Packet drop counters increasing-paloaltonetworks-panos

Packet drop counters increasing-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
indeni will track packet drop counters and alert if any important counters are incrementing.

Remediation Steps:
Contact your technical support provider.

How does this work?
This script uses the Palo Alto Networks API to retrieve the global drop counters, which is the equivelant of running “show counter global filter severity drop” on the CLI.

Why is this important?
Tracking packet drop counters on a Palo Alto Networks firewalls can be crucial to identifying potential issues before they cause a wider impact. Generally, when the firewall drops packets it logs the reason for the drop. Sometimes the drop is legitimate, but sometimes it is due to a configuration or setup issue. In the latter case, it is important to know the packets are being dropped before users complain regarding service issues.

Without Indeni how would you find this?
An administrator can poll the firewall for the various packet drop counters. The challenge, many times, is making sense of which counters are interesting and what each of them means.

panos-show-counter-global-filter-severity-drop

name: panos-show-counter-global-filter-severity-drop
description: fetch packet drop counters
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    packet-drop-counter:
        why: |
            Tracking packet drop counters on a Palo Alto Networks firewalls can be crucial to identifying potential issues before they cause a wider impact. Generally, when the firewall drops packets it logs the reason for the drop. Sometimes the drop is legitimate, but sometimes it is due to a configuration or setup issue. In the latter case, it is important to know the packets are being dropped before users complain regarding service issues.
        how: |
            This script uses the Palo Alto Networks API to retrieve the global drop counters, which is the equivelant of running "show counter global filter severity drop" on the CLI.
        can-with-snmp: true
        can-with-syslog: true
steps:
-   run:
        type: HTTP
        command: /api?type=op&cmd=<show><counter><global><filter><severity>drop</severity></filter></global></counter></show>&key=${api-key}
    parse:
        type: PYTHON
        file: show-counter-global-filter-severity-drop.py

cross_vendor_packet_drops

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_packet_drops.scala