SSL decryption memory usage is high-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Indeni will alert when memory usage is high for SSL decryption.
Remediation Steps:
Reduce URL categories being decrypted in SSL decryption or upgrade system with larger SSL certificate cache.
How does this work?
This script uses command output of “show system setting ssl-decrypt memory” in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after “Current Entries” is mapped to this metric.
Why is this important?
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.
Without Indeni how would you find this?
Manually running command “show system setting ssl-decrypt memory” in Palo Alto Networks devices and value after “Current Entries” will be current memory usuage of SSL certificate cache.
panos-show-system-setting-ssl-decrypt-memory
name: panos-show-system-setting-ssl-decrypt-memory
description: Fetch resource utilization
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: paloaltonetworks
os.name: panos
comments:
ssl-decrypt-memory-current:
why: |
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.
how: |
This script uses command output of "show system setting ssl-decrypt memory" in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after "Current Entries" is mapped to this metric.
can-with-snmp: false
can-with-syslog: false
ssl-decrypt-memory-limit:
why: |
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.
how: |
This script uses command output of "show system setting ssl-decrypt memory" in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after "Allocated" is mapped to this metric.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: show-system-setting-ssl-decrypt-memory.remote.1.bash
parse:
type: AWK
file: show-system-setting-ssl-decrypt-memory.parser.1.awk
panos-show-system-setting-ssl-decrypt-memory
name: panos-show-system-setting-ssl-decrypt-memory
description: Fetch resource utilization
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: paloaltonetworks
os.name: panos
comments:
ssl-decrypt-memory-current:
why: |
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.
how: |
This script uses command output of "show system setting ssl-decrypt memory" in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after "Current Entries" is mapped to this metric.
can-with-snmp: false
can-with-syslog: false
ssl-decrypt-memory-limit:
why: |
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.
how: |
This script uses command output of "show system setting ssl-decrypt memory" in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after "Allocated" is mapped to this metric.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: show-system-setting-ssl-decrypt-memory.remote.1.bash
parse:
type: AWK
file: show-system-setting-ssl-decrypt-memory.parser.1.awk
PanwDataplaneSslDecryptionMemoryThresholdRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanwDataplaneSslDecryptionMemoryThresholdRule.scala