SNMP based Check_MK Plug-In for Palo Alto Firewalls

Ever since I had to attend a java class I always tried to avoid jobs or tasks which have anything to-do with object oriented programming. Of course I understand the benefits of object-oriented languages and they made it easy for me to modify some scripts which crossed my way in the past years. But on the other side I was never able to get any self-developed code working and thus I had some very frustrating experiences. After that I really thought I could avoid that stuff forever. Turned out I was wrong. At the end of my studies my professor offered me a nice subject for my bachelor thesis: Reverse Engineering of UML diagrams. Even though I had only small knowledge in designing UML diagrams at the time I accepted the subject. Long story short: The subject was about reengineering object oriented code – which I didn´t knew at the time.

Nowadays I´m a little bit more self-secure when it comes to object-oriented code, which led me to write a small script in python.

Today I´m happy to release that piece of code: I really made it! I wrote a small script for Check_MK (OMD) which is collecting SNMP information from Palo Alto firewalls. It´s nothing big – but it´s working (at least it is running on my machine).

In detail, it´s fetching the following information:

1.3.6.1.4.1.25461.2.1.2.3.1.0 sessions utilization (in percent)
1.3.6.1.4.1.25461.2.1.2.3.2.0 maximum Sessions for device
1.3.6.1.4.1.25461.2.1.2.3.3.0 total active sessions (including tcp, udp and icmp sessions)
1.3.6.1.4.1.25461.2.1.2.3.4.0 active tcp sessions
1.3.6.1.4.1.25461.2.1.2.3.5.0 active udp sessions

The plug-in is tested with Check_MK 1.2.0p2 and PA-5050 on firmware 4.1.7.
The installable Check_MK package includes the check itself, a pnp4nagios template (see screenshot) aswell as a small manpage. Feel free to contact me in case you need help regarding the installation process.Image

In the future I plan to add parameters for warning and critical levels aswell as a perf-o-meter – but first a need some testers to verify functionality. So if you are using Check_MK and you have a PaloAlto firewall in your company don´t hesitate to contact me! Here´s the link to the Check_MK Exchange download link.Image

Advertisements

About sitweak
Monitoring, Network, Firewall, Mobile Security. I´m totally into that stuff!

3 Responses to SNMP based Check_MK Plug-In for Palo Alto Firewalls

  1. Kalle says:

    Excellent!
    How do i install this plugin? I’ve run cmk install -P……..but then?

    • sitweak says:

      Hi,
      you can enter the command ‚cmk –L‘ and check_mk should show something similar to this:

      paloalto_sessions snmp yes yes Sessions counters

      After that you can add the PAN Firewall in your Configuration (via WATO). The plug-in has auto-inventory feature, and therefore, should appear after reinventory of the host.
      Currently I am running the plug-in on PAN firmware 5.0.1 and check_mk 1.2.0p2.
      Feel free to contact me on twitter. I haven´t had any feedback on the plug-in yet, so you may be the first one to use it (I guess PAN firewalls are not as widespread as you would think) and I´m kinda curious if it works in other environments!

  2. Pingback: Check PAN Firewall´s Sessions Counters with SNMP | sitweak

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: