Critical process(es) down-paloaltonetworks-panos

Critical process(es) down-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Many devices have critical processes, usually daemons, that must be up for certain functions to work. Indeni will alert if any of these goes down.

Remediation Steps:
Review the cause for the processes being down.

How does this work?
This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of running processes. It then compares the list of running processes to a known list of processes that are critical and checks to see they are all up. Those that are down are flagged as such.

Why is this important?
Each device has certain executable processes which are critical to the stable operation of it. Within Palo Alto Networks firewalls, these processes are responsible for the management layer (mgmtsrvr), certain services (like dhcp and snmp), VPN (like ikemgr and keymgr) and many other functions. A process being down may indicate a critical failure.

Without Indeni how would you find this?
An administrator would need to write a script to poll their firewalls for the data. The other option is to pull this data during an outage.

panos-debug-system-process-info

name: panos-debug-system-process-info
description: Grab list of processes
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    process-state:
        why: |
            Each device has certain executable processes which are critical to the stable operation of it. Within Palo Alto Networks firewalls, these processes are responsible for the management layer (mgmtsrvr), certain services (like dhcp and snmp), VPN (like ikemgr and keymgr) and many other functions. A process being down may indicate a critical failure.
        how: |
            This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of running processes. It then compares the list of running processes to a known list of processes that are critical and checks to see they are all up. Those that are down are flagged as such.
        can-with-snmp: false
        can-with-syslog: false
    process-cpu:
        why: |
            Capture the per-process CPU utilization. This information can be used to troubleshoot the root cause of overall system high cpu conditions.
        how: |
            This script logs into the Palo Alto Networks firewall through SSH and retrieves the per-process CPU utilization.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: debug system process-info
    parse:
        type: AWK
        file: debug-system-process-info.parser.1.awk

cross_vendor_critical_process_down_novsx

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/temp/cross_vendor_critical_process_down_novsx.scala