Skip to main content
Needs Votes

Feature Request - Palo Alto firewall - BGP Status

Related products:Infra Monitoring - Connectors
  • December 18, 2023
  • 2 replies
  • 39 views
A
Forum|alt.badge.img+2

Would it be possible to develop a new mode for the “Palo Alto Firewall SSH” Monitoring Connector?
This mode would be to obtain BGP information which unfortunately is not accessible via standard MIBs (feature request open at Palo Alto for years).

We would like to collect information on the BGP status of a Palo Alto firewall, but this mode does not exist under Centreon.
In order to have a better understanding of what we would like, the idea would be to add a mode (for example named “bgp” in the list of SSH modes:
https://github.com/centreon/centreon-plugins/tree/develop/src/network/paloalto/ssh/mode

Please find attached the total output of the order in XML format. The check could a priori return information similar to the standard BGP check by extracting status and status duration information. For example by putting warning/critical alerts on status types:

                 <status>Established</status>
                 <status-duration>12798</status-duration>

Thanks !

2 replies

A
Forum|alt.badge.img+2
  • Aurele
  • Author
  • Steward *
  • December 18, 2023

As I can’t join file, there is the output below :

 

almond@PALOALTO(active)> show routing protocol bgp peer

<response status="success"><result>
        <entry peer="Peer - VLAN 1" vr="VR-1">
                <peer-group>Peer - VLAN 1 - PA4</peer-group>
                <peer-router-id>1.1.1.1</peer-router-id>
                <remote-as>12000</remote-as>
                <status>Established</status>
                <status-duration>12798</status-duration>
                <password-set>no</password-set>
                <passive>no</passive>
                <multi-hop-ttl>1</multi-hop-ttl>
                <peer-address>1.1.1.2:179</peer-address>
                <local-address>1.1.1.3:34987</local-address>
                <reflector-client>not-client</reflector-client>
                <same-confederation>no</same-confederation>
                <aggregate-confed-as>yes</aggregate-confed-as>
                <peering-type>Unspecified</peering-type>
                <connect-retry-interval>15</connect-retry-interval>
                <open-delay>0</open-delay>
                <idle-hold>15</idle-hold>
                <prefix-limit>5000</prefix-limit>
                <holdtime>60</holdtime>
                <holdtime-config>90</holdtime-config>
                <keepalive>20</keepalive>
                <keepalive-config>30</keepalive-config>
                <msg-update-in>2</msg-update-in>
                <msg-update-out>2</msg-update-out>
                <msg-total-in>700</msg-total-in>
                <msg-total-out>739</msg-total-out>
                <last-update-age>7</last-update-age>
                <last-error></last-error>
                <status-flap-counts>1</status-flap-counts>
                <established-counts>1</established-counts>
                <ORF-entry-received>0</ORF-entry-received>
                <nexthop-self>no</nexthop-self>
                <nexthop-thirdparty>yes</nexthop-thirdparty>
                <nexthop-peer>no</nexthop-peer>
                <config>
        <remove-private-as>yes</remove-private-as></config>
                <peer-capability>
        <list>
                <capability>Multiprotocol Extensions(1)</capability>
                <value>IPv4 Unicast</value></list>
        <list>
                <capability>Route Refresh(2)</capability>
                <value>yes</value></list>
        <list>
                <capability>Graceful Restart(64)</capability>
                <value>4078</value></list>
        <list>
                <capability>4-Byte AS Number(65)</capability>
                <value>15830</value></list>
        <list>
                <capability>unknown(71)</capability>
                <value>yes</value></list>
        <list>
                <capability>Route Refresh (Cisco)(128)</capability>
                <value>yes</value></list></peer-capability>
                <prefix-counter>
        <entry afi-safi="bgpAfiIpv4-unicast">
                <incoming-total>1</incoming-total>
                <incoming-accepted>1</incoming-accepted>
                <incoming-rejected>0</incoming-rejected>
                <policy-rejected>0</policy-rejected>
                <outgoing-total>2</outgoing-total>
                <outgoing-advertised>2</outgoing-advertised></entry></prefix-counter></entry>
        <entry peer="Peer - VLAN 2" vr="VR-1">
                <peer-group>Peer - VLAN 2 - PA4</peer-group>
                <peer-router-id>2.2.2.2</peer-router-id>
                <remote-as>12000</remote-as>
                <status>Established</status>
                <status-duration>12798</status-duration>
                <password-set>no</password-set>
                <passive>no</passive>
                <multi-hop-ttl>1</multi-hop-ttl>
                <peer-address>2.2.2.3:179</peer-address>
                <local-address>2.2.2.4:43717</local-address>
                <reflector-client>not-client</reflector-client>
                <same-confederation>no</same-confederation>
                <aggregate-confed-as>yes</aggregate-confed-as>
                <peering-type>Unspecified</peering-type>
                <connect-retry-interval>15</connect-retry-interval>
                <open-delay>0</open-delay>
                <idle-hold>15</idle-hold>
                <prefix-limit>5000</prefix-limit>
                <holdtime>60</holdtime>
                <holdtime-config>90</holdtime-config>
                <keepalive>20</keepalive>
                <keepalive-config>30</keepalive-config>
                <msg-update-in>2</msg-update-in>
                <msg-update-out>2</msg-update-out>
                <msg-total-in>701</msg-total-in>
                <msg-total-out>738</msg-total-out>
                <last-update-age>4</last-update-age>
                <last-error></last-error>
                <status-flap-counts>1</status-flap-counts>
                <established-counts>1</established-counts>
                <ORF-entry-received>0</ORF-entry-received>
                <nexthop-self>no</nexthop-self>
                <nexthop-thirdparty>yes</nexthop-thirdparty>
                <nexthop-peer>no</nexthop-peer>
                <config>
        <remove-private-as>yes</remove-private-as></config>
                <peer-capability>
        <list>
                <capability>Multiprotocol Extensions(1)</capability>
                <value>IPv4 Unicast</value></list>
        <list>
                <capability>Route Refresh(2)</capability>
                <value>yes</value></list>
        <list>
                <capability>Graceful Restart(64)</capability>
                <value>4078</value></list>
        <list>
                <capability>4-Byte AS Number(65)</capability>
                <value>15830</value></list>
        <list>
                <capability>unknown(71)</capability>
                <value>yes</value></list>
        <list>
                <capability>Route Refresh (Cisco)(128)</capability>
                <value>yes</value></list></peer-capability>
                <prefix-counter>
        <entry afi-safi="bgpAfiIpv4-unicast">
                <incoming-total>1</incoming-total>
                <incoming-accepted>1</incoming-accepted>
                <incoming-rejected>0</incoming-rejected>
                <policy-rejected>0</policy-rejected>
                <outgoing-total>2</outgoing-total>
                <outgoing-advertised>2</outgoing-advertised></entry></prefix-counter></entry>
        <entry peer="Peer - VLAN 3" vr="VR-1">
                <peer-group>Peer - VLAN 3 - PA5</peer-group>
                <peer-router-id>3.3.3.3</peer-router-id>
                <remote-as>12000</remote-as>
                <status>Established</status>
                <status-duration>12798</status-duration>
                <password-set>no</password-set>
                <passive>no</passive>
                <multi-hop-ttl>1</multi-hop-ttl>
                <peer-address>3.3.3.4:179</peer-address>
                <local-address>4.4.4.5:42849</local-address>
                <reflector-client>not-client</reflector-client>
                <same-confederation>no</same-confederation>
                <aggregate-confed-as>yes</aggregate-confed-as>
                <peering-type>Unspecified</peering-type>
                <connect-retry-interval>15</connect-retry-interval>
                <open-delay>0</open-delay>
                <idle-hold>15</idle-hold>
                <prefix-limit>5000</prefix-limit>
                <holdtime>60</holdtime>
                <holdtime-config>90</holdtime-config>
                <keepalive>20</keepalive>
                <keepalive-config>30</keepalive-config>
                <msg-update-in>2</msg-update-in>
                <msg-update-out>2</msg-update-out>
                <msg-total-in>705</msg-total-in>
                <msg-total-out>741</msg-total-out>
                <last-update-age>17</last-update-age>
                <last-error></last-error>
                <status-flap-counts>1</status-flap-counts>
                <established-counts>1</established-counts>
                <ORF-entry-received>0</ORF-entry-received>
                <nexthop-self>no</nexthop-self>
                <nexthop-thirdparty>yes</nexthop-thirdparty>
                <nexthop-peer>no</nexthop-peer>
                <config>
        <remove-private-as>yes</remove-private-as></config>
                <peer-capability>
        <list>
                <capability>Multiprotocol Extensions(1)</capability>
                <value>IPv4 Unicast</value></list>
        <list>
                <capability>Route Refresh(2)</capability>
                <value>yes</value></list>
        <list>
                <capability>Graceful Restart(64)</capability>
                <value>4078</value></list>
        <list>
                <capability>4-Byte AS Number(65)</capability>
                <value>15830</value></list>
        <list>
                <capability>unknown(71)</capability>
                <value>yes</value></list>
        <list>
                <capability>Route Refresh (Cisco)(128)</capability>
                <value>yes</value></list></peer-capability>
                <prefix-counter>
        <entry afi-safi="bgpAfiIpv4-unicast">
                <incoming-total>1</incoming-total>
                <incoming-accepted>1</incoming-accepted>
                <incoming-rejected>0</incoming-rejected>
                <policy-rejected>0</policy-rejected>
                <outgoing-total>2</outgoing-total>
                <outgoing-advertised>2</outgoing-advertised></entry></prefix-counter></entry>
        <entry peer="Peer - VLAN 4" vr="VR-1">
                <peer-group>Peer - VLAN 4 - PA5</peer-group>
                <peer-router-id>5.5.5.5</peer-router-id>
                <remote-as>12000</remote-as>
                <status>Established</status>
                <status-duration>12798</status-duration>
                <password-set>no</password-set>
                <passive>no</passive>
                <multi-hop-ttl>1</multi-hop-ttl>
                <peer-address>5.5.5.6:179</peer-address>
                <local-address>5.5.5.7:46065</local-address>
                <reflector-client>not-client</reflector-client>
                <same-confederation>no</same-confederation>
                <aggregate-confed-as>yes</aggregate-confed-as>
                <peering-type>Unspecified</peering-type>
                <connect-retry-interval>15</connect-retry-interval>
                <open-delay>0</open-delay>
                <idle-hold>15</idle-hold>
                <prefix-limit>5000</prefix-limit>
                <holdtime>60</holdtime>
                <holdtime-config>90</holdtime-config>
                <keepalive>20</keepalive>
                <keepalive-config>30</keepalive-config>
                <msg-update-in>2</msg-update-in>
                <msg-update-out>2</msg-update-out>
                <msg-total-in>707</msg-total-in>
                <msg-total-out>738</msg-total-out>
                <last-update-age>12</last-update-age>
                <last-error></last-error>
                <status-flap-counts>1</status-flap-counts>
                <established-counts>1</established-counts>
                <ORF-entry-received>0</ORF-entry-received>
                <nexthop-self>no</nexthop-self>
                <nexthop-thirdparty>yes</nexthop-thirdparty>
                <nexthop-peer>no</nexthop-peer>
                <config>
        <remove-private-as>yes</remove-private-as></config>
                <peer-capability>
        <list>
                <capability>Multiprotocol Extensions(1)</capability>
                <value>IPv4 Unicast</value></list>
        <list>
                <capability>Route Refresh(2)</capability>
                <value>yes</value></list>
        <list>
                <capability>Graceful Restart(64)</capability>
                <value>4078</value></list>
        <list>
                <capability>4-Byte AS Number(65)</capability>
                <value>15830</value></list>
        <list>
                <capability>unknown(71)</capability>
                <value>yes</value></list>
        <list>
                <capability>Route Refresh (Cisco)(128)</capability>
                <value>yes</value></list></peer-capability>
                <prefix-counter>
        <entry afi-safi="bgpAfiIpv4-unicast">
                <incoming-total>1</incoming-total>
                <incoming-accepted>1</incoming-accepted>
                <incoming-rejected>0</incoming-rejected>
                <policy-rejected>0</policy-rejected>
                <outgoing-total>2</outgoing-total>
                <outgoing-advertised>2</outgoing-advertised></entry></prefix-counter></entry></result></response>
almond@PALOALTO(active)>

rchauvel
Centreonian
Forum|alt.badge.img+18
  • rchauvel
  • Centreonian
  • December 29, 2023
NewNeeds Votes
Terms & ConditionsCookie settingsAccessibility statement