Panw module
editPanw module
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
The panw Metricbeat module uses the Palo Alto [pango](https://pkg.go.dev/github.com/PaloAltoNetworks/pango#section-documentation) package to extract metrics information from a firewall device via the XML API.
Dashboards
editModule-specific configuration notes
editThe panw module configuration requires the ip address of the target firewall device and an API Key generated from that firewall. It is assumed that network access to the firewall is available. All access by the panw module is read-only.
Limitations The current version of the module is configured to run against exactly 1 firewall. Multiple firewalls will require multiple agent configurations. The module has also not been tested with Panorama, though it should work since it only relies on lower level Client.Op calls to send XML API commands to the server.
Required credentials for the panw
module:
-
host_ip
- IP address of the firewall - must be network accessible.
-
apiKey
- An API Key generated via an XML API call to the firewall or via the management dashboard. This
Metricsets
editbgp_peers
editThis metricset reports information on BGP Peers defined in the firewall.
certificates
editThis metricset will capture certificates defined on the firewall including expiration dates.
fans
editThis metricset will collect information from hardware fans (RPMS) and will report if an alarm is active for a given fan.
filesystem
editThis metricset reports disk usage for filesystems defined on the device, based on df output.
globalprotect_sessions
editThis metricset will collect metrics on current user sessions established on Global Protect gateways.
globalprotect_stats
editThis metricset reports the number of user per GlobalProtect gateway and totals across all gateways.
ha_interfaces
editThis metricset will collect metrics from the device on High Availabilty configuration for interfaces.
licenses
editThis metricset reports on licenses for sofware features with expiration dates.
logical
editThis metricset will collect metrics on logical interfaces in the device’s network.
power
editThis metricset reports power usage and alarms.
system
editThis metricset captures system informate such as uptime, user count, CPU, memory and swap: essentiallyl the first 5 lines of top output.
temperature
editThis metricset reports temperature for various slots on the device and reports on alarm status.
tunnels
editThis metricset enumerates ipsec tunnels and their status.
The Panw module supports the standard configuration options that are described in Modules. Here is an example configuration:
metricbeat.modules: - module: panw metricsets: ["licenses"] enabled: false period: 10s hosts: ["localhost"]
The following metricsets are available: