Skip to content

jenningsloy318/panos_exporter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits

.github/workflows

.github/workflows

 
 

collector

collector

 
 

grafana/dashboard

grafana/dashboard

 
 

panos

panos

 
 

scripts

scripts

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

Readme.md

Readme.md

 
 

VERSION

VERSION

 
 

config.go

config.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

Panos_exporter

panos_exporter is an exporter to scape metrics from Paloalto NGFW api to get its current status and expose as prometheus metrics; and it can be used to montior its running statuss

Run from binary

Create an example configuration as yaml file:

devices:
    10.36.48.15:
      username: user
      password: pass

Then start panos_exporter via

panos_exporter --config.file=panos_exporter.yaml

Then you can get the metrics via the following command (the IP address beeing the Palo Alto appliance to monitor):

curl http://<panos_exporter host>:9654/panos?target=10.36.48.15

Run with Docker

Run Panos exporter as a container by providing the configuration file with a bind mount (-v <local file>:<container file>). To access the metrics, you may bind the container port to your host port (-p <host_port>:<container_port>).

docker run \
    -v $(pwd)/panos_exporter.yaml:/panos_exporter.yaml \
    -p 9654:9654 \
    ghcr.io/jenningsloy318/panos_exporter:latest \
    --config.file=/panos_exporter.yaml

Prometheus Configuration

add panos_exporter job config as following

  - job_name: 'panos_exporter'
    metrics_path: /panos
    # scheme defaults to 'http'.

    static_configs:
    - targets:
      - 10.36.48.15
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: localhost:9654  ### the address of the panos_exporter address

API Commands for metrics

  • global_counter_collector: <show><counter><global></global></counter></show>
  • session_collector: <show><session><info></info></session></show>
  • interface_collector: <show><interface>all</interface></show>
  • interface_counter_collector: <show><counter><interface>all</interface></counter></show>
  • system_resource_utilization_collector: <show><system><resources></resources></system></show>
  • data_processor_resource_utilization_collector: <show><running><resource-monitor><second><last>1</last></second></resource-monitor></running></show>
  • report_collector:
    • Top blocked websites: type=report&reporttype=predefined&reportname=top-blocked-websites
    • Top sources: type=report&reporttype=predefined&reportname=top-sources
    • Top destinations: type=report&reporttype=predefined&reportname=top-destinations
  • panorama_collector (specific to panorama instances):
    • Security rules usage for each device group: <show><rule-hit-count><device-group><entry name='{deviceGroup}'><pre-rulebase><entry name='security'><rules><all/></rules></entry></pre-rulebase></entry></device-group></rule-hit-count></show>
    • NAT rules usage for each device group: <show><rule-hit-count><device-group><entry name='{deviceGroup}'><pre-rulebase><entry name='nat'><rules><all/></rules></entry></pre-rulebase></entry></device-group></rule-hit-count></show>

Support devices

  • PA-3220(8.1.7)

About

paloalto os expoter for prometheus

Topics

exporter prometheus paloalto

Resources

Readme

License

Apache-2.0 license
Activity

Stars

17 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases

3 tags

Packages 1

 

Contributors 6

Languages