License usage limit approaching-paloaltonetworks-panos

License usage limit approaching-paloaltonetworks-panos
0

License usage limit approaching-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Some licenses are limited to a certain number of elements (such as maximum users). If any of the licenses is nearing its limit, an alert will be issued.

Remediation Steps:
Consider purchasing additional licenses.

panos-show_config_running-monitoring-xml

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-config-running-m/show-config-running-m.ind.yaml

panos-show-system-state

name: panos-show-system-state
description: fetch state information
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    routes-limit:
        why: |
            The routing table on a device requires a considerable amount of memory and so is limited in size. If the limit is hit, some routes may be missing and service disruption may occur.
        how: |
            This alert logs into the Palo Alto Networks firewall through SSH and retrieves the state table. In there it looks for the maximum number of routes allowed.
        without-indeni: |
            An administrator would be required to write a script. Alternatively, once an outage occurs, the administrator may see that the routing table is too big.
        can-with-snmp: false
        can-with-syslog: false
    license-elements-limit:
        why: |
            Certain features have a license limitation on a Palo Alto Networks firewall. One such feature is the "vsys" feature ( https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/virtual-systems/virtual-systems-overview ). Knowing when the limitation on number of possible vsys's is nearing would help avoid issues during a maintenance.
        how: |
            This alert logs into the Palo Alto Networks firewall through SSH and retrieves the state table. In there it looks for the maximum number of vsys's allowed.
        without-indeni: |
            An administrator would be required to write a script. Alternatively, when creating a new vsys after the limit was reached, the web interface will provide an error message.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show system state
    parse:
        type: AWK
        file: show-system-state.parser.1.awk

license_usage_limit

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class license_usage_limit() extends NearingCapacityWithItemsTemplateRule(
  ruleName = "license_usage_limit",
  ruleFriendlyName = "All Devices: License usage limit approaching",
  ruleDescription = "Some licenses are limited to a certain number of elements (such as maximum users). If any of the licenses is nearing its limit, an alert will be issued.",
  usageMetricName = "license-elements-used",
  limitMetricName = "license-elements-limit",
  applicableMetricTag = "name",
  threshold = 80.0,
  minimumValueToAlert = 2.0, // We don't want to alert if the license capacity is 1 and we're using one item, this is a common occurence and isn't an issue
  alertDescription = "Some licenses are nearing their limit. Review the list below.",
  alertItemDescriptionFormat = "The number of elements in use is %.0f where the limit is %.0f.",
  baseRemediationText = "Consider purchasing additional licenses.",
  alertItemsHeader = "Affected Licenses")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Run the "show license usage" NX-OS command to display information about the current license usage and the expire date.
      |2. Run the "show license" NX-OS command to view the installed licenses.
      |3. Run the "show license usage XXX" NX-OS command e.g." sh license usage ENHANCED_LAYER2_PKG" to display information about the activated features which utilize this license.
      |4. Consider activate the grace-period for the license.
      |5. Order new license from the CISCO.
      |6. For more information please review the next Cisco guide:
      |https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/fund/show-license-usage.html
    """.stripMargin
)