Panw module

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

The panw Metricbeat module uses the Palo Alto [pango](https://pkg.go.dev/github.com/PaloAltoNetworks/pango#section-documentation) package to extract metrics information from a firewall device via the XML API.

Dashboards

edit

Module-specific configuration notes

edit

The panw module configuration requires the ip address of the target firewall device and an API Key generated from that firewall. It is assumed that network access to the firewall is available. All access by the panw module is read-only.

Limitations The current version of the module is configured to run against exactly 1 firewall. Multiple firewalls will require multiple agent configurations. The module has also not been tested with Panorama, though it should work since it only relies on lower level Client.Op calls to send XML API commands to the server.

Required credentials for the panw module:

host_ip
IP address of the firewall - must be network accessible.
apiKey
An API Key generated via an XML API call to the firewall or via the management dashboard. This

Metricsets

edit

bgp_peers

edit

This metricset reports information on BGP Peers defined in the firewall.

certificates

edit

This metricset will capture certificates defined on the firewall including expiration dates.

fans

edit

This metricset will collect information from hardware fans (RPMS) and will report if an alarm is active for a given fan.

filesystem

edit

This metricset reports disk usage for filesystems defined on the device, based on df output.

globalprotect_sessions

edit

This metricset will collect metrics on current user sessions established on Global Protect gateways.

globalprotect_stats

edit

This metricset reports the number of user per GlobalProtect gateway and totals across all gateways.

ha_interfaces

edit

This metricset will collect metrics from the device on High Availabilty configuration for interfaces.

licenses

edit

This metricset reports on licenses for sofware features with expiration dates.

logical

edit

This metricset will collect metrics on logical interfaces in the device’s network.

power

edit

This metricset reports power usage and alarms.

system

edit

This metricset captures system informate such as uptime, user count, CPU, memory and swap: essentiallyl the first 5 lines of top output.

temperature

edit

This metricset reports temperature for various slots on the device and reports on alarm status.

tunnels

edit

This metricset enumerates ipsec tunnels and their status.

Example configuration

The Panw module supports the standard configuration options that are described in Modules. Here is an example configuration:

metricbeat.modules:
- module: panw
  metricsets: ["licenses"]
  enabled: false
  period: 10s
  hosts: ["localhost"]

Metricsets

The following metricsets are available: