Nagios Support Forum

I'm looking to monitor how many users are connected via VPN (Global Protect) to our Palo. I can SSH into the device and issue a command to get the result I'm after....how can I set Nagios up to do the same? On all of our Windows boxes I use NCPA...anyone ever install the NCPA client on a Palo Alto? I've tried an SNMP walk and get no results despite having the community string / IP / port correct. Any help appreciated.

You can use check_by_ssh plugin. So nagios will ssh to remote machine by using user name and password and run your script and get the output.
No need to install any plugin.
That is one way to solve the problem.

ar0431 wrote:You can use check_by_ssh plugin. So nagios will ssh to remote machine by using user name and password and run your script and get the output.
No need to install any plugin.
That is one way to solve the problem.

This was going to be my suggestion as well

Here is a doc we have that outlines how to set this up
https://assets.nagios.com/downloads/nag ... ng_SSH.pdf

Appreciate the suggestions. Reading through the documentation I need to install plugins and such on the PaloAlto. Here in this thread though there's mention that I don't need to do any plugin install. Which is correct? Thx...

rkane wrote:Appreciate the suggestions. Reading through the documentation I need to install plugins and such on the PaloAlto. Here in this thread though there's mention that I don't need to do any plugin install. Which is correct? Thx...

Well, you mentioned this

rkane wrote:I can SSH into the device and issue a command to get the result I'm after....

So in this case you don't need to install plugins.

The PDF just outlines a case where you wanted to use the standard Linux plugins

Perfect, that's what I suspected, appreciate the confirmation. Is there a way to configure a (read only of course) username / pw in the check command or do I need to follow the part of the documentation where I configure keys and such?

scottwilkerson wrote:

rkane wrote:Appreciate the suggestions. Reading through the documentation I need to install plugins and such on the PaloAlto. Here in this thread though there's mention that I don't need to do any plugin install. Which is correct? Thx...

Well, you mentioned this

rkane wrote:I can SSH into the device and issue a command to get the result I'm after....

So in this case you don't need to install plugins.

The PDF just outlines a case where you wanted to use the standard Linux plugins

What version of PAN-OS are you running ?
I use the following OID with check_snmp and that gives me the GP tunnels:

$USER1$/check_snmp -H $HOSTADDRESS$ -C ReadCommunityHere -o .1.3.6.1.4.1.25461.2.1.2.5.1.3.0 -P 2c -l "Sessions"

We are running PAN-OS 8.1.13 btw.

Hope this helps

KPoulsen wrote:What version of PAN-OS are you running ?
I use the following OID with check_snmp and that gives me the GP tunnels:

$USER1$/check_snmp -H $HOSTADDRESS$ -C ReadCommunityHere -o .1.3.6.1.4.1.25461.2.1.2.5.1.3.0 -P 2c -l "Sessions"

We are running PAN-OS 8.1.13 btw.

Hope this helps

Thanks for the help @KPoulsen

KPoulsen wrote:What version of PAN-OS are you running ?
I use the following OID with check_snmp and that gives me the GP tunnels:

$USER1$/check_snmp -H $HOSTADDRESS$ -C ReadCommunityHere -o .1.3.6.1.4.1.25461.2.1.2.5.1.3.0 -P 2c -l "Sessions"

We are running PAN-OS 8.1.13 btw.

Hope this helps

Thank you, will give it a try!
Software Version 9.0.3
GlobalProtect Agent 5.0.1

rkane wrote:

KPoulsen wrote:What version of PAN-OS are you running ?
I use the following OID with check_snmp and that gives me the GP tunnels:

$USER1$/check_snmp -H $HOSTADDRESS$ -C ReadCommunityHere -o .1.3.6.1.4.1.25461.2.1.2.5.1.3.0 -P 2c -l "Sessions"

We are running PAN-OS 8.1.13 btw.

Hope this helps

Thank you, will give it a try!
Software Version 9.0.3
GlobalProtect Agent 5.0.1

Good luck!