dbedit -help

dbedit [-globallock] [{-local | -s <Management_Server>}] [{-u <User> | -c <Certificate>}] [-p <Password>] [-f <File_Name> [ignore_script_failure] [-continue_updating]] [-r "<Open_Reason_Text>"] [-d <Database_Name>] [-listen] [-readonly] [-session]

-help

Prints the general help.

-globallock

When you work with the dbedit utility, it partially locks the management database. If a user configures objects in SmartConsole at the same time, it causes problems in the management database.

This option does not let SmartConsole, or a dbedit user to make changes in the management database.

When you specify this option, the dbedit commands run on a copy of the management database. After you make the desired changes with the dbedit commands and run the savedb command, the dbedit utility saves and commits your changes to the actual management database.

-local

Connects to the localhost (127.0.0.1) without using username/password.

If you do not specify this parameter, the dbedit utility asks how to connect.

-s <Management_Server>

Specifies the Security Management Server - by IP address or HostName.

If you do not specify this parameter, the dbedit utility asks how to connect.

-u <User>

Specifies the username, with which the dbedit utility connects to the Security Management Server.

Mandatory parameter when you specify the -s <Management_Server> parameter.

-c <Certificate>

Specifies the user's certificate file, with which the dbedit utility connects to the Security Management Server.

Mandatory parameter when you specify the -s <Management_Server> parameter.

-p <Password>

Specifies the user's password, with which the dbedit utility connects to the Security Management Server.

Mandatory parameter when you specify the -s <Management_Server> and -u <User> parameters.

-f <File_Name>

Specifies the file that contains the applicable dbedit internal commands (see the section "dbedit Internal Commands" below):

• create <object_type> <object_name>
• modify <table_name> <object_name> <field_name> <value>
• update <table_name> <object_name>
• delete <table_name> <object_name>
• print <table_name> <object_name>
• quit

Note - Each command is limited to 4096 characters

ignore_script_failure

Continues to execute the dbedit internal commands in the file and ignores errors.

You can use it when you specify the -f <File_Name> parameter.

-continue_updating

Continues to update the modified objects, even if the operation fails for some of the objects (ignores the errors and runs the update_all command at the end of the script).

You can use it when you specify the -f <File_Name> parameter.

-r "<Open_Reason_Text>"

Specifies the reason for opening the database in read-write mode (default mode).

-d <Database_Name>

Specifies the name of the database, to which the dbedit utility should connect (for example, mdsdb).

-listen

The dbedit utility "listens" for changes (use this mode for advanced troubleshooting with the assistance of Check Point Support).

The dbedit utility prints its internal messages when a change occurs in the management database.

-readonly

Specifies to open the management database in read-only mode.

-session

Session Connectivity.

-h

Description:

Prints the general help.

Syntax:

dbedit> -h

-q

quit

Description:

Quits from dbedit.

Syntax:

dbedit> -q

dbedit> quit [-update_all | -noupdate]

Examples:

• Exit the utility and commit the remaining modified objects (interactive mode):

  dbedit> quit

• Exit the utility and update all the remaining modified objects:

  dbedit> quit -update_all

• Exit the utility and discard all modifications:

  dbedit> quit -no_update

update

Description:

Saves the specified object in the specified table (for example, "network_objects", "services", "users").

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> update <table_name> <object_name>

Example:

Save the object My_Service in the table services:

dbedit> update services My_Service

update_all

Description:

Saves all the modified objects.

Syntax:

dbedit> update_all

_print_set

Description:

Prints the specified object from the specified table (for example, "network_objects", "services", "users") as it appears in the $FWDIR/conf/objects_5_0.C file (sets of attributes).

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> _print_set <table_name> <object_name>

Example:

Print the object My_Obj from the table network_objects:

dbedit> print network_objects My_Obj

print

Description:

Prints the list of attributes of the specified object from the specified table (for example, "network_objects", "properties", "services", "users").

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> print <table_name> <object_name>

Examples:

• Print the object My_Obj from the table network_objects (in "Network Objects"):

  dbedit> print network_objects my_obj

• Print the object firewall_properties from the table properties (in "Global Properties"):

  dbedit> print properties firewall_properties

printxml

Description:

Prints in XML format the list of attributes of the specified object from the specified table (for example, "network_objects", "properties", "services", "users").

You can export the settings from a Management Server to an XML file that you can use later with external automation systems.

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> printxml <table_name> [<object_name>]

Examples:

• Print the object My_Obj from the table network_objects:

  dbedit> printxml network_objects my_obj

• Print the object firewall_properties from the table properties (in "Global Properties"):

  dbedit> printxml properties firewall_properties

printbyuid

Description:

Prints the attributes of the object specified by its UID (appears in the $FWDIR/conf/objects_5_0.C file at the beginning of the object as "chkpf_uid ({...})").

Syntax:

dbedit> printbyuid {object_id}

Example:

Print the attributes of the object with the specified UID:

dbedit> printbyuid {D3833F1D-0A58-AA42-865F-39BFE3C126F1}

query

Description:

Prints all the objects in the specified table.

Optionally, you can query for objects with specific attribute and value - query is separated by a comma after "query <table_name>" (spaces are not allowed between the <attribute> and '<value>').

Note - To see the available tables, attributes and values, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> query <table_name> [ , <attribute>='<value>' ]

Examples:

• Print all objects in the table users:

  dbedit> query users

• Print all objects in the table network_objects that are defined as Management Servers:

  dbedit> query network_objects, management='true'

• Print all objects in the table services with the name ssh:

  dbedit> query services, name='ssh'

• Print all objects in the table services with the port 22:

  dbedit> query services, port='22'

• Print all objects with the IP address 10.10.10.10:

  dbedit> query network_objects, ipaddr='10.10.10.10'

whereused

Description:

Checks where the specified object used in the database.

Prints the number of places, where this object is used and relevant information about each such place.

Syntax:

dbedit> whereused <table_name> <object_name>

Example:

Check where the object My_Obj is used:

dbedit> whereused network_objects My_Obj

create

Description:

Creates an object of specified type (with its default values) in the database.

Restrictions apply to the object's name:

• Object names can have a maximum of 100 characters.
• Objects names can contain only ASCII letters, numbers, and dashes.
• Reserved words will be blocked by the Management Server (refer to sk40179).

Note - To see the available tables and their class names (object types), connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> create <object_type> <object_name>

Example:

Create the service object My_Service of the type tcp_service (with its default values):

dbedit> create tcp_service my_service

delete

Description:

Deletes an object from the specified table.

Syntax:

dbedit> delete <table_name> <object_name>

Example:

Delete the service object My_Service from the table services:

dbedit> delete services my_service

modify

Description:

Modifies the value of specified attribute in the specified object in the specified table (for example, "network_objects", "services", "users") in the management database.

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> modify <table_name> <object_name> <field_name> <value>

Examples:

• Modify the color to red in the object My_Service in the table services:

  dbedit> modify services My_Service color red

• Add a comment to the object MyObj:

  dbedit> modify network_objects MyObj comments "Created by fwadmin with dbedit"

• Set the value of the global property ike_use_largest_possible_subnets in the table properties to false:

  dbedit> modify properties firewall_properties ike_use_largest_possible_subnets false

• Create a new interface on the Security Gateway My_FW and modify its attributes - set the IP address / Mask and enable Anti-Spoofing on interface with "Element Index"=3 (check the attributes of the object My_FW in GuiDBedit Tool):

  dbedit> addelement network_objects My_FW interfaces interface

  dbedit> modify network_objects My_FW interfaces:3:officialname NAME_OF_INTERFACE

  dbedit> modify network_objects My_FW interfaces:3:ipaddr IP_ADDRESS

  dbedit> modify network_objects My_FW interfaces:3:netmask NETWORK_MASK

  dbedit> modify network_objects My_FW interfaces:3:security:netaccess:access specific

  dbedit> modify network_objects My_FW interfaces:3:security:netaccess:allowed network_objects:group_name

  dbedit> modify network_objects My_FW interfaces:3:security:netaccess:perform_anti_spoofing true

  dbedit> modify network_objects MyObj FieldA LINKSYS

• In the Owned Object MyObj change the value of FieldB to NewVal:

  dbedit> modify network_objects MyObj FieldA:FieldB NewVal

• In the Linked Object MyObj change the value of FieldA from B to C:

  dbedit> modify network_objects MyObj FieldA B:C

lock

Description:

Locks the specified object (by administrator) in the specified table (for example, "network_objects", "services", "users") from being modified by other users.

For example, if you connect from a remote computer to this Management Server with admin1 and lock an object, you are be able to connect with admin2, but are not able to modify the locked object, until admin1 releases the lock.

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> lock <table_name> <object_name>

Example:

Lock the object My_Service_Obj in the table services in the database:

dbedit> lock services My_Service_Obj

addelement

Description:

Adds a specified multiple field / container (with specified value) to a specified object in specified table.

Note - To see the available tables and their class names (object types), connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> addelement <table_name> <object_name> <field_name> <value>

Examples:

• Add the element BranchObjectClass with the value Organization to a multiple field Read in the object My_Obj in the table ldap:

  dbedit> addelement ldap My_Obj Read:BranchObjectClass Organization

• Add the service MyService to the group of services MyServicesGroup in the table services:

  dbedit> addelement services MyServicesGroup '' services:MyService

• Add the network MyNetwork to the group of networks MyNetworksGroup in the table network_objects:

  dbedit> addelement network_objects MyNetworksGroup '' network_objects:MyNetwork

rmelement

Description:

Removes a specified multiple field / container (with specified value) from a specified object in specified table.

Note - To see the available tables and their class names (object types), connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> rmelement <table_name> <object_name> <field_name> <value>

Examples:

• Remove the service MyService from the group of services MyServicesGroup from the table services:

  dbedit> rmelement services MyServicesGroup '' services:MyService

• Remove the network MyNetwork from the group of networks MyNetworksGroup from the table network_objects:

  dbedit> rmelement network_objects MyNetworksGroup '' network_objects:MyNetwork

• Remove the element BranchObjectClass with the value Organization from the multiple field Read in the object My_Obj in the table ldap:

  dbedit> rmelement ldap my_obj Read:BranchObjectClass Organization

rename

Description:

Renames the specified object in specified table.

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> rename <table_name> <object_name> <new_object_name>

Example:

Rename the network object london to chicago in the table network_objects:

dbedit> rename network_objects london chicago

rmbyindex

Description:

Removes an element from a container by element's index.

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> rmbyindex <table_name> <object_name> <field_name> <index_number>

Example:

Remove the element backup_log_servers from the container log_servers by element index 1 in the table network_objects:

dbedit> rmbyindex network_objects g log_servers:backup_log_servers 1

add_owned_remove_name

Description:

Adds an owned object (and removes its name) to a specified owned object field (or container).

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> add_owned_remove_name <table_name> <object_name> <field_name> <value>

Example:

Add the owned object My_Gateway (and remove its name) to the owned object field (or container) my_external_products:

dbedit> add_owned_remove_name network_objects My_Gateway additional_products owned:my_external_products

is_delete_allowed

Description:

Checks if the specified object can be deleted from the specified table (object cannot be deleted if it is used by other objects).

Note - To see the available tables, connect to Management Server with GuiDBedit Tool.

Syntax:

dbedit> is_delete_allowed <table_name> <object_name>

Example:

Check if the object MyObj can be deleted from the table network_objects:

dbedit> is_delete_allowed network_objects MyObj

set_pass

Description:

Sets specified password for specified user.

Notes:

• The password must contain at least 4 characters and no more than 50 characters.
• This command cannot change the administrator's password.

Syntax:

dbedit> set_pass <user> <password>

Example:

Set the password 1234 for the user abcd:

dbedit> set_pass abcd 1234

savedb

Description:

Saves the database. You can run this command only when the database is locked globally (when you start the dbedit utility with the "dbedit -globallock" command).

Syntax:

dbedit> savedb

savesession

Description:

Saves the session. You can run this command only when you start the dbedit utility in session mode (with the "dbedit -session" command).

Syntax:

dbedit> savesession