CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: dbedit to import a large number of non-contingeous IP hosts

  1. #1
    Join Date
    2013-05-06
    Posts
    24
    Rep Power
    0

    Default dbedit to import a large number of non-contingeous IP hosts

    Can I make a script that will take a file input and interpret it so I can bulk import noncontigous IPs without having to manually enter them? Something like this:

    INPUT= #Here I want it to take a bulk import from a text file, something like 192.168.1.1;192.178.2.6;xxx.xxx.xxx.xxx; etc, but run the section below once each time.

    create host h$INPUT
    modify network_objects host h$INPUT $INPUT
    modify network_objects host h$INPUT comments "Imported as part of $DATE bulk import"

    And then continue to to loop until it's created all of these. Ideally, I need a version that can do networks too, but I can figure that out once I get the parsing down.

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,652
    Rep Power
    10

    Default Re: dbedit to import a large number of non-contingeous IP hosts

    Quote Originally Posted by jcstefansson View Post
    Can I make a script that will take a file input and interpret it so I can bulk import noncontigous IPs without having to manually enter them? Something like this:

    INPUT= #Here I want it to take a bulk import from a text file, something like 192.168.1.1;192.178.2.6;xxx.xxx.xxx.xxx; etc, but run the section below once each time.

    create host h$INPUT
    modify network_objects host h$INPUT $INPUT
    modify network_objects host h$INPUT comments "Imported as part of $DATE bulk import"

    And then continue to to loop until it's created all of these. Ideally, I need a version that can do networks too, but I can figure that out once I get the parsing down.
    RS stands for record separator. I set it to ;
    everything else is basically 3 print statements that will be called for every line in hosts.txt (which currently only has one).

    $ echo "1.1.1.1;2.2.2.2;3.3.3.3;4.4.4.4" > hosts.txt
    $ DATE=`date`; awk -v RS=";" -v DATE="$DATE" '{print "create host h"$1; print "modify network_objects host h"$1" "$1; print "modify network_objects host h"$1" comments \"imported as part of "DATE" bulk import\""}' hosts.txt
    create host h1.1.1.1
    modify network_objects host h1.1.1.1 1.1.1.1
    modify network_objects host h1.1.1.1 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h2.2.2.2
    modify network_objects host h2.2.2.2 2.2.2.2
    modify network_objects host h2.2.2.2 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h3.3.3.3
    modify network_objects host h3.3.3.3 3.3.3.3
    modify network_objects host h3.3.3.3 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h4.4.4.4
    modify network_objects host h4.4.4.4 4.4.4.4
    modify network_objects host h4.4.4.4 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"

  3. #3
    Join Date
    2006-04-30
    Location
    Europe, Germany
    Posts
    433
    Rep Power
    14

    Default Re: dbedit to import a large number of non-contingeous IP hosts

    Quote Originally Posted by jcstefansson View Post
    Can I make a script that will take a file input and interpret it so I can bulk import noncontigous IPs without having to manually enter them? Something like this:

    INPUT= #Here I want it to take a bulk import from a text file, something like 192.168.1.1;192.178.2.6;xxx.xxx.xxx.xxx; etc, but run the section below once each time.

    create host h$INPUT
    modify network_objects host h$INPUT $INPUT
    modify network_objects host h$INPUT comments "Imported as part of $DATE bulk import"

    And then continue to to loop until it's created all of these. Ideally, I need a version that can do networks too, but I can figure that out once I get the parsing down.
    Yes it is possible, but there exists an almost forgotten tool from Martin Hoz named ofiller/odumper
    Even the tools are no longer maintained (last revision 2.4 dates back to Dec. 2006) and the last supported CP version was R65 it ofiller should be able to create an db_import script from a csv file.

    In the past the tool was also on the cpug resource page which no longer exists, but fireverse has a copy online.

  4. #4
    Join Date
    2013-05-06
    Posts
    24
    Rep Power
    0

    Default Re: dbedit to import a large number of non-contingeous IP hosts

    Quote Originally Posted by jflemingeds View Post
    RS stands for record separator. I set it to ;
    everything else is basically 3 print statements that will be called for every line in hosts.txt (which currently only has one).

    $ echo "1.1.1.1;2.2.2.2;3.3.3.3;4.4.4.4" > hosts.txt
    $ DATE=`date`; awk -v RS=";" -v DATE="$DATE" '{print "create host h"$1; print "modify network_objects host h"$1" "$1; print "modify network_objects host h"$1" comments \"imported as part of "DATE" bulk import\""}' hosts.txt
    create host h1.1.1.1
    modify network_objects host h1.1.1.1 1.1.1.1
    modify network_objects host h1.1.1.1 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h2.2.2.2
    modify network_objects host h2.2.2.2 2.2.2.2
    modify network_objects host h2.2.2.2 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h3.3.3.3
    modify network_objects host h3.3.3.3 3.3.3.3
    modify network_objects host h3.3.3.3 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    create host h4.4.4.4
    modify network_objects host h4.4.4.4 4.4.4.4
    modify network_objects host h4.4.4.4 comments "imported as part of Mon Apr 13 14:25:20 EDT 2015 bulk import"
    What does the function of the { } do in the context of the line? Does it simply enable the phrase in " " (IE, is it like a super command, which contains the code inside the print line)?

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,652
    Rep Power
    10

    Default Re: dbedit to import a large number of non-contingeous IP hosts

    Well this is basically awk. on 2nd thought it may not work correctly for multi line ; separated file.

    You would be better off with a file where each ip is the only thing on the line.

    Then you wouldn't need the -v RS=";".


    everything inside {} is awk code. All i'm doing is calling print 3 times for every record. a record is each thing between the ";" marks in the hosts.txt file.


    See if you can figure out how to modify the awk script so that it takes an input file containing a single IP address on each line and then spits out the output you want.

    BTW I think your dbedit syntax is incorrect as well so you should correct that in the print statements.

    If you fix all that i'll show you how to do the same thing with a file containing

    network netmask

    on each line.

Similar Threads

  1. Replies: 1
    Last Post: 2014-01-08, 21:58
  2. Importing/configuring a very large number of IPS Protections in a new profile
    By v33dubya in forum IPS Blade (Formerly SmartDefense)
    Replies: 1
    Last Post: 2013-03-14, 08:02
  3. Replies: 1
    Last Post: 2009-05-18, 10:48
  4. dbedit behaviour
    By rawon in forum Miscellaneous
    Replies: 1
    Last Post: 2008-08-15, 08:08
  5. How do I create a large number of objects via the command line?
    By Barry J. Stiefel in forum Installing And Upgrading
    Replies: 5
    Last Post: 2007-01-09, 16:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •