Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cacti - Templates

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cacti - Templates

L2 Linker

Hello Palo Alto Community,

I created a few Cacti Templates which allow you to quickly and easily monitor Palo Alto Networks firewalls with SNMP.  There are 5 different templates corresponding to the 5 different Firewall families, PA-200, PA-500, PA-20xx, PA-40xx, PA-50xx.

Using these with Cacti (www.cacti.net), these Host templates will monitor the following sets variables, create historical graphs of these variables (example Graphs listed below):

  • Traffic the firewall is passing through each selected interface(s)
  • The number of Active Sessions (TCP, UDP and ICMP)
  • The number of Concurrent Sessions (aggregate of Active Sessions)
  • Session Utilization Percentage – Based on the PAN Firewall Model
  • Temperature of the Firewall
  • Uptime of the Firewall

If you know of other OIDs which you feel the broader community would like monitored, I would be happy to add them to the templates.

Once cacti is installed on your favorite OS, you simply connect to the Cacti web interface and import these host templates.  Then you can add devices for Cacti to SNMP Poll/Monitor and you have a long term graphical representation of what the firewall is doing, how much traffic it is seeing, how many sessions it is supporting, etc.

Hope these help,

Kameron

Interface-Traffic.pngSessions.png

Session-Utilization.png

Concurrent-Sessions.png

DataPlane-Utilization.png

Management-Utilization.png

Temperature.png

Uptime.png

39 REPLIES 39

Not applicable

Hi, I'm fairly new to Cacti and SNMP. How do I get the interface traffic graphs up and running? I can see the graph templates in Cacti, but my assumption is I need to configure the data source some how...

I am not sure if you are just using the templates, or if you are using the VM I built.  Either way, read this document and it should get you pointed in the right direction: https://dl.dropboxusercontent.com/u/68056332/Cacti%20Virtual%20Appliance%20Documentation%20-%20Versi...

Hope this helps,

Kameron

Follow the directions in this document and you should be in good shape: https://dl.dropboxusercontent.com/u/68056332/Cacti%20Virtual%20Appliance%20Documentation%20-%20Versi...

Kameron.

Is this VM appliance available for download somewhere?

I've built my own, but I'm still having issues with some parts of the PA information, so I'd like to look at yours.

Thanks

Me  too

Sure thing, here is a link to the VM:

http://dl.dropbox.com/u/68056332/PAN-Cacti-VM.zip


Please be sure to read the read the document (posted earlier) for details on the setup...


BTW, I am working on an upgraded version, but I haven't had the time to finish it just yet.  It will have all the new templates for PA-30xx, etc added as well...

Works like a charm, thanks!

kklein wrote:

Sure thing, here is a link to the VM:

http://dl.dropbox.com/u/68056332/PAN-Cacti-VM.zip


Please be sure to read the read the document (posted earlier) for details on the setup...


BTW, I am working on an upgraded version, but I haven't had the time to finish it just yet.  It will have all the new templates for PA-30xx, etc added as well...

Thanks for that - I'm downloading it now, and I'll play with it some time in the next week or so.

Cheers

Awesome, I am glad it is working for you!!

Well, I managed to make it work on VMWare player - but I couldn't get it to import into my full-on VMWare ESX-i cluster, which kinda sucks. I don't know why it wouldn't work. 😞 I'll have to investigate more.

I do notice you've done it on an earlier version of Cacti than I have been using - I'm running Cacti 0.8.8a, and your VM is 0.8.7i. Is there a huge difference between Cacti 0.8.8 and 0.8.7?

We recently upgraded our PA 5020's to 5.0.5 and the templates stopped working. Is there a version compatible with PAN OS 5.0.5?

I don't believe there is anything wrong with the Cacti templates, rather you need to enable SNMP...In 5.x the default SNMP behavior changed.

Darren.g,

The VM will operate within ESXi, but you will have to convert the image...this is a VMWare issue.  The converter (and instructions) should be available at vmware.com...

As I mentioned in the document, this is a very stock image of CentOS and hasn't been upgraded for roughly a year.  I am working on releasing an updated version, but haven't had the time to package it completely.  However, you can easily upgrade the VM by logging in as root and issue the command "yum -y update".  Feel free to read up on this prior to upgrading it.

Thanks,

Kameron

Kameron.

Yes, I got it working by running it through the VMWare converter - it's now running on my ESXi cluster no problem.

I'm aware of how to upgrade the Linux install, but I'm wondering if upgrading the Cacti installation will break the Palo Alto templates you installed - or will it upgrade them along with the process? Have you actually upgraded to Cacti 0.8.8 without breaking the Palo Alto templates in the VM?

Cheers and thanks.

Darren.g,

Great news!

I haven't had any problems upgrading to 0.8.8...of course your mileage may vary.  Smiley Happy

Thanks,

Kameron

  • 70556 Views
  • 39 replies
  • 18 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!