Hello Palo Alto Community,
I created a few Cacti Templates which allow you to quickly and easily monitor Palo Alto Networks firewalls with SNMP. There are 5 different templates corresponding to the 5 different Firewall families, PA-200, PA-500, PA-20xx, PA-40xx, PA-50xx.
Using these with Cacti (www.cacti.net), these Host templates will monitor the following sets variables, create historical graphs of these variables (example Graphs listed below):
If you know of other OIDs which you feel the broader community would like monitored, I would be happy to add them to the templates.
Once cacti is installed on your favorite OS, you simply connect to the Cacti web interface and import these host templates. Then you can add devices for Cacti to SNMP Poll/Monitor and you have a long term graphical representation of what the firewall is doing, how much traffic it is seeing, how many sessions it is supporting, etc.
Hope these help,
However, you can easily upgrade the VM by logging in as root and issue the command "yum -y update". Feel free to read up on this prior to upgrading it.
Update successful - even the first-run Cacti update Just Worked (which is very outside my past experience with such upgrades).
Thanks, Kameron. Now I'm getting all the graphs I want out of Cacti.
Thanks for sharing from me too :-)
I have just two questions (obviously not being a cacti wizard):
The interface statistics images' Title is composed by these fields: |host_description| - Traffic - |query_ifName|
However 'query_ifName' does only return 'Ethernet1/1' etc. I'm using the interface's Comment field to save a friendly name of the interface's subnet / zone. Is the Interface.Comment field also accessible in cacti? Knowing the zone name would render the interface graphs a lot more easy to understand..
Also I would like to display a few of these bandwidth graphs on web pages generated at another webserver. Is it possible for the other webserver to somehow update and fetch the single graph images from the cacti server? They will be used on an info screen displaying technical info from many devices...
Thanks for comments on this
I am having a similar issue. The templates load fine and I can SNMP against the palo alto device to grab the interfaces and template graphs for active sessions, temperature, etc. However, the graphs sit at 0, with no data being displayed. I've refreshed a few times over the course of an hour or so, and this is the active unit.
Has anyone run into this before?
Since released back in 2012 some of these templates no longer work as Palo Alto has modified their OID's over the years. Attached is the PA-500 v1.1 template.
Would attach here but no idea how to attach a file in this forum
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!