This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cacti - Templates

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cacti - Templates

kklein
L2 Linker

‎03-19-2012 03:52 PM

Hello Palo Alto Community,

I created a few Cacti Templates which allow you to quickly and easily monitor Palo Alto Networks firewalls with SNMP.  There are 5 different templates corresponding to the 5 different Firewall families, PA-200, PA-500, PA-20xx, PA-40xx, PA-50xx.

Using these with Cacti (www.cacti.net), these Host templates will monitor the following sets variables, create historical graphs of these variables (example Graphs listed below):

  • Traffic the firewall is passing through each selected interface(s)
  • The number of Active Sessions (TCP, UDP and ICMP)
  • The number of Concurrent Sessions (aggregate of Active Sessions)
  • Session Utilization Percentage – Based on the PAN Firewall Model
  • Temperature of the Firewall
  • Uptime of the Firewall

If you know of other OIDs which you feel the broader community would like monitored, I would be happy to add them to the templates.

Once cacti is installed on your favorite OS, you simply connect to the Cacti web interface and import these host templates.  Then you can add devices for Cacti to SNMP Poll/Monitor and you have a long term graphical representation of what the firewall is doing, how much traffic it is seeing, how many sessions it is supporting, etc.

Hope these help,

Kameron

Interface-Traffic.pngSessions.png

Session-Utilization.png

Concurrent-Sessions.png

DataPlane-Utilization.png

Management-Utilization.png

Temperature.png

Uptime.png

4 people had this problem.
Preview file
210 KB
Preview file
210 KB
Preview file
210 KB
Preview file
210 KB
Preview file
210 KB
39 REPLIES 39

jvalentine
L7 Applicator

‎03-19-2012 04:43 PM

These are great.  Thanks for sharing!

0 Likes Likes

saint-paul
L2 Linker

‎03-20-2012 03:32 AM

Thanks.

And for those having trouble importing template, how to fix version checking in cacti with xml version hash error

http://docs.cacti.net/howto:determine_cacti_template_version

0 Likes Likes

mikand
L6 Presenter

‎03-20-2012 10:52 AM

Nice work! Thanks for sharing! 🙂

0 Likes Likes

atseng
L1 Bithead

‎03-26-2012 08:51 AM

nick work! thanks for sharing!

0 Likes Likes

ericgearhart
L4 Transporter

‎04-29-2012 08:32 AM

I've built the equivalent of these graphs in Zabbix as well... Zabbix allows you to do some interesting things as well, such as "if the last retrieved uptime raw value is less than 600 seconds, send an alert" (i.e. if the firewall has rebooted in the last ten minutes, throw an alert), or "if the SNMP queried temperature is over X, send an alert"

Unfortunately Zabbix doesn't support SHA/AES for SNMPv3, and the Palo Altos we have don't seem to support MD5/3DES, so I ended up having to use SNMPv2

If anyone's interested I can post them here, or open a new thread

Quinton
L3 Networker
In response to ericgearhart

‎10-09-2012 11:55 AM

I'm interested in those Zabbix templates thanks. Would you mind posting them?

0 Likes Likes

jthompson159
Not applicable

‎10-24-2012 09:41 AM

Thanks for the templates.

Have you graphed traffic utilization on sub interfaces?  some reason I'm struggling with this <maybe cause i'm new to cacti>  I'm running cacti 0.8.8a

0 Likes Likes

kklein
L2 Linker
In response to jthompson159

‎10-24-2012 12:27 PM

Jerrold,

Currently, there isn't any SNMP support for Sub-interfaces.  There are feature requests for this, so you may want to speak with your local PANW SE and have them add you and your company to the FR.

Thanks,

Kameron

0 Likes Likes

ericgearhart
L4 Transporter
In response to Quinton

‎02-08-2013 11:13 AM

quinton - sorry for the late reply.

I will try to export the Zabbix hosts I've built... we're monitoring our 4020 and a pair of 5020s with Zabbix and it's working great. I'll start a new thread and post them there.

0 Likes Likes

sboelter
L1 Bithead

‎02-18-2013 01:12 AM

...works great with our PA-500 but i can't see the traffic graphs on Cacti. Do i have to add them manually?

0 Likes Likes

Colt
L1 Bithead

‎02-27-2013 09:46 AM

Hi,

i'm using cacti 0.8.7g and this template was exported using cacti 0.8.7h.

Then it doesn't works for me

To be able to import this template, i had to change all the hash version occurrences inside the .xml file for the correct ones.

I used sed (in a gnu/linux system) to do the trick:

sed -i -r 's/(hash_[0-9]{2})0022/\10021/g' cacti_host_template_palo_alto_firewalls_-_pa-50xx.xml

The above command, change the cacti_host_template_palo_alto_firewalls_-_pa-50xx.xml template file from cacti 0.8.7h to cacti 0.8.7g version

Hope this helps someone too

Best regards.

0 Likes Likes

Colt
L1 Bithead

‎03-05-2013 03:25 AM

Hello,

i have updated your host template to be able to monitor in the correct way palo alto firewalls running pan-0s 4.1 Smiley Happy

Best regards,

0 Likes Likes

darren_g
L4 Transporter

‎03-18-2013 05:56 PM

Thumbs up from me - just found this, and it worked a treat - thanks!

0 Likes Likes

tobannon
L0 Member

‎05-27-2013 06:56 AM

Hi,

Thanks for the templates.  However, I'm not getting any data returned.  I'm using the 20XX host template for my 3020.  I'm using Nagios as well and it is pulling data correctly.  I've checked all of the oids and they are correct.  Any ideas?

Thanks,

Todd

0 Likes Likes
  • 70337 Views
  • 39 replies
  • 18 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks