Skip to main content

Palo Alto firewall SSH

Monitoring Connector Assets​

Monitored Objects​

The Centreon Monitoring Connector includes monitoring of the system, interfaces, licenses, ipsec, high availability between nodes and hardware components using system commands.

Discovery Rules​

Rule nameDescription
Net-PaloAlto-Standard-SNMP-Packet-Errors-NameDiscover network interfaces and monitor errors and discards
Net-PaloAlto-Standard-SNMP-Traffic-NameDiscover network interfaces and monitor status and bandwidth utilization

Collected Metrics​

Metric nameDescriptionUnit
hardware.temperature.celsiusTemperature of the different sensorsC
hardware.voltage.voltVoltage of the different sensorsV

Prerequisites​

In order to work, the Plugin requires an SSH connection between the Poller and the Palo Alto firewall. The remote user must have enough privileges to execute system commands.

Setup​

  1. Install the Centreon Plugin on every Poller:
yum install centreon-plugin-Network-Firewalls-Paloalto-Standard-Ssh
  1. On the Centreon Web interface in Configuration > Monitoring Connector Manager, install the Palo Alto firewall SSH Monitoring Connector

Host Configuration​

  • Add a new Host and apply the Net-PaloAlto-Standard-SSH-custom Host Template

Three SSH backends are available to connect to the remote server: sshcli, plink and libssh which are detailed below.

MandatoryNameDescription
XSSHBACKENDName of the backend: sshcli
XSSHUSERNAMEBy default, it uses the user running process centengine on your Poller
SSHPASSWORDCannot be used with backend. Only ssh key authentication
SSHPORTBy default: 22
SSHEXTRAOPTIONSCustomize it with your own if needed. E.g.: --ssh-priv-key=/user/.ssh/id_rsa

With that backend, you have to validate the target server fingerprint manually (with the SSHUSERNAME used).

How to check in the CLI that the configuration is OK and what are the main options for ?​

Once the Plugin installed, log into your Poller using the centreon-engine user account and run the following command :

/usr/lib/centreon/plugins/centreon_paloalto_ssh.pl \
    --plugin=network::paloalto::ssh::plugin \
    --mode=environment \
    --hostname=10.30.2.81 \
    --ssh-username=centreon \
    --ssh-password='centreon-password' \
    --ssh-backend=sshcli \
    --component='.*' \
    --verbose

Which output something similar to:

OK: All 12 components are ok [4/4 psus, 4/4 temperatures, 4/4 voltages].
Checking power supplies
Power supply 'Power Supply A1' status is normal [instance: 1].
Power supply 'Power Supply B1' status is normal [instance: 2].
Power supply 'Power Supply A2' status is normal [instance: 1].
Power supply 'Power Supply B2' status is normal [instance: 2].
Checking temperatures
Temperature sensor on slot 1' temperature is 69C [instance: 18.1].
Temperature sensor on slot 2' temperature is 59C [instance: 40.1].
Temperature sensor on slot 3' temperature is 57C [instance: 89.1].
Temperature sensor on slot 4' temperature is 67C [instance: 89.2].
Checking voltages
1,500V voltage sensor, slot 1' voltage is 1,732 V [instance: 18.1].
1,800V voltage sensor, slot 1' voltage is 1,072 V [instance: 18.2].
1,500V voltage sensor, slot 2' voltage is 1,732 V [instance: 89.1].
1,800V voltage sensor, slot 2' voltage is 1,072 V [instance: 89.2].

The above command gets the state of the Palo Alto firewall environment (--mode=environment). It uses a SSH username centreon (--ssh-username=centreon), a SSH password centreon-password (--ssh-password='centreon-password'), uses a SSH backend sshcli (--ssh-backend='sshcli') and it connects to the host 10.30.2.81 (--hostname=10.30.2.81).

All the options that can be used with this plugin can be found over the --help options:

/usr/lib/centreon/plugins/centreon_paloalto_ssh.pl \
    --plugin=network::paloalto::ssh::plugin \
    --mode=environment \
    --help

Troubleshooting​

I have that error message: UNKNOWN: Command error: Host key verification failed.. What does it mean ?​

It means you haven't manually validated the target server fingerprint with libssh or plink on the Centreon Poller.