Critical process(es) down-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Many devices have critical processes, usually daemons, that must be up for certain functions to work. Indeni will alert if any of these goes down.
Remediation Steps:
Review the cause for the processes being down.
How does this work?
This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of running processes. It then compares the list of running processes to a known list of processes that are critical and checks to see they are all up. Those that are down are flagged as such.
Why is this important?
Each device has certain executable processes which are critical to the stable operation of it. Within Palo Alto Networks firewalls, these processes are responsible for the management layer (mgmtsrvr), certain services (like dhcp and snmp), VPN (like ikemgr and keymgr) and many other functions. A process being down may indicate a critical failure.
Without Indeni how would you find this?
An administrator would need to write a script to poll their firewalls for the data. The other option is to pull this data during an outage.
panos-debug-system-process-info
name: panos-debug-system-process-info
description: Grab list of processes
type: monitoring
monitoring_interval: 10 minutes
requires:
vendor: paloaltonetworks
os.name: panos
product: firewall
comments:
process-state:
why: |
Each device has certain executable processes which are critical to the stable operation of it. Within Palo Alto Networks firewalls, these processes are responsible for the management layer (mgmtsrvr), certain services (like dhcp and snmp), VPN (like ikemgr and keymgr) and many other functions. A process being down may indicate a critical failure.
how: |
This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of running processes. It then compares the list of running processes to a known list of processes that are critical and checks to see they are all up. Those that are down are flagged as such.
can-with-snmp: false
can-with-syslog: false
process-cpu:
why: |
Capture the per-process CPU utilization. This information can be used to troubleshoot the root cause of overall system high cpu conditions.
how: |
This script logs into the Palo Alto Networks firewall through SSH and retrieves the per-process CPU utilization.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: debug system process-info
parse:
type: AWK
file: debug-system-process-info.parser.1.awk
cross_vendor_critical_process_down_novsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/temp/cross_vendor_critical_process_down_novsx.scala