Skip to main content

I am trying to match against a Palo Alto configuration looking for rules that are using a specific destination object.  

 

Rules are under this structure:

config
 devices
  {string}
    vsys
     {string}
       rulebase
        security
         rules
          {rule_name: (string)*}
 

and an example of what I am trying to match is:

 

                "Example Rule" e32ff2ab-a82f-43b6-953e-7e113v624779 {
                  destination non-client "External SRC EDL" "Another EDL-wehave"];
 

First line would be the rule name and the second is where I would really want to do the regex match.  The items past “destination” can be a single entry or multiples within s]’s.  If there are spaces in the names then the whole name is confined in “’s.  

 

My goal is to find all rules which have “External SRC EDL” in the destination and I can’t quite figure out how to do it.  Any help would be appreciated.

 

 

 

@Ivan   That is a question that we worked on before.  There are two different answers in this.  The last answer is using regular expressions.

You will pull the data out as a string first.  the run the regex on that string.  You can not currently put an regex inside the block match. 


Reply