Palo Alto Firewall Template V0.01

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

alelova
Posts: 1
Joined: Thu Mar 20, 2014 6:02 am

Re: Palo Alto Firewall Template V0.01

Post by alelova »

Thank you!

I've used preki template ( cacti_host_template_pan_fw.xml [167.28 KiB] ) monitoring PA-3050. Cacti installed on debian 6 squeeze from the repositories (Version 0.8.7g).

I modified in the "graph templates" section the CF type from LAST -> AVERAGE in the summary rows:
Item # 1 (pan_temp_cpu): CPU LINE1 AVERAGE
Item # 5 (pan_temp_dimm): DIMM LINE1 AVERAGE
.....

This avoid the CF type error:
ERROR: the RRD does not contain an RRA matching the chosen CF
:wink:
joshrabino
Posts: 1
Joined: Tue Mar 25, 2014 7:28 pm

Re: Palo Alto Firewall Template V0.01

Post by joshrabino »

Awesome work, glad to have these templates!

shoelessfarmer's template worked right out of the box for my 2050. Many thanks shoeless!

I do prefer preki's graph template but for some reason the graph templates do not build despite the data sources working just fine.. any suggestions?
cdnvballer
Cacti User
Posts: 89
Joined: Fri May 25, 2007 1:18 pm

Re: Palo Alto Firewall Template V0.01

Post by cdnvballer »

hi everyone,

I'm trying to use preki's template for a PAN-3020 , I'm not getting any of the PAN-specific info (i.e. CPU/TEMP/Sessions) to be graphed.
can anyone help on how to debug this?

manual snmpget successfully returns a value to me for given OIDs...
cdnvballer
Cacti User
Posts: 89
Joined: Fri May 25, 2007 1:18 pm

Re: Palo Alto Firewall Template V0.01

Post by cdnvballer »

nvm I got it..wasn't able to see that RRD error due to compatibility issue with graphviz-php... once that was remvoed, I was able to use graph management and enable debug mode..
saw the error, changed the graph templates for temp and session to use AVERAGE instead of LAST as posted earlier..all good now :)
AkosBeginner1
Posts: 3
Joined: Tue May 06, 2014 2:59 pm

Re: Palo Alto Firewall Template V0.01

Post by AkosBeginner1 »

Hello Palo Alto users.

If you want to monitor whatever you want on a Palo Alto Firewall like this:

Global Counters from categories
Global Counters - custom categories
Global Counters - custom categories
cacti_pa_xml_api_graph_example1.png (78.09 KiB) Viewed 6268 times
OR other global counters from aspects
Global Counters - custom aspects
Global Counters - custom aspects
cacti_pa_xml_api_graph_example2.png (66.89 KiB) Viewed 6268 times
Or vlan interfaces! That you cannot do with snmp on Palo Alto (till SW Version 6)
interface counters
interface counters
cacti_pa_xml_api_graph_example3.png (36.59 KiB) Viewed 6268 times
Just mail me or read on itsecworks.com

Best Regards,
Akos
Sjoerd
Posts: 44
Joined: Wed May 28, 2008 5:20 am

Re: Palo Alto Firewall Template V0.01

Post by Sjoerd »

For whoever is interested: I created a Cacti temple which uses the XML API to monitor a PaloAlto device.
I attached some examples, the host template and the perl script used by this template
Attachments
PA_ARP.png
PA_ARP.png (25.7 KiB) Viewed 4874 times
PA_UserID.png
PA_UserID.png (30.35 KiB) Viewed 4874 times
PA_Throughput.png
PA_Throughput.png (30.17 KiB) Viewed 4874 times
PA_Sessions.png
PA_Sessions.png (31.21 KiB) Viewed 4874 times
PaloAlto XML API.zip
(22.1 KiB) Downloaded 621 times
dogs1005
Posts: 42
Joined: Tue Jul 15, 2014 3:39 am

Re: Palo Alto Firewall Template V0.01

Post by dogs1005 »

AkosBeginner1 wrote:Hello Palo Alto users.

If you want to monitor whatever you want on a Palo Alto Firewall like this:

Global Counters from categories
cacti_pa_xml_api_graph_example1.png
OR other global counters from aspects
cacti_pa_xml_api_graph_example2.png
Or vlan interfaces! That you cannot do with snmp on Palo Alto (till SW Version 6)
cacti_pa_xml_api_graph_example3.png
Just mail me or read on itsecworks.com

Best Regards,
Akos
Hi AkosBeginner1
Is there anyway you could share your templates please. These look just what i am after.

Best Regards
Eol
Posts: 44
Joined: Mon Apr 13, 2015 5:53 pm

Re: Palo Alto Firewall Template V0.01

Post by Eol »

Since released back in 2012 some of these templates no longer work as Palo Alto has modified their OID's over the years. Attached is the PA-500 v1.1 template.
Attachments
cacti_host_template_palo_alto_firewalls_-_pa-500_v1-1.xml
(277.35 KiB) Downloaded 680 times
yidikangjia
Posts: 1
Joined: Tue Aug 29, 2017 9:26 am

Re: Palo Alto Firewall Template V0.01

Post by yidikangjia »

Eol wrote:Since released back in 2012 some of these templates no longer work as Palo Alto has modified their OID's over the years. Attached is the PA-500 v1.1 template.
Could you please share the template for cacti 0.8.8a ?

Thank you.
silverbenz
Posts: 1
Joined: Fri Jul 13, 2018 12:12 am

Re: Palo Alto Firewall Template V0.01

Post by silverbenz »

This one, which I adapted from the v1.1 version, is working for me on 0.8.8h. Your mileage may vary, but it's simple enough to change the template if you need to.

1. Look in the <cacti-install-location>/include/global_arrays.php file for the sections hash_version_codes and hash_type_codes.
2. The version code for 0.8.8a is "0024".
3. Look at this Cacti document for how to interpret the template hashes: https://docs.cacti.net/howto:determine_ ... te_version
4. Change the template hashes to match your version code. For example, hash_030025bf566c869ac6443b0c75d1c32b5a350e would become hash_030024bf566c869ac6443b0c75d1c32b5a350e
5. You may also need to remove any "Types" referenced in the template that don't exist in 0.8.8a.

I did the above to convert the template from Cacti 1.1.x (version code 0101) to Cacti 0.8.8h (version code 0025). I also had to remove a type reference that 0.8.8h didn't understand. The template then imported successfully and appears to be working fine.

Hope it helps.
Attachments
cacti_host_template_palo_alto_firewalls_-_pa-500_v0-8-8.xml
(275.08 KiB) Downloaded 588 times
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests