xml_result with traffic log method return wrong format
vantruongsinh opened this issue · 2 comments
When using the log method on the pan.xapi.PanXapi
xapi = pan.xapi.PanXapi (tag = 'FIREWALL')
query = "src in 10.189.169.121 and vsys eq vsys1"
a = xapi.log (log_type = 'traffic' , nlogs = 1, filter = query)
full response xapi.xml_root() as below.
'<response status="success"><result>\n <job>\n <tenq>12:21:26</tenq>\n <tdeq>12:21:26</tdeq>\n <tlast>12:21:26</tlast>\n <status>FIN</status>\n <id>33185</id>\n </job>\n <log>\n <logs count="1" progress="100">\n <entry logid="6785292413440213847">\n <domain>1</domain>\n <receive_time>2020/01/24 12:20:39</receive_time>\n <serial>0011C103892</serial>\n <seqno>127157259159</seqno>\n <actionflags>0x0</actionflags>\n <type>TRAFFIC</type>\n <subtype>end</subtype>\n <config_ver>0</config_ver>\n <time_generated>2020/01/24 12:20:39</time_generated>\n <src>10.189.169.121</src>\n <dst>10.101.136.7</dst>\n <rule>Allow_Usr_SplkUFs</rule>\n <srcuser>au\\heyre</srcuser>\n <srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>\n <dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>\n <app>ssl</app>\n <vsys>vsys1</vsys>\n <from>rdc-ext</from>\n <to>rdc-appsrv</to>\n <inbound_if>ae1</inbound_if>\n <outbound_if>ae3</outbound_if>\n <time_received>2020/01/24 12:20:39</time_received>\n <sessionid>34084684</sessionid>\n <repeatcnt>1</repeatcnt>\n <sport>56822</sport>\n <dport>9998</dport>\n <natsport>0</natsport>\n <natdport>0</natdport>\n <flags>0x104053</flags>\n <flag-pcap>no</flag-pcap>\n <flag-flagged>no</flag-flagged>\n <flag-proxy>no</flag-proxy>\n <flag-url-denied>no</flag-url-denied>\n <flag-nat>no</flag-nat>\n <captive-portal>no</captive-portal>\n <non-std-dport>yes</non-std-dport>\n <transaction>no</transaction>\n <pbf-c2s>no</pbf-c2s>\n <pbf-s2c>no</pbf-s2c>\n <temporary-match>no</temporary-match>\n <sym-return>no</sym-return>\n <decrypt-mirror>no</decrypt-mirror>\n <credential-detected>no</credential-detected>\n <flag-mptcp-set>no</flag-mptcp-set>\n <flag-tunnel-inspected>no</flag-tunnel-inspected>\n <flag-recon-excluded>no</flag-recon-excluded>\n <proto>tcp</proto>\n <action>allow</action>\n <tunnel>N/A</tunnel>\n <tpadding>0</tpadding>\n <cpadding>0</cpadding>\n <dg_hier_level_1>0</dg_hier_level_1>\n <dg_hier_level_2>0</dg_hier_level_2>\n <dg_hier_level_3>0</dg_hier_level_3>\n <dg_hier_level_4>0</dg_hier_level_4>\n <vsys_name>RDC Exchange</vsys_name>\n <device_name>FIREWALL</device_name>\n <vsys_id>1</vsys_id>\n <tunnelid_imsi>0</tunnelid_imsi>\n <parent_session_id>0</parent_session_id>\n <bytes>48613</bytes>\n <bytes_sent>29335</bytes_sent>\n <bytes_received>19278</bytes_received>\n <packets>177</packets>\n <start>2020/01/24 12:19:18</start>\n <elapsed>78</elapsed>\n <category>any</category>\n <padding>0</padding>\n <pkts_sent>86</pkts_sent>\n <pkts_received>91</pkts_received>\n <session_end_reason>tcp-rst-from-client</session_end_reason>\n <action_source>from-policy</action_source>\n <tunnelid>0</tunnelid>\n <imsi />\n <monitortag />\n <imei />\n </entry>\n </logs>\n </log>\n <meta>\n <devices>\n <entry name="localhost.localdomain">\n <hostname>localhost.localdomain</hostname>\n <vsys>\n <entry name="vsys1">\n <display-name>RDC Exchange</display-name>\n </entry>\n <entry name="vsys2">\n <display-name>TAP Zone</display-name>\n </entry>\n <entry name="vsys3">\n <display-name>Perimeter</display-name>\n </entry>\n <entry name="vsys4">\n <display-name>DIGITAL_DELTA</display-name>\n </entry>\n </vsys>\n </entry>\n </devices>\n </meta>\n</result></response>'
In better format
<?xml version="1.0" encoding="UTF-8"?>
<response status="success">
<result>
<job>
<tenq>12:21:26</tenq>
<tdeq>12:21:26</tdeq>
<tlast>12:21:26</tlast>
<status>FIN</status>
<id>33185</id>
</job>
<log>
<logs count="1" progress="100">
<entry logid="6785292413440213847">
<domain>1</domain>
<receive_time>2020/01/24 12:20:39</receive_time>
<serial>0011C103892</serial>
<seqno>127157259159</seqno>
<actionflags>0x0</actionflags>
<type>TRAFFIC</type>
<subtype>end</subtype>
<config_ver>0</config_ver>
<time_generated>2020/01/24 12:20:39</time_generated>
<src>10.189.169.121</src>
<dst>10.101.136.7</dst>
<rule>Allow_Usr_SplkUFs</rule>
<srcuser>au\\heyre</srcuser>
<srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>
<dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>
<app>ssl</app>
<vsys>vsys1</vsys>
<from>rdc-ext</from>
<to>rdc-appsrv</to>
<inbound_if>ae1</inbound_if>
<outbound_if>ae3</outbound_if>
<time_received>2020/01/24 12:20:39</time_received>
<sessionid>34084684</sessionid>
<repeatcnt>1</repeatcnt>
<sport>56822</sport>
<dport>9998</dport>
<natsport>0</natsport>
<natdport>0</natdport>
<flags>0x104053</flags>
<flag-pcap>no</flag-pcap>
<flag-flagged>no</flag-flagged>
<flag-proxy>no</flag-proxy>
<flag-url-denied>no</flag-url-denied>
<flag-nat>no</flag-nat>
<captive-portal>no</captive-portal>
<non-std-dport>yes</non-std-dport>
<transaction>no</transaction>
<pbf-c2s>no</pbf-c2s>
<pbf-s2c>no</pbf-s2c>
<temporary-match>no</temporary-match>
<sym-return>no</sym-return>
<decrypt-mirror>no</decrypt-mirror>
<credential-detected>no</credential-detected>
<flag-mptcp-set>no</flag-mptcp-set>
<flag-tunnel-inspected>no</flag-tunnel-inspected>
<flag-recon-excluded>no</flag-recon-excluded>
<proto>tcp</proto>
<action>allow</action>
<tunnel>N/A</tunnel>
<tpadding>0</tpadding>
<cpadding>0</cpadding>
<dg_hier_level_1>0</dg_hier_level_1>
<dg_hier_level_2>0</dg_hier_level_2>
<dg_hier_level_3>0</dg_hier_level_3>
<dg_hier_level_4>0</dg_hier_level_4>
<vsys_name>Zone1</vsys_name>
<device_name>FIREWALL</device_name>
<vsys_id>1</vsys_id>
<tunnelid_imsi>0</tunnelid_imsi>
<parent_session_id>0</parent_session_id>
<bytes>48613</bytes>
<bytes_sent>29335</bytes_sent>
<bytes_received>19278</bytes_received>
<packets>177</packets>
<start>2020/01/24 12:19:18</start>
<elapsed>78</elapsed>
<category>any</category>
<padding>0</padding>
<pkts_sent>86</pkts_sent>
<pkts_received>91</pkts_received>
<session_end_reason>tcp-rst-from-client</session_end_reason>
<action_source>from-policy</action_source>
<tunnelid>0</tunnelid>
<imsi />
<monitortag />
<imei />
</entry>
</logs>
</log>
<meta>
<devices>
<entry name="localhost.localdomain">
<hostname>localhost.localdomain</hostname>
<vsys>
<entry name="vsys1">
<display-name>vsys1</display-name>
</entry>
<entry name="vsys2">
<display-name>vsys2</display-name>
</entry>
<entry name="vsys3">
<display-name>vsys3</display-name>
</entry>
<entry name="vsys4">
<display-name>vsys4</display-name>
</entry>
</vsys>
</entry>
</devices>
</meta>
</result>
</response>
However, xapi.xml_result () is not in the xml format
\n <job>\n <tenq>12:21:26</tenq>\n <tdeq>12:21:26</tdeq>\n <tlast>12:21:26</tlast>\n <status>FIN</status>\n <id>33185</id>\n </job>\n <log>\n <logs count="1" progress="100">\n <entry logid="6785292413440213847">\n <domain>1</domain>\n <receive_time>2020/01/24 12:20:39</receive_time>\n <serial>0011C103892</serial>\n <seqno>127157259159</seqno>\n <actionflags>0x0</actionflags>\n <type>TRAFFIC</type>\n <subtype>end</subtype>\n <config_ver>0</config_ver>\n <time_generated>2020/01/24 12:20:39</time_generated>\n <src>10.189.169.121</src>\n <dst>10.101.136.7</dst>\n <rule>Allow_Usr_SplkUFs</rule>\n <srcuser>au\\heyre</srcuser>\n <srcloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</srcloc>\n <dstloc cc="10.0.0.0-10.255.255.255" code="10.0.0.0-10.255.255.255">10.0.0.0-10.255.255.255</dstloc>\n <app>ssl</app>\n <vsys>vsys1</vsys>\n <from>Zone1</from>\n <to>rdc-appsrv</to>\n <inbound_if>ae1</inbound_if>\n <outbound_if>ae3</outbound_if>\n <time_received>2020/01/24 12:20:39</time_received>\n <sessionid>34084684</sessionid>\n <repeatcnt>1</repeatcnt>\n <sport>56822</sport>\n <dport>9998</dport>\n <natsport>0</natsport>\n <natdport>0</natdport>\n <flags>0x104053</flags>\n <flag-pcap>no</flag-pcap>\n <flag-flagged>no</flag-flagged>\n <flag-proxy>no</flag-proxy>\n <flag-url-denied>no</flag-url-denied>\n <flag-nat>no</flag-nat>\n <captive-portal>no</captive-portal>\n <non-std-dport>yes</non-std-dport>\n <transaction>no</transaction>\n <pbf-c2s>no</pbf-c2s>\n <pbf-s2c>no</pbf-s2c>\n <temporary-match>no</temporary-match>\n <sym-return>no</sym-return>\n <decrypt-mirror>no</decrypt-mirror>\n <credential-detected>no</credential-detected>\n <flag-mptcp-set>no</flag-mptcp-set>\n <flag-tunnel-inspected>no</flag-tunnel-inspected>\n <flag-recon-excluded>no</flag-recon-excluded>\n <proto>tcp</proto>\n <action>allow</action>\n <tunnel>N/A</tunnel>\n <tpadding>0</tpadding>\n <cpadding>0</cpadding>\n <dg_hier_level_1>0</dg_hier_level_1>\n <dg_hier_level_2>0</dg_hier_level_2>\n <dg_hier_level_3>0</dg_hier_level_3>\n <dg_hier_level_4>0</dg_hier_level_4>\n <vsys_name>Zone1</vsys_name>\n <device_name>FIREWALL</device_name>\n <vsys_id>1</vsys_id>\n <tunnelid_imsi>0</tunnelid_imsi>\n <parent_session_id>0</parent_session_id>\n <bytes>48613</bytes>\n <bytes_sent>29335</bytes_sent>\n <bytes_received>19278</bytes_received>\n <packets>177</packets>\n <start>2020/01/24 12:19:18</start>\n <elapsed>78</elapsed>\n <category>any</category>\n <padding>0</padding>\n <pkts_sent>86</pkts_sent>\n <pkts_received>91</pkts_received>\n <session_end_reason>tcp-rst-from-client</session_end_reason>\n <action_source>from-policy</action_source>\n <tunnelid>0</tunnelid>\n <imsi />\n <monitortag />\n <imei />\n </entry>\n </logs>\n </log>\n <meta>\n <devices>\n <entry name="localhost.localdomain">\n <hostname>localhost.localdomain</hostname>\n <vsys>\n <entry name="vsys1">\n <display-name>vsys1</display-name>\n </entry>\n <entry name="vsys2">\n <display-name>vsys2</display-name>\n </entry>\n <entry name="vsys3">\n <display-name>vsys3</display-name>\n </entry>\n <entry name="vsys4">\n <display-name>vsys4</display-name>\n </entry>\n </vsys>\n </entry>\n </devices>\n </meta>\n
Most PAN-OS API XML responses have an XML document (document node) as
a child of the <result> element node. This response does not. So you
may want to use xml_root() or the element_root attribute to read the
document.
element_root
The element_root data attribute is set to the root element of the
parsed response document XML tree; it is an Element object and is
set using etree.ElementTree.fromstring().
Thanks for your reply @kevinsteves