Using API to get server usage metrics.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Using API to get server usage metrics.

L0 Member

I am very new to the Pan-OS API so I am looking for some help retrieving the information I need. Below is a bit of background.

 

I have a few dozen servers and applications that I monitor and support. At the moment some of these apps allow us to look at usage metrics and some of the don't. The ones that do have some form of metrics, do not necessarily monitor the same type of information. So even when we collect them we aren't comparing apples to apples.

 

What we are looking for here is a consistent method for comparing usage of our servers by capturing the last access date/time of each of the users on the system. Essentially being able to see which users are using an app frequently and which are using it rarely or perhaps never. This will allow us to make licensing and purchase descisions as well as clean up accounts that are not in use.

 

The information we are looking for we know is in the Panorama system in the form of traffic logs. We can do queries to find a user's last time they sent a request to the server in question. I am currently doing this by looping through all the users we have in our system by user ID and sending a query to the API like this

 

/api/?type=log&log-type=traffic&nlogs=1&query='. urlencode('((srcuser eq "'. $user .'") and (addr.dst in '. $ip .'))') .'&key='. $key


Which gives me the most recent log entry for the user, the issue is that I have to submit this query 870 times to update each user in just one system. Is there instead a way to either pass the API a list of users that we want each of their most recent system access log, or to get only the unique user entries that have been logged in a certain time frame? Because if I just query the logs for the last 1000 log entries I am going to get the most recent 10-20 users and all their activity. Is there a better way to request the information I am looking for that would be either less requests or more efficiently get the data I need?

 

Any help would be much appreciated.

0 REPLIES 0
  • 2095 Views
  • 0 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!