Assistance: Help creating config for PAN-OS backup via XML API

[tavern2782]

Hi all,

I apologize for creating such a noob issue. I'm a network engineer and am trying to learn how to use Oxidized. I've successfully got this working for my JunOS devices, but am not understanding the config needed for pull the PAN-OS config via the XML API.

Current config (sanitized, no HTTP):

username: <user>
password: <pass>
model: junos
resolve_dns: false
interval: 3600
use_syslog: false
debug: false
threads: 30
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: false
next_adds_job: false
vars: {}
groups: {}
models: {}
pid: "/dev/null"
crash: false
  #directory: "/root/.config/oxidized/crashes"
  #hostnames: false
stats:
  history_size: 2
input:
  default: ssh
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true
output:
  default: file
  file:
      directory: "/root/.config/oxidized/configs"
source:
  default: csv
  csv:
    file: "/root/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
     name: 0
     model: 1
     ip: 2
    gpg: false
model_map:
  juniper: junos
  palo_alto: panos

I'm also curious if it's possible to specify an input method under a groups config. Something like this:

groups:
    palo:
        input: http
            #http stuff here

Again, I apologize for the noob-ish question. I'm really trying to learn here but am coming up empty on examples from Google.

[ytti]

To understand what panos does, the best place to read is the panos model. The model shows only ssh support:
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/panos.rb

If you'd want to use some HTTP API instead, best place is to check models which use http:
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/cambium.rb
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/grandstream.rb

[tavern2782]

To understand what panos does, the best place to read is the panos model. The model shows only ssh support:
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/panos.rb

If you'd want to use some HTTP API instead, best place is to check models which use http:
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/cambium.rb
https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/grandstream.rb

I appreciate your response, but this isn't really a good answer. Those models are written for those devices. The commands present in the models will not work for PAN.

[ytti]

It is not clear what answer you are looking for. It seems you want to build new model to use XML API in PanOS (Which I assume is over HTTP). Is the answer you want working model using XML API? Or is the answer you're looking for instructions on how to start writing such API?

[will-h]

It looks as if the panos model in https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/panos.rb is only designed to work over SSH to the CLI.

If you want to pull the config using some other method, including XML over HTTP, you'll need to write some code for this.

[tavern2782]

It looks as if the panos model in https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/panos.rb is only designed to work over SSH to the CLI.

If you want to pull the config using some other method, including XML over HTTP, you'll need to write some code for this.

This is what I was afraid of. I was hoping maybe there would be some workaround without necessarily needing a model. I'm just an IT engineer - my coding skills are weak and will likely remain that way for the foreseeable future.

For now, I guess I'll have to ditch Oxi and try something else.

Thank you for your time.

[will-h]

It's much more helpful if you take a bit of time to research the problem more before opening new issues, because it seems this has actually been discussed previously - take a look at #440 and the linked issues there. In particular it seems like the PR at #1110 has a fix. You could give that a try. :)

[tavern2782]

Looked at those in the past three days :) Was hoping something new had happened or maybe someone could point out a misunderstanding I had.

…

On Sat, May 16, 2020 at 4:56 AM Will Hargrave ***@***.***> wrote: It's much more helpful if you take a bit of time to research the problem more before opening new issues, because it seems this has actually been discussed previously - take a look at #440 <#440> and the linked issues there. In particular it seems like the PR at #1110 <#1110> has a fix. You could give that a try. :) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2098 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACYZPGLQMF2BWD5WJFNNDN3RRZ5PPANCNFSM4NCRJ5BQ> .

[mortzu]

Duplicate of #440
And there is a PR #2360