We opened a ticket @ PAN The URL ad.afy11.net is used by advertising providers, the clients which hit the URL are clean. (@DIRTT already mentioned this) Feedback: The two threads IDs are disabled because of false-positive hits. " The signature TID 192442683 has been disabled starting from 01/20/2018 therefor it should not be triggered once the customer updates AV database to the latest version." It seems that are currently many changes to C2C / ad traffic and most of them are false-positives (in our case).
... View more
Hello Hulk, thanks a lot for your detailed explanation on cpu / io time and their impact on the overall system load. I think I mispelled my question. In my case, I was looking for a monitoring object which holds the "per core cpu utilization", to cover the case, if i.e. the pdf-scanning-engine does an "endless unpack of pdf docs" and keeps a single cpu core busy for a very long time. As I mentioned before I found the API-> Operational Commands -> show -> running -> resource-monitor and this object returns a list of numbers where I was in doubt about their meaning. Load or percent utilization of the individual cpu-core? The output of the api query looks like the following: ... <cpu-load-average> <entry><coreid>1</coreid> <value>4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,5,4,4,4,4,4,4,4,4,4,4,4,4,4,4,5,4,4,4,4,4,4,4,3,4,4,4</value> </entry> <entry><coreid>2</coreid> <value>11,9,9,9,9,10,10,9,9,10,9,10,10,10,10,10,10,10,10,11,9,10,10,10,11,10,9,9,9,10,9,10,10,12,12,10,10,9,10,11,10,10,10,10,11,9,9,9,10,10,11,10,10,10,9,9,9,9,9,9</value> </entry> <entry><coreid>3</coreid> <value>21,17,18,17,18,18,19,18,19,19,17,21,20,19,18,22,22,20,19,22,19,19,22,19,20,19,17,18,19,20,18,19,21,23,21,19,23,20,23,24,21,20,20,19,20,18,16,17,18,18,21,17,17,18,17,18,20,17,18,18</value> </entry> ... From the XML Structure where the values are embedded in, they should be load-averages. But an load-average on a single core with a value of 20 (as coreid 3)? Does it make any sense? So the question is: are these values load-averages or percent utilization values? Thanks a lot, Best Regards, Tom
... View more
Hello, first of all I am new to Palo Alto Firewalls and I`m highly impressed about the xml api which comes with palo alto. very cool and useful stuff! It took me just a couple of hours to fulfill some management requirements on reporting. Now I want to go on and create a monitoring script, which checks the cpu-cores for "long-time high-utilization per core". I found the following path on the api: API-> Operational Commands -> show -> running -> resource-monitor But I`m quite unsure, what the real meaning of the delivered values is? I get cpu-load-average and maximum-load-average, both with a list of values. But I cant figure out what the exact meaning is. Even I miss some utilization metrics. Are these utilization metrics exposed by the api? Can one shed some light on this or point me to the documentation on that? Thanks in advance, Tom
... View more