Documentation link
https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace
Describe the problem
hit_count.refresh() reliably is resulting in hit_count still being None, with no values being populated
rulebase = panos.policies.Rulebase()
fw = ce.nodes["nat-gw1.iad.internal-domain"].interactor.obj
fw.add(rulebase)
rulebase.refresh()
for rule in rulebase.children:
if isinstance(rule, panos.policies.SecurityRule):
rule.opstate.hit_count.refresh()
hit_count = rule.opstate.hit_count
print(f"Hit count for rule '{rule.name}': {hit_count}")
Output:
Hit count for rule 'APP_FRONT_DEVOPS_UNTRUST_OUT': None
Hit count for rule 'DEVOPS_BASELINE_PING_UNTRUST': None
Hit count for rule 'DEVOPS_BASTION_DNS': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS-EXEMPT': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS-new': None
...
Suggested fix
The documentation at https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace has a number of examples of making changes to opstate via objects, but I believe it may be missing a fundamental step about what needs to be done to refresh/fetch data from the firewall, for a simple use case such as getting security policy hit counters.
Documentation link
https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace
Describe the problem
hit_count.refresh() reliably is resulting in hit_count still being None, with no values being populated
Suggested fix
The documentation at https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace has a number of examples of making changes to opstate via objects, but I believe it may be missing a fundamental step about what needs to be done to refresh/fetch data from the firewall, for a simple use case such as getting security policy hit counters.