys_id>\n <tunnelid_imsi>0</tunnelid_imsi>\n <parent_session_id>0</parent_session_id>\n <bytes>48613</bytes>\n <bytes_sent>29335</bytes_sent>\n <bytes_received>19278</bytes_received>\n <packets>177</packets>\n <start>2020/01/24 12:19:18</start>\n <elapsed>78</elapsed>\n <category>any</category>\n <padding>0</padding>\n <pkts_sent>86</pkts_sent>\n <pkts_received>91</pkts_received>\n <session_end_reason>tcp-rst-from-client</session_end_reason>\n <action_source>from-policy</action_source>\n <tunnelid>0</tunnelid>\n <imsi />\n <monitortag />\n <imei />\n </entry>\n </logs>\n </log>\n <meta>\n <devices>\n <entry name="localhost.localdomain">\n <hostname>localhost.localdomain</hostname>\n <vsys>\n <entry name="vsys1">\n <display-name>vsys1</display-name>\n </entry>\n <entry name="vsys2">\n <display-name>vsys2</display-name>\n </entry>\n <entry name="vsys3">\n <display-name>vsys3</display-name>\n </entry>\n <entry name="vsys4">\n <display-name>vsys4</display-name>\n </entry>\n </vsys>\n </entry>\n </devices>\n </meta>\n
Using pip3.4 as of writing I cannot successfully install pan. Looks like a missing file. Output:
Downloading/unpacking pan
Downloading pan-0.1.1.tar.gz
Running setup.py (path:/tmp/pip_build_root/pan/setup.py) egg_info for package pan
Traceback (most recent call last):
File "", line 17, in
File "/tmp/pip_build_root/pan/setup.py", line 1, in
import distribute_setup
ImportError: No module named 'distribute_setup'
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 17, in
File "/tmp/pip_build_root/pan/setup.py", line 1, in
import distribute_setup
ImportError: No module named 'distribute_setup'
Cleaning up...
Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_root/pan
Storing debug log for failure in /root/.pip/pip.log
I am trying to pip the pan-python in to my server with no success. Trying to get an understand where this is suppose to be install.
Hello,
I am using the following short code just to verify connectivity to PA device:
p = pan.xapi.PanXapi(hostname='1.1.1.1', api_key= key, use_get= True, ssl_context= None)
print(p)
But it is giving me the following error:
_certificateerror: <class 'ssl.CertificateError'>
_legacy_api: False
_log: <bound method Logger.log of <Logger pan.xapi (WARNING)>>
api_key: ******
api_password: None
api_username: None
hostname: 1.1.1.1
port: None
serial: None
ssl_context: None
tag: None
timeout: None
uri: https://1.1.1.1/api/
use_get: True
Please, help.
Please add support for importing config files.
Hi,
Submit links in WildFire API will not take submit URL/String but it'll break URL on characters.
Example for: https://www.test.com/
{'wildfire': {'submit-link-info': [{'url': 'h', 'sha256': 'aaa9402664f1a41f40ebbc52c9993eb66aeb366602958fdfaa283b71e64db123', 'md5': '2510c39011c5be704182423e3a695e91'}, {'url': 't', 'sha256': 'e3b98a4da31a127d4bde6e43033f66ba274cab0eb7eb1c70ec41402bf6273dd8', 'md5': 'e358efa489f58062f10dd7316b65649e'}, {'url': 't', 'sha256': 'e3b98a4da31a127d4bde6e43033f66ba274cab0eb7eb1c70ec41402bf6273dd8', 'md5': 'e358efa489f58062f10dd7316b65649e'}, {'url': 'p', 'sha256': '148de9c5a7a44d19e56cd9ae1a554bf67847afb0c58f6e12fa29ac7ddfca9940', 'md5': '83878c91171338902e0fe0fb97a8c47a'}, {'url': 's', 'sha256': '043a718774c572bd8a25adbeb1bfcd5c0256ae11cecf9f9c3f925d0e52beaf89', 'md5': '03c7c0ace395d80182db07ae2c30f034'}, {'url': ':', 'sha256': 'e7ac0786668e0ff0f02b62bd04f45ff636fd82db63b1104601c975dc005f3a67', 'md5': '853ae90f0351324bd73ea615e6487517'}, {'url': '/', 'sha256': '8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1', 'md5': '6666cd76f96956469e7be39d750cc7d9'}, {'url': '/', 'sha256': '8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1', 'md5': '6666cd76f96956469e7be39d750cc7d9'}, {'url': 'w', 'sha256': '50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326', 'md5': 'f1290186a5d0b1ceab27f4e77c0c5d68'}, {'url': 'w', 'sha256': '50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326', 'md5': 'f1290186a5d0b1ceab27f4e77c0c5d68'}, {'url': 'w', 'sha256': '50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326', 'md5': 'f1290186a5d0b1ceab27f4e77c0c5d68'}, {'url': '.', 'sha256': 'cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8', 'md5': '5058f1af8388633f609cadb75a75dc9d'}, {'url': 't', 'sha256': 'e3b98a4da31a127d4bde6e43033f66ba274cab0eb7eb1c70ec41402bf6273dd8', 'md5': 'e358efa489f58062f10dd7316b65649e'}, {'url': 'e', 'sha256': '3f79bb7b435b05321651daefd374cdc681dc06faa65e374e38337b88ca046dea', 'md5': 'e1671797c52e15f763380b45e841ec32'}, {'url': 's', 'sha256': '043a718774c572bd8a25adbeb1bfcd5c0256ae11cecf9f9c3f925d0e52beaf89', 'md5': '03c7c0ace395d80182db07ae2c30f034'}, {'url': 't', 'sha256': 'e3b98a4da31a127d4bde6e43033f66ba274cab0eb7eb1c70ec41402bf6273dd8', 'md5': 'e358efa489f58062f10dd7316b65649e'}, {'url': '.', 'sha256': 'cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8', 'md5': '5058f1af8388633f609cadb75a75dc9d'}, {'url': 'c', 'sha256': '2e7d2c03a9507ae265ecf5b5356885a53393a2029d241394997265a1a25aefc6', 'md5': '4a8a08f09d37b73795649038408b5f33'}, {'url': 'o', 'sha256': '65c74c15a686187bb6bbf9958f494fc6b80068034a659a9ad44991b08c58f2d2', 'md5': 'd95679752134a2d9eb61dbd7b91c4bcc'}, {'url': 'm', 'sha256': '62c66a7a5dd70c3146618063c344e531e6d4b59e379808443ce962b3abd63c5a', 'md5': '6f8f57715090da2632453988d9a1501b'}, {'url': '/', 'sha256': '8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1', 'md5': '6666cd76f96956469e7be39d750cc7d9'}]}}
@kevinsteves I'm trying to retrieve the nat rules for a specific ip on a device group from panaroma api but kind of confused on what call need to be used as part of the library.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.