first of all I am new to Palo Alto Firewalls and I`m highly impressed about the xml api which comes with palo alto. very cool and useful stuff! It took me just a couple of hours to fulfill some management requirements on reporting. Now I want to go on and create a monitoring script, which checks the cpu-cores for "long-time high-utilization per core". I found the following path on the api:
API-> Operational Commands -> show -> running -> resource-monitor
But I`m quite unsure, what the real meaning of the delivered values is? I get cpu-load-average and maximum-load-average, both with a list of values. But I cant figure out what the exact meaning is. Even I miss some utilization metrics. Are these utilization metrics exposed by the api? Can one shed some light on this or point me to the documentation on that?
Thanks in advance,
The resource monitor will give you a brief history of the PAN firewall's Data-palane utilization. Shows the last minute, 60 minutes, 24 Hrs and 7 days averages of load on the Data-plane CPU.
day ------------------ Per-day monitoring statistics
hour------------------- Per-hour monitoring statistics
minute ----------------Per-minute monitoring statistics
second---------------- Per-second monitoring statistics
week------------------- Per-week monitoring statistics
But the load average concept will come for management-plane CPU utilization ( MP-CPU): load averages with three numbers that indicate how much load is on system and CPU. The load averages show the last minute, five minutes and fifteen minute averages of load on the MP ( I think so ).
> show system resources
top - 10:54:19 up 7 days, 23:07, 2 users, load average: 0.04, 0.02, 0.00 >>>>>>>>>>>>>>
As per my understanding, from a general microprocessor concept:
CPU time: If one process is running with complete demand on a processor, it is said to contribute 1.00 to the load average. Two processes demanding full time, when run evenly on two processors (or cores), would contribute 2.00 to the load average.
I/O time: Any process currently requesting read or write to a block device (such as a hard disk) increases the load by 1.00 while the I/O is being requested. If a process is waiting on a read(), and the kernel has not returned, (Eg. hang while in read) the load average could show high while the CPU is relatively idle. This will still reflect a high load average based on the I/O demand even though the rest of the system can be reasonably responsive.
thanks a lot for your detailed explanation on cpu / io time and their impact on the overall system load. I think I mispelled my question. In my case,
I was looking for a monitoring object which holds the "per core cpu utilization", to cover the case, if i.e. the pdf-scanning-engine does an "endless unpack of pdf docs" and keeps a single cpu core busy for a very long time. As I mentioned before I found the
API-> Operational Commands -> show -> running -> resource-monitor and this object returns a list of numbers where I was in doubt about their meaning. Load or percent utilization of the individual cpu-core?
The output of the api query looks like the following:
From the XML Structure where the values are embedded in, they should be load-averages. But an load-average on a single core with a value of 20 (as coreid 3)? Does it make any sense? So the question is: are these values load-averages or percent utilization values?
Thanks a lot,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!