paloaltonetworks.panos.panos_export module – export file from PAN-OS devices
Note
This module is part of the paloaltonetworks.panos collection (version 2.21.2).
To install it, use: ansible-galaxy collection install paloaltonetworks.panos.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: paloaltonetworks.panos.panos_export.
New in paloaltonetworks.panos 2.0.0
Synopsis
Export files from PAN-OS device
Requirements
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python
pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice
xmltodict
Parameters
Parameter |
Comments |
|---|---|
Deprecated Use provider to specify PAN-OS connectivity instead. The API key to use instead of generating it using username / password. |
|
When category=application-pcap, this can be a blank string, a packet capture directory name, or a packet capture name. If the value is either blank or a directory name, a list of directories or packet capture files will be returned. If the value is a packet capture file name, the file will be written to filename. |
|
Element type to export. Choices:
|
|
Format for the certificate. Choices: |
|
Whether to include the private key in the export. Choices: |
|
Name of the certificate to export. |
|
Passphrase used to encrypt the certificate and/or private key. |
|
Whether to create directory when exporting. Choices: |
|
Password used to decrypt DLP packet capture. |
|
When category=dlp-pcap, this value can be a blank string, or a packet capture name. If the value is blank, a list of packet capture files will be returned. If the value is a packet capture file name, the file will be written to filename. |
|
Local path to output file (if any). |
|
When category=filter-pcap, this value can be a blank string, or a packet capture name. If the value is blank, a list of packet capture files will be returned. If the value is a packet capture file name, the file will be written to filename. |
|
Deprecated Use provider to specify PAN-OS connectivity instead. The IP address or hostname of the PAN-OS device being configured. |
|
Deprecated Use provider to specify PAN-OS connectivity instead. The password to use for authentication. This is ignored if api_key is specified. |
|
Deprecated Use provider to specify PAN-OS connectivity instead. The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443` |
|
A dict object containing connection details. |
|
The API key to use instead of generating it using username / password. |
|
The IP address or hostname of the PAN-OS device being configured. |
|
The password to use for authentication. This is ignored if api_key is specified. |
|
The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443` |
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored. |
|
The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"` |
|
When category=threat-pcap, this value is a unique identifier for the packet capture, and can be obtained from the ‘pcap_id’ field in the THREAT log. |
|
When category=threat-pcap, this value is is used to narrow the search for the ‘pcap_id’ and is used to set a time window in the range -5 minutes to +2 hours of the time specified. The search time is typically set to the **receive_time** field in the THREAT log. The PAN-OS log time string format is used, for example ‘2015/01/20 10:51:09’. If the value is not specified, it will be set to the threat epoch time which is part of the ‘pcap_id’. |
|
When category=threat-pcap, this value is required when exporting from Panorama and is used to specify the device to fetch the packet capture from. |
|
When category is set to ‘tech-support’, ‘stats-dump’, or ‘device-state’, the operating can take a while to complete. This is the maximum amount of time to wait, in seconds. Default: :ansible-option-default:`600` |
|
Deprecated Use provider to specify PAN-OS connectivity instead. The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"` |
Notes
Note
Checkmode is NOT supported.
Panorama is supported.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
Examples
- name: Export configuration
paloaltonetworks.panos.panos_export:
provider: '{{ provider }}'
category: 'configuration'
filename: 'running-config.xml'
- name: Export application block page
paloaltonetworks.panos.panos_export:
provider: '{{ provider }}'
category: 'application-block-page'
filename: 'application-block-page.html'
- name: Export tech support (module will wait until file is ready)
paloaltonetworks.panos.panos_export:
provider: '{{ provider }}'
category: 'tech-support'
filename: 'tech-support.tgz'
- name: Export threat packet capture
paloaltonetworks.panos.panos_export:
provider: '{{ provider }}'
category: 'threat-pcap'
threat_pcap_id: '1206450340254187521'
threat_pcap_search_time: '2020/07/20 18:20:19'
filename: 'threat.pcap'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
If the output gives a directory listing, give the listing as JSON formatted string Returned: success |
|
If the output gives a directory listing, give the listing as XML formatted string Returned: success |