-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[panw_metrics] Add Palo Alto Networks metrics integration #11099
base: main
Are you sure you want to change the base?
Conversation
2d260dd
to
b6cfbd5
Compare
b6cfbd5
to
cd64f0e
Compare
description: > | ||
If the host is a container. | ||
|
||
- name: os.build |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these not ecs fields ?
If yes, we don't need to add these.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You suggest removing the entire agent.yml
file from these data streams?
2cd22ae
to
5864b12
Compare
|
||
## Compatibility | ||
|
||
The integration uses the [Pango](https://github.com/PaloAltoNetworks/pango) library to collect metrics from Palo Alto Networks firewalls. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tommyers-elastic , should we consider mentioned, which version of PanOS, the integration is tested with, additionally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also add a section for configuration, highlighting the details of connectivity parameters / connection string, how to get the API key, any specific permissions to be added?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have any documentation on permissions required, connection string etc? Not sure where to get this info.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we do not have the information right now for this, let us leave a placeholder for Configuration
(heading) , the content below it can be filled later.
|
||
### interfaces | ||
|
||
The `interfaces` dataset collects detailed network interface statistics from Palo Alto Networks firewalls. It provides information about interface status, traffic throughput, packet counts, error rates, and configuration details for physical, logical, and high-availability (HA) interfaces. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we might consider extending routing
dataset in future, it may be best to modify as
including physical, logical, and high-availability (HA) interfaces
@tommyers-elastic , should we target for TSDB enablement in the initial version of the package? please advice. |
- name: multi_hop_ttl | ||
type: long | ||
description: Time to Live (TTL) value for multi-hop BGP sessions. | ||
- name: peer_address |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we consider running an ingest pipeline to extract the values and keep the extracted field value as values of field of type ip
and integer
?
But, if this field is a dimension field, we may need to keep this field , additionally
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can take it up in future too
type: keyword | ||
dimension: true | ||
description: IP address and port of the peer | ||
- name: local_address |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to bgp.address
, should we consider extracting the ip
and port
separately ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can take it up in future too
type: long | ||
description: Total previous number of users connected to GlobalProtect | ||
metric_type: gauge | ||
- name: ipsec_tunnel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have asked for the change for moving these metrics as part of the routing
metricset. So, this may be an immediate future change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All ipsec_tunnel
metrics should be moved to routing
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we have recently requested for this change in beats.
💚 Build Succeeded
History
|
Quality Gate failedFailed conditions |
Overview
Data streams added:
interfaces
routing
system
vpn
Added
unit
,metric_type
anddimension
mappings.Sample events files were created by me, they are not real events.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots