Support Center > Search Results > SecureKnowledge Details
How to use the 'cpmiquerybin' command to list objects and their attributes
Solution

Table of Contents:

  • Introduction
  • Usage
  • Examples
  • Related Solutions & Documentation

Introduction

Structure of Database Query Tool on Multi-Domain Security Management Server:

File Description
$MDSDIR/scripts/mdsquerydb Script wrapper for loading pre-defined queries and calling $MDSDIR/bin/cpmiquerybin
$MDSDIR/bin/cpmiquerybin Binary CPMI Client - core of the Database Query Tool
$MDSDIR/conf/queries.conf File containing pre-defined queries

Description of $MDSDIR/bin/cpmiquerybin:

This command-line CPMI client connects to the specified database, executes a free-format query (first-level fields query/list only), and displays results as either a collection of FW-1 Sets, or as a tab-delimited list of requested fields from each retrieved object.

The target database of the query tool depends on the environment settings of the shell being used by the user.

 

Usage

[Expert@HostName]# mdsenv <IP address of Name of Domain Management Server>
[Expert@HostName]# $MDSDIR/bin/cpmiquerybin <Query_Result_Type> <Database_Name> <Table_Name> <Query> [-a <List_of_Attributes>]

Argument Description
Query_Result_Type Requested format of the query result.
Possible values:
  • attr - display values of specified (with "┬ľa" parameter) field of each retrieved object
  • object - display FW-1 sets containing data of each retrieved object
Database_Name Name of the database to connect to, in double-quotes.
Possible values:
  • ""
  • "mdsdb"
Table_Name Name of the table from which to retrieve the data.
Possible values:
  • network_objects
  • pv1_administrators
Query

Query specifying objects range for retrieval.

Syntax:

  • Plain query (specific value in the field):

    field='value'

  • Logical operators:

    • AND:
      field1='value1' & field2='value2'
    • OR:
      field1='value1' | field2='value2'
    • NOT:
      ! field='value'


  • Parenthesis:

    field1='value1' & ( field2='value2' | field2='value3' )

  • Wildcards:

    field='*value-suffix'

Fields:

  • ""
  • name
  • type
Examples:
  • Query all objects whose names start with capital letter "A":
    "name='A*'"
  • Query all objects of the specified types:
    "type='gateway'|type='gateway_cluster'|type='host'"
-a List_of_Attributes If <Query_Result_Type> was specified as 'attr', then <List_of_Attributes> should contain a comma delimited list (without spaces) of object's fields to display.

Note: To see all the attributes, go to the $FWDIR/conf/objects_5_0.C file on the Security Management Server / Domain Management Server and search for ": (Name_of_Object".

Most common attributes:

  • __name__
  • type
  • ipaddr
  • sic_name
  • appliance_type
  • connection_state
  • color
  • hosted_by_mds
  • svn_version_name
  • cpver
  • fwver
  • fgver
  • addr_type_indication
  • allow_send_logs
  • log_server
  • firewall
  • management
  • primary_management
  • DAG
  • SmallOffice
  • VPN_1
  • uf_integrated
  • floodgate
  • log_indexer
  • anti_malware_blade
  • anti_virus_blade
  • antispam_integrated
  • application_firewall_blade
  • data_loss_prevention_blade
  • apply_nat_for_cp_conns
  • is_profile_gw
  • is_bypass_sd_under_load
  • av_integrated
  • compliance_blade
  • real_time_monitor
  • reporting_server
  • performancepack
  • ssl_inspection_enabled
  • enable_usercheck
  • monitor_blade
  • misp_active
  • smartevent_intro
  • log_consolidator
  • clp_enable_gateway
  • use_clientless_vpn
  • policy_server
  • proxy_on_gw_enabled
  • mta_enabled
  • connections_limit
  • backup_gw
  • define_logging_servers
  • use_loggers_and_masters
  • hit_count_appi_enable
  • hit_count_fw1_enable
  • http_next_proxy_defined
  • ip_assignment_offer
  • optimize_drops_support
  • encdomain
  • fw_keep_old_conns
  • save_data_conns
  • save_control_conns

 

Examples

  • Print all objects in the database "":

    [Expert@HostName]# cpmiquerybin object "" network_objects ""
  • Print all objects of all types in the database "" and print their attribute - object's Name:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='*'" -a __name__
  • Print all objects in the database "mdsdb" and print their attributes - whether object is defined on MDS and object's IP address:

    [Expert@HostName]# cpmiquerybin attr "mdsdb" network_objects "" -a hosted_by_mds,ipaddr
  • Print all objects in the database "mdsdb" and print their attributes - object's Name and object's Color:

    [Expert@HostName]# $MDSDIR/bin/cpmiquerybin attr "mdsdb" network_objects "type='host'" -a __name__,color
  • Print all objects in the database "" of type Security Gateway and print their attributes - Name and IP Address:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='gateway'" -a __name__,ipaddr

    Note: This will print Check Point Security Gateways as well as 'plain' gateways defined in the 'Nodes' category.
  • Print all objects in the database "" of type Cluster and print their attributes - Name and IP Address:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='gateway_cluster'" -a __name__,ipaddr
  • Print all objects in the database "" of type Cluster and print their attributes - Name, IP Address and the Cluster Members:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='gateway_cluster'" -a __name__,ipaddr,cluster_members

  • Print specific cluster object in the database "" and print its attributes - Name, IP Address and the Cluster Members:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "name='<Name_of_Cluster_Object>'" -a __name__,ipaddr,cluster_members
  • Print all objects in the database "" of type Cluster Member and print their attributes - Name and IP Address:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='cluster_member'" -a __name__,ipaddr
  • Print all objects in the database "" of type Security Gateway, or Cluster and print their attributes - Name, IP Address, Version, Hardware:

    $MDSDIR/bin/cpmiquerybin attr "" network_objects "type='gateway'|type='gateway_cluster'" -a __name__,ipaddr,svn_version_name,appliance_type
  • Print all objects in the database "" of type Host and print their attributes - Name and IP Address:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='host'" -a __name__,ipaddr

    Note: This will print Check Point hosts such as Domain/CLM as well as normal host objects.
  • Print all objects in the database "" of type Group and print their attribute - object's Name:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='group'" -a __name__
  • Print all objects in the database "" of type Network and print their attributes - Name, IP Address and Netmask:

    [Expert@HostName]# cpmiquerybin attr "" network_objects "type='network'" -a __name__,ipaddr,netmask

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment