cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Zach
Level 7
Report Inappropriate Content
Message 1 of 4

Create an advanced scheduled job to export all rulesets to a file

Jump to solution

Hi,

Is there a way to create an advanced scheduled job to export all rulesets to a file?  Similar to using the REST API and doing 

POST "$REST/rulesets/export"

It can also be done through the gui by going to policy > rulesets and highlighting them all and exporting them to a file, however I cannot figure out if I can create an advanced scheduled job through configuration > central management > advanced scheduled jobs.

1 Solution

Accepted Solutions
fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Create an advanced scheduled job to export all rulesets to a file

Jump to solution

Hello @Zach 

I suggest to use a KISS principle.

all policy/ruleset files are on MWG already, so do a local diff using cronjob.

  • How you want to see what's changed? The xml diffs are not really readable experience. You can either highlight differences/changes (vim + html export) or just use audit log to see exactly what was changed.
  • Regarding "daily" - sometimes there are 30 changes a day, sometimes you can have a week without changes - would it better to compare config versions disregarding time? Or you need something like "daily change digest/log"?
# go the the conf folder
cd /opt/mwg/storage/default

# get the latest conf file:
ls -rt 2*/gwrs.xml|tail -1

# get the second to last modified conf file:
ls -rt 2*/gwrs.xml|tail -2 | head -1

# or you can find the yesterday's last modified conf file:
ls -rt $(find -name gwrs.xml -mtime +1 -mtime -2) | tail -1

# compare conf files:
diff $(ls -rt 2*/gwrs.xml|tail -2 | head -1) $(ls -rt 2*/gwrs.xml|tail -1)

# then you can store or send the results via email

 

Other alternatives? Use git. Send audit.log (or better all logs) to your SIEM. Don't forget to monitor /opt/mwg/plugin/data/Auth/ and your kerberos keytab because auth data stored outside of config. What about lists? What about external lists? The list of things can go on ...

View solution in original post

3 Replies
swilkens1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Create an advanced scheduled job to export all rulesets to a file

Jump to solution

Hi @Zach ,

Can you describe the use case? If you are wanting to preserve the policy for backup/restore purposes, I suggest you use the Central Management settings to do automatic backups, rather than try and only grab the rule sets. The backup file can then be used to restore only the policy, or just for viewing with the Policy Viewer if you would like.

If you must only export the rule sets, the only way to do that would be through the REST API, which could be automated via cron. There's no way to do that as a scheduled job in the GUI.

Zach
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Create an advanced scheduled job to export all rulesets to a file

Jump to solution

We'd like to get a copy each day to see what functional changes were made to our rulesets.  We had tried using the REST API but were experiencing some issues when trying to connect to proxy devices that were physically far away.  We would sometimes get the full XML file returned, and other times only a partial XML, leaving many tags unclosed.

fw_mon
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 4

Re: Create an advanced scheduled job to export all rulesets to a file

Jump to solution

Hello @Zach 

I suggest to use a KISS principle.

all policy/ruleset files are on MWG already, so do a local diff using cronjob.

  • How you want to see what's changed? The xml diffs are not really readable experience. You can either highlight differences/changes (vim + html export) or just use audit log to see exactly what was changed.
  • Regarding "daily" - sometimes there are 30 changes a day, sometimes you can have a week without changes - would it better to compare config versions disregarding time? Or you need something like "daily change digest/log"?
# go the the conf folder
cd /opt/mwg/storage/default

# get the latest conf file:
ls -rt 2*/gwrs.xml|tail -1

# get the second to last modified conf file:
ls -rt 2*/gwrs.xml|tail -2 | head -1

# or you can find the yesterday's last modified conf file:
ls -rt $(find -name gwrs.xml -mtime +1 -mtime -2) | tail -1

# compare conf files:
diff $(ls -rt 2*/gwrs.xml|tail -2 | head -1) $(ls -rt 2*/gwrs.xml|tail -1)

# then you can store or send the results via email

 

Other alternatives? Use git. Send audit.log (or better all logs) to your SIEM. Don't forget to monitor /opt/mwg/plugin/data/Auth/ and your kerberos keytab because auth data stored outside of config. What about lists? What about external lists? The list of things can go on ...

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community