License usage limit approaching-paloaltonetworks-panos
Some licenses are limited to a certain number of elements (such as maximum users). If any of the licenses is nearing its limit, an alert will be issued.
Consider purchasing additional licenses.
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-config-running-m/show-config-running-m.ind.yaml
name: panos-show-system-state description: fetch state information type: monitoring monitoring_interval: 10 minutes requires: vendor: paloaltonetworks os.name: panos product: firewall comments: routes-limit: why: | The routing table on a device requires a considerable amount of memory and so is limited in size. If the limit is hit, some routes may be missing and service disruption may occur. how: | This alert logs into the Palo Alto Networks firewall through SSH and retrieves the state table. In there it looks for the maximum number of routes allowed. without-indeni: | An administrator would be required to write a script. Alternatively, once an outage occurs, the administrator may see that the routing table is too big. can-with-snmp: false can-with-syslog: false license-elements-limit: why: | Certain features have a license limitation on a Palo Alto Networks firewall. One such feature is the "vsys" feature ( https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/virtual-systems/virtual-systems-overview ). Knowing when the limitation on number of possible vsys's is nearing would help avoid issues during a maintenance. how: | This alert logs into the Palo Alto Networks firewall through SSH and retrieves the state table. In there it looks for the maximum number of vsys's allowed. without-indeni: | An administrator would be required to write a script. Alternatively, when creating a new vsys after the limit was reached, the web interface will provide an error message. can-with-snmp: false can-with-syslog: false steps: - run: type: SSH command: show system state parse: type: AWK file: show-system-state.parser.1.awk
// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead. package com.indeni.server.rules.library.templatebased.crossvendor import com.indeni.server.rules.RuleContext import com.indeni.server.rules.library.templates.NearingCapacityWithItemsTemplateRule import com.indeni.server.rules.RemediationStepCondition /** * */ case class license_usage_limit() extends NearingCapacityWithItemsTemplateRule( ruleName = "license_usage_limit", ruleFriendlyName = "All Devices: License usage limit approaching", ruleDescription = "Some licenses are limited to a certain number of elements (such as maximum users). If any of the licenses is nearing its limit, an alert will be issued.", usageMetricName = "license-elements-used", limitMetricName = "license-elements-limit", applicableMetricTag = "name", threshold = 80.0, minimumValueToAlert = 2.0, // We don't want to alert if the license capacity is 1 and we're using one item, this is a common occurence and isn't an issue alertDescription = "Some licenses are nearing their limit. Review the list below.", alertItemDescriptionFormat = "The number of elements in use is %.0f where the limit is %.0f.", baseRemediationText = "Consider purchasing additional licenses.", alertItemsHeader = "Affected Licenses")( RemediationStepCondition.VENDOR_CISCO -> """| |1. Run the "show license usage" NX-OS command to display information about the current license usage and the expire date. |2. Run the "show license" NX-OS command to view the installed licenses. |3. Run the "show license usage XXX" NX-OS command e.g." sh license usage ENHANCED_LAYER2_PKG" to display information about the activated features which utilize this license. |4. Consider activate the grace-period for the license. |5. Order new license from the CISCO. |6. For more information please review the next Cisco guide: |https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/fund/show-license-usage.html """.stripMargin )