Paloalto firewall and panorama monitoring

[emartine]

I was wondering how are people monitoring Paloalto firewalls and panorama services?

Looking around I found https://media.readthedocs.org/pdf/nagio ... loalto.pdf

I came close using this document but get an error:

/usr/local/bin/check_paloalto -H firewallname -T verylongtokeninfo= sessinfo
SESSINFO UNKNOWN: AttributeError: 'module' object has no attribute 'urllib3'

Can't seem to find this error anywhere.

I am using RHEL 6

[npolovenko]

Hello, @emartine. What version of python are you using? And what version of check_paloalto plugin? I'd suggest trying the latest version if you haven't already. https://pypi.python.org/pypi/check_paloalto
Also, It seems like the author of this plugin left his email in that manual, so you could try to reach out to him directly. Since we don't have Paloalto firewalls to test against this plugin.
I also found this plugin on Nagios exchange: https://exchange.nagios.org/directory/P ... 00/details
Hope that helps.

[emartine]

I tried both 2.7 and 3.4. On the command line as the nagios user and I was able to execute the check_paloalto plugin fine. But once the check was created in Nagios XI it gave me a 127 error - plugin missing.
The command I created originally had the $USER1$/check_paloalto -H $HOSTADDRESS$ -T $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$ but I eventually just decided to use the full path /opt/rh/rh-python34/root/usr/bin/check_paloalto -H $HOSTADDRESS$ -T $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
in the original location to see if that would work but I ended up with the same result each time.


If I attempt to run the check command over the "Run Check Command" button in the Nagios WUI I do not receive output only the listed command without it being executed. I checked the permissions on the plugin and I don't see any issues with it since it matches the rest. Any idea what might be going on?

[lmiltchev]

Can you provide us with the download link to the plugin that you are currently using (or upload it to the forum)?

Show the exact check, run from the command line, along with the output of it.

Also show the service configuration file, along with the configs of the command, and any templates, used by this check.

[emartine]

lmiltchev I have sent you a PM

[npolovenko]

@emartine, lmiltchev is out of the office today. You could forward the info to my PM to get a response today, or you could wait for him to respond tomorrow. Let me know.

[emartine]

@npolovenko PM sent.

[npolovenko]

We do not have a Paloalto firewall in the lab, but here's what I did:
This is the command I used:

Code: Select all

/usr/bin/check_paloalto -H IP_address -T token= thermal  -w $ARG1$ -c $ARG2$

And then when I created a service I chose the above command, in $ARG1$ field I added 50, and in $ARG2$ field I added 70.
And I got: THERMAL UNKNOWN: Timeout: check execution aborted after 10s, which is the same result as if I ran the command manually from the command line. Everything seems normal. I don't get a "Plugin may be missing" message.
What are the permissions on paloalto plugin on your system, as well as the folder?Here's mine:

Code: Select all

-rwxr-xr-x 1 root root 225 Jan 22 13:48 /usr/bin/check_paloalto
dr-xr-xr-x.   2 root root 28672 Jan 22 13:48 bin

[emartine]

I changed the path from /opt/rh/python27/root/usr/bin/check_paloalto to use /usr/bin/check_paloalto and sure enough that worked. Permission on this file is the same as what you have in yours. I also noted that the contents of this file /usr/bin/check_paloalto state #!/usr/bin/python3.4

What do the contents of your file specify?

[npolovenko]

@emartine, When I open /usr/bin/check_paloalto I see this version on a first line:

Code: Select all

#!/usr/bin/python2

Does your plugin work as it should now?