Next-Generation Firewall
Get Reports (API)
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Get Reports (API)
The XML API provides a way to quickly pull the results of any report defined in the
system using thetype=report parameter.
You can access three kinds of reports:
- Dynamic Reports (ACC reports)—reporttype=dynamic
- Predefined Reports—reporttype=predefined
- Custom Reports—reporttype=custom
To retrieve a specific report by name, use thereportname
parameter:
curl -X POST 'https://firewall/api?type=report&reporttype=dynamic|predefined|custom&reportname=<name>"
When you request a report, the API responds asynchronously with a job ID, which you
can use to retrieve the reports. Learn more about Asynchronous and
Synchronous Requests to the PAN-OS XML API.
Dynamic Reports
You can use the API to view a number of dynamic reports, such
astop-applications-summary,top-blocked-url-summary,
andtop-spyware-threats-summary. For dynamic reports,
provide either a specific period using theperiod or a time
frame usingstarttime andendtime
options (use a + instead of a space between the date and timestamp).
Usetopn to determine the number of rows.
|
Dynamic Report Type
|
API Request
|
|---|---|
|
Full dynamic report list.
|
|
|
Last 60 seconds.
|
|
|
Last 15 minutes.
|
|
|
Last hour.
|
|
|
Last 12 hours.
|
|
|
Last calendar day.
|
|
|
Last 7 days
|
|
|
Last 7 calendar days
|
|
|
Last calendar week.
|
|
|
Last 30 days
|
|
Predefined Reports
Predefined reports always return data for the last 24-hour period. You can also get
this list by following the link for predefined reports, such
astop-applications,top-attackers,
andbandwidth-trend on the API browser.
|
Dynamic Report Type
|
API Request
|
|---|---|
|
Full predefined report list.
|
|
|
Top applications.
|
|
|
Top attackers.
|
|
|
Top victims.
|
|
Custom Reports
For custom reports, the selection criteria, such as time frame, group-by, and sort-by
are part of the report definition. The API returns any shared custom reports. Note
that quotes are not required around the report name and any spaces in the report
name must be URL encoded to%20.
For custom reports created in a specific VSYS, you can retrieve them directly by
specifying thevsys parameters.
You can retrieve the report definition from the
configuration:
curl -X POST 'https://firewall/api?type=config&action=get&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/reports/entry[@name='report-abc']"
Create a job to retrieve a dynamic report
usingreporttype=dynamic,reportname=custom-dynamic-report,
andcmd=report-definition
wherereport-definition is the XML definition retrieved in
the previous query:
curl -X POST 'https://firewall/api?type=report&reporttype=dynamic&reportname=custom-dynamic-report&cmd=<type><appstat><aggregate-by><member>category-of-name</member><member>technology-of-name</member></aggregate-by></appstat></type><period>last-24-hrs</period><topn>10</topn><topm>10</topm><query>(name+neq+'')AND(vsys+eq+'vsys1')</query>"
The response includes the job ID you can use to view the results:
<response status="success"> <result> <msg> <line>Report job enqueued with jobid 6</line> </msg> <job>6</job> </result> </response>