-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
x-pack/metricbeat/module/panw: Add a new module (#40686)
* initial module creation * panos.system metricset running * remove testing data * panos.disk metricset working * rename metricset * change metricset name * bgp_peers metricset working * temperature metricset * more metricsets * use MetricSetFields * license notices * update fields.yml * added doc * refactor down to 4 metricsets * more cleanup * cleanup field names * remove yml * panos.yml.disabled * PR comment fixes * more PR comments addressed. Still to do: tests * Changes to: - move tunnels from vpn to interfaces metricset - address PR comments for field names in field.yml - split local/peer addresses into host and port for bgp - handle license expires of "never" * Fixes for PR comments * add license header * add pango package * mage check && mage update * remove mappings & make update * make linter happy * add the untracked docs * update the fields.yml * update the fields.yml with example fields to make python integ tests happy * make docs check happy and update codeowners * add result of 'mage update' in x-pack/metricbeat --------- Co-authored-by: subham sarkar <subham.sarkar@elastic.co> Co-authored-by: tommyers-elastic <106530686+tommyers-elastic@users.noreply.github.com> (cherry picked from commit cc2c925) # Conflicts: # go.mod # x-pack/metricbeat/metricbeat.reference.yml
- Loading branch information
1 parent
31e3a2c
commit 1f2cff4
Showing
56 changed files
with
3,760 additions
and
0 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
//// | ||
This file is generated! See scripts/mage/docs_collector.go | ||
//// | ||
|
||
:modulename: panw | ||
:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/_meta/docs.asciidoc | ||
|
||
|
||
[[metricbeat-module-panw]] | ||
[role="xpack"] | ||
== Panw module | ||
|
||
beta[] | ||
|
||
:modulename: panw | ||
|
||
include::{libbeat-dir}/shared/integration-link.asciidoc[] | ||
|
||
:modulename!: | ||
|
||
The panw Metricbeat module uses the Palo Alto [pango](https://pkg.go.dev/github.com/PaloAltoNetworks/pango#section-documentation) package to extract metrics | ||
information from a firewall device via the XML API. | ||
|
||
[float] | ||
=== Dashboards | ||
|
||
|
||
[float] | ||
=== Module-specific configuration notes | ||
|
||
The panw module configuration requires the ip address of the target firewall device and an API Key generated from that firewall. It is assumed | ||
that network access to the firewall is available. All access by the panw module is read-only. | ||
|
||
***Limitations*** | ||
The current version of the module is configured to run against **exactly 1** firewall. Multiple firewalls will require multiple agent configurations. | ||
The module has also not been tested with Panorama, though it should work since it only relies on lower level Client.Op calls to send XML API commands | ||
to the server. | ||
|
||
Required credentials for the `panw` module: | ||
|
||
`host_ip` :: IP address of the firewall - must be network accessible. | ||
|
||
`apiKey`:: An API Key generated via an XML API call to the firewall or via the management dashboard. This | ||
|
||
|
||
[float] | ||
== Metricsets | ||
|
||
[float] | ||
=== `bgp_peers` | ||
This metricset reports information on BGP Peers defined in the firewall. | ||
|
||
[float] | ||
=== `certificates` | ||
This metricset will capture certificates defined on the firewall including expiration dates. | ||
|
||
[float] | ||
=== `fans` | ||
This metricset will collect information from hardware fans (RPMS) and will report if an alarm is active for a given fan. | ||
|
||
[float] | ||
=== `filesystem` | ||
This metricset reports disk usage for filesystems defined on the device, based on df output. | ||
|
||
[float] | ||
=== `globalprotect_sessions` | ||
This metricset will collect metrics on current user sessions established on Global Protect gateways. | ||
|
||
[float] | ||
=== `globalprotect_stats` | ||
This metricset reports the number of user per GlobalProtect gateway and totals across all gateways. | ||
|
||
[float] | ||
=== `ha_interfaces` | ||
This metricset will collect metrics from the device on High Availabilty configuration for interfaces. | ||
|
||
[float] | ||
=== `licenses` | ||
This metricset reports on licenses for sofware features with expiration dates. | ||
|
||
[float] | ||
=== `logical` | ||
This metricset will collect metrics on logical interfaces in the device's network. | ||
|
||
[float] | ||
=== `power` | ||
This metricset reports power usage and alarms. | ||
|
||
[float] | ||
=== `system` | ||
This metricset captures system informate such as uptime, user count, CPU, memory and swap: essentiallyl the first 5 lines of 'top' output. | ||
|
||
[float] | ||
=== `temperature` | ||
This metricset reports temperature for various slots on the device and reports on alarm status. | ||
|
||
[float] | ||
=== `tunnels` | ||
This metricset enumerates ipsec tunnels and their status. | ||
|
||
|
||
|
||
:edit_url: | ||
|
||
[float] | ||
=== Example configuration | ||
|
||
The Panw module supports the standard configuration options that are described | ||
in <<configuration-metricbeat>>. Here is an example configuration: | ||
|
||
[source,yaml] | ||
---- | ||
metricbeat.modules: | ||
- module: panw | ||
metricsets: ["licenses"] | ||
enabled: false | ||
period: 10s | ||
hosts: ["localhost"] | ||
---- | ||
|
||
[float] | ||
=== Metricsets | ||
|
||
The following metricsets are available: | ||
|
||
* <<metricbeat-metricset-panw-interfaces,interfaces>> | ||
|
||
* <<metricbeat-metricset-panw-routing,routing>> | ||
|
||
* <<metricbeat-metricset-panw-system,system>> | ||
|
||
* <<metricbeat-metricset-panw-vpn,vpn>> | ||
|
||
include::panw/interfaces.asciidoc[] | ||
|
||
include::panw/routing.asciidoc[] | ||
|
||
include::panw/system.asciidoc[] | ||
|
||
include::panw/vpn.asciidoc[] | ||
|
||
:edit_url!: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
//// | ||
This file is generated! See scripts/mage/docs_collector.go | ||
//// | ||
:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/interfaces/_meta/docs.asciidoc | ||
|
||
|
||
[[metricbeat-metricset-panw-interfaces]] | ||
[role="xpack"] | ||
=== Panw interfaces metricset | ||
|
||
beta[] | ||
|
||
include::../../../../x-pack/metricbeat/module/panw/interfaces/_meta/docs.asciidoc[] | ||
|
||
|
||
:edit_url: | ||
|
||
==== Fields | ||
|
||
For a description of each field in the metricset, see the | ||
<<exported-fields-panw,exported fields>> section. | ||
|
||
Here is an example document generated by this metricset: | ||
|
||
[source,json] | ||
---- | ||
include::../../../../x-pack/metricbeat/module/panw/interfaces/_meta/data.json[] | ||
---- | ||
:edit_url!: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
//// | ||
This file is generated! See scripts/mage/docs_collector.go | ||
//// | ||
:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/routing/_meta/docs.asciidoc | ||
|
||
|
||
[[metricbeat-metricset-panw-routing]] | ||
[role="xpack"] | ||
=== Panw routing metricset | ||
|
||
beta[] | ||
|
||
include::../../../../x-pack/metricbeat/module/panw/routing/_meta/docs.asciidoc[] | ||
|
||
|
||
:edit_url: | ||
|
||
==== Fields | ||
|
||
For a description of each field in the metricset, see the | ||
<<exported-fields-panw,exported fields>> section. | ||
|
||
Here is an example document generated by this metricset: | ||
|
||
[source,json] | ||
---- | ||
include::../../../../x-pack/metricbeat/module/panw/routing/_meta/data.json[] | ||
---- | ||
:edit_url!: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
//// | ||
This file is generated! See scripts/mage/docs_collector.go | ||
//// | ||
:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/system/_meta/docs.asciidoc | ||
|
||
|
||
[[metricbeat-metricset-panw-system]] | ||
[role="xpack"] | ||
=== Panw system metricset | ||
|
||
beta[] | ||
|
||
include::../../../../x-pack/metricbeat/module/panw/system/_meta/docs.asciidoc[] | ||
|
||
|
||
:edit_url: | ||
|
||
==== Fields | ||
|
||
For a description of each field in the metricset, see the | ||
<<exported-fields-panw,exported fields>> section. | ||
|
||
Here is an example document generated by this metricset: | ||
|
||
[source,json] | ||
---- | ||
include::../../../../x-pack/metricbeat/module/panw/system/_meta/data.json[] | ||
---- | ||
:edit_url!: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
//// | ||
This file is generated! See scripts/mage/docs_collector.go | ||
//// | ||
:edit_url: https://github.com/elastic/beats/edit/main/x-pack/metricbeat/module/panw/vpn/_meta/docs.asciidoc | ||
|
||
|
||
[[metricbeat-metricset-panw-vpn]] | ||
[role="xpack"] | ||
=== Panw vpn metricset | ||
|
||
beta[] | ||
|
||
include::../../../../x-pack/metricbeat/module/panw/vpn/_meta/docs.asciidoc[] | ||
|
||
|
||
:edit_url: | ||
|
||
==== Fields | ||
|
||
For a description of each field in the metricset, see the | ||
<<exported-fields-panw,exported fields>> section. | ||
|
||
Here is an example document generated by this metricset: | ||
|
||
[source,json] | ||
---- | ||
include::../../../../x-pack/metricbeat/module/panw/vpn/_meta/data.json[] | ||
---- | ||
:edit_url!: |
Oops, something went wrong.