[panw_metrics] Add Palo Alto Networks metrics integration #11099
Conversation
gpop63
force-pushed
the
add_panw_metrics_integration
branch
2 times, most recently
from
2d260dd
to
b6cfbd5
Compare
gpop63
force-pushed
the
add_panw_metrics_integration
branch
from
b6cfbd5
to
cd64f0e
Compare
| description: > | ||
| If the host is a container. | ||
|
|
||
| - name: os.build |
There was a problem hiding this comment.
Are these not ecs fields ?
If yes, we don't need to add these.
There was a problem hiding this comment.
You suggest removing the entire agent.yml file from these data streams?
ishleenk17
changed the title
gpop63
force-pushed
the
add_panw_metrics_integration
branch
from
2cd22ae
to
5864b12
Compare
|
|
||
| ## Compatibility | ||
|
|
||
| The integration uses the [Pango](https://github.com/PaloAltoNetworks/pango) library to collect metrics from Palo Alto Networks firewalls. |
There was a problem hiding this comment.
@tommyers-elastic , should we consider mentioned, which version of PanOS, the integration is tested with, additionally?
There was a problem hiding this comment.
Can we also add a section for configuration, highlighting the details of connectivity parameters / connection string, how to get the API key, any specific permissions to be added?
There was a problem hiding this comment.
Do we have any documentation on permissions required, connection string etc? Not sure where to get this info.
There was a problem hiding this comment.
If we do not have the information right now for this, let us leave a placeholder for Configuration (heading) , the content below it can be filled later.
|
|
||
| ### interfaces | ||
|
|
||
| The `interfaces` dataset collects detailed network interface statistics from Palo Alto Networks firewalls. It provides information about interface status, traffic throughput, packet counts, error rates, and configuration details for physical, logical, and high-availability (HA) interfaces. |
There was a problem hiding this comment.
As we might consider extending routing dataset in future, it may be best to modify as
including physical, logical, and high-availability (HA) interfaces
|
@tommyers-elastic , should we target for TSDB enablement in the initial version of the package? please advice. |
| - name: multi_hop_ttl | ||
| type: long | ||
| description: Time to Live (TTL) value for multi-hop BGP sessions. | ||
| - name: peer_address |
There was a problem hiding this comment.
Should we consider running an ingest pipeline to extract the values and keep the extracted field value as values of field of type ip and integer ?
But, if this field is a dimension field, we may need to keep this field , additionally
There was a problem hiding this comment.
We can take it up in future too
| type: keyword | ||
| dimension: true | ||
| description: IP address and port of the peer | ||
| - name: local_address |
There was a problem hiding this comment.
Similar to bgp.address, should we consider extracting the ip and port separately ?
There was a problem hiding this comment.
We can take it up in future too
| type: long | ||
| description: Total previous number of users connected to GlobalProtect | ||
| metric_type: gauge | ||
| - name: ipsec_tunnel |
There was a problem hiding this comment.
We have asked for the change for moving these metrics as part of the routing metricset. So, this may be an immediate future change.
There was a problem hiding this comment.
All ipsec_tunnel metrics should be moved to routing?
There was a problem hiding this comment.
Yes, we have recently requested for this change in beats.
💚 Build Succeeded
History
|
|
Overview
Data streams added:
interfacesroutingsystemvpnAdded
unit,metric_typeanddimensionmappings.Sample events files were created by me, they are not real events.
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots