Nagios Support Forum

Hi Support,

I wanted to do monitoring of Palo Alto firewall and Need plgins to monitor CPU, HA, Interface, States, Status, UPtime etc.
I have standard license for Nagios 5.4, Can someone please help where I can fine the plugin?

Thanks
Rahul

I see a couple plugins for monitoring a Palo Alto firewall on the Nagios Exchange.
check_paloalto
check-paloalto-A500

If you can not perform all of the checks you would like to with those plugins, you may be able to use a general SNMP check or install an agent if possible.

Thanks.

I want to use SNMPv3 instead and those plugins are for v2.

can you please advise from where I can get the plugin for v3. I have enabled v3 service on XI host.

I am getting below error with check_snmp and snmpget, from the errors its plugin problem. I think having plugin for v3 in XI host would solve the issue.

[root@I libexec]# ./check_snmp -C XXX -H 10.30.200.11 -o 1.3.6.1.4.1.25461.2.1.3.2.0
CRITICAL - Plugin timed out while executing system call

[root@I libexec]# snmpget -v 3 -u snmpuser -l authPriv -a SHA -A <passphrase> -x AES -X <passphrase> <hostip> 1.3.6.1.4.1.25461.2.1.3.2.0
SNMPv2-SMI::enterprises.25461.2.1.3.2.0 = No Such Object available on this agent at this OID

SNMPWalk is responding though.

Those were the only two plugins I could find on the Exchange specifically for Palo Alto firewalls.

SNMP version 3 offers several security improvements upon its predecessors, but that also means that it is more complicated to establish. I guess the plugins have just not added those features yet.

Where are your getting the OID from? I believe that Palo Alto should provide that information. If an OID does not work for a given check, we can try walking a range to see which one responds. Try looking at the Palo Alto documentation for the exact model you have. If you have the MIB already, please provide it to me so that I can provide more precise advice.

As for the timeout error, you could try increasing the limit to see if it is just taking too long.